递归获取指定文件夹下的所有用户权限，代码如下：

rootPath = "D:\File Data\Shared"
forbiddenFile = "D:\forbidden_result.txt"
resultFile = "D:\security_result.txt"

Set fso = CreateObject("Scripting.FileSystemObject")
If fso.FileExists(forbiddenFile) Then
    fso.DeleteFile forbiddenFile
End If
If fso.FileExists(resultFile) Then
    fso.DeleteFile resultFile
End If
Set treeList = CreateObject("Scripting.Dictionary")
FolderTree rootPath, "", "", treeList
Set fso = Nothing

Set stream = CreateObject("ADODB.Stream")
stream.Type = 2
stream.Open
stream.Charset = "UTF-8"
For Each key In treeList.Keys
    Set folder = treeList.Item(key)
    shortPath = folder.Item("shortPath")
    path = folder.Item("path")
    parent = folder.Item("parent")
    Set securityList = GetFolderSecurityDescriptor(shortPath, path, stream)
    Set parentSecurityList = CreateObject("Scripting.Dictionary")
    If parent <> "" Then
        Set parentSecurityList = treeList.Item(parent).Item("securityList")
    End If
    For Each itemKey in securityList.Keys
        Set item = securityList.Item(itemKey)
        sid = item.Item("sid")
        If parentSecurityList.Exists(sid) Then
            accessMask = item.Item("accessMask")
            Set parentItem = parentSecurityList.Item(sid)
            parentAccessMask = parentItem.Item("accessMask")
            If accessMask = parentAccessMask Then
                item.Item("inherit") = 1
            End If
        End If
    Next
    folder.Remove "securityList"
    folder.Add "securityList", securityList
Next
stream.SaveToFile forbiddenFile, 2
stream.Close
Set stream = Nothing

Set stream = CreateObject("ADODB.Stream")
stream.Type = 2
stream.Open
stream.Charset = "UTF-8"
stream.Position = stream.Size
header = "folder" & vbTab & _
        "domain" & vbTab & _
        "username" & vbTab & _
        "access mask" & vbTab &_
        "inherit" & vbTab & _
        "allow full control" & vbTab & _
        "allow modify" & vbTab & _
        "allow read and execute" & vbTab & _
        "allow list" & vbTab & _
        "allow read" & vbTab & _
        "allow write" & vbTab & _
        "allow special" & vbTab & _
        "deny full control" & vbTab & _
        "deny modify" & vbTab & _
        "deny read and execute" & vbTab & _
        "deny list" & vbTab & _
        "deny read" & vbTab & _
        "deny write" & vbTab & _
        "deny special" & vbNewLine
stream.WriteText header
For Each key In treeList.Keys
    Set folder = treeList.Item(key)
    path = folder.Item("path")
    Set securityList = folder.Item("securityList")
    For Each itemKey In securityList.Keys
        Set item = securityList.Item(itemKey)
        flag = ""
        If item.Item("inherit") > 0 Then flag = "Y"
        line = path & vbTab & _
                item.Item("domain") & vbTab &_
                item.Item("name") & vbTab & _
                item.Item("accessMask") & vbTab & _
                flag & vbTab &_
                GetAccessFlags(item.Item("accessMask")) & vbNewLine
        stream.WriteText line
    Next
Next
stream.SaveToFile resultFile, 2
stream.Close
Set treeList = Nothing
Set stream = Nothing
Wscript.Echo "Finished"


Function FolderTree(path, shortPath, parent, list)
    Set fso = CreateObject("Scripting.FileSystemObject")
    If shortPath <> "" Then
        Set folder = fso.GetFolder(shortPath)
    Else
        Set folder = fso.GetFolder(path)
    End If
    Err.Clear
    shortPath = folder.ShortPath
    If fso.FolderExists(folder) = True Then
        Set item = CreateObject("Scripting.Dictionary")
        Set securityList = CreateObject("Scripting.Dictionary")
        item.Add "path", path
        item.Add "parent", parent
        item.Add "shortPath", shortPath
        item.Add "securityList", securityList
        list.Add path, item
        Set subFolders = folder.SubFolders
        On Error Resume Next
        For Each subFolder In subFolders
            fullPath = path & "\" & subFolder.Name
            FolderTree fullPath, subFolder.shortPath, path, list
        Next
        On Error GoTo 0
        Set subFolders = Nothing
    End If
    Set fso = Nothing
    Set folder = Nothing
End Function


Function GetFolderSecurityDescriptor(path, fullPath, currentStream)
    On Error Resume Next
    Set list = CreateObject("Scripting.Dictionary")
    pathExpr = "winmgmts:Win32_LogicalFileSecuritySetting.path"
    Set wmiFileSecSetting = GetObject(pathExpr & "=""" & replace(path, "\", "\\") & """")
    wmiFileSecSetting.GetSecurityDescriptor wmiSecurityDescriptor
    DACL = wmiSecurityDescriptor.DACL
    On Error GoTo 0
    If VarType(DACL) <> 0 Then
        For Each wmiAce In DACL
            Set item = CreateObject("Scripting.Dictionary")
            Set trustee = wmiAce.Trustee
            sid = trustee.SIDString
            domain = trustee.Domain
            name = Trustee.Name
            accessMask = wmiAce.AceType & " " & wmiAce.AccessMask
            If list.Exists(sid) Then
                Set item = list.Item(sid)
                accessMask = item.Item("accessMask") & "," & accessMask
                item.Item("accessMask") = accessMask
            Else
                item.Add "sid", sid
                item.Add "domain", domain
                item.Add "name", name
                item.Add "accessMask", accessMask
                item.Add "inherit", 0
                list.Add sid, item
            End If
        Next
    Else
        currentStream.Position = currentStream.Size
        currentStream.WriteText fullPath & vbNewLine
    End If
    Set wmiSecurityDescriptor = Nothing
    Set wmiFileSecSetting = Nothing
    Set GetFolderSecurityDescriptor = list
End Function


Function GetAccessFlags(accessMask)
    Dim arr(14)
    For i = 0 To 13
        arr(i) = ""
    Next
    list = Split(accessMask, ",")
    For i = 0 To UBound(list)
        list2 = Split(list(i), " ")
        aceType = Int(list2(0))
        mask = Int(list2(1))
        flag = GetAccessFlag(mask)
        list2 = Split(flag, ",")
        startIndex = 0
        endIndex = 6
        If aceType = 1 Then
            startIndex = 7
            endIndex = 13
        End If
        For j = startIndex To endIndex
            value = ""
            If aceType = 1 Then
                value = list2(j - 7)
            Else
                value = list2(j)
            End If
            If arr(j) = "" And value <> "" Then arr(j) = value
        Next
    Next
    GetAccessFlags = Join(arr, vbTab)
End Function


Function GetAccessFlag(accessMask)
    FILE_READ_DATA = 1
    FILE_LIST_DIRECTORY = 1
    FILE_WRITE_DATA = 2
    FILE_ADD_FILE = 2
    FILE_APPEND_DATA = 4
    FILE_ADD_SUBDIRECTORY = 4
    FILE_READ_EA = 8
    FILE_WRITE_EA = 16
    FILE_EXECUTE = 32
    FILE_TRAVERSE = 32
    FILE_DELETE_CHILD = 64
    FILE_READ_ATTRIBUTES = 128
    FILE_WRITE_ATTRIBUTES = 256
    DELETE = 65536
    READ_CONTROL = 131072
    WRITE_DAC = 262144
    WRITE_OWNER = 524288
    SYNCHRONIZE = 1048576
    acRead = FILE_READ_DATA Or FILE_READ_ATTRIBUTES Or FILE_READ_EA Or READ_CONTROL Or SYNCHRONIZE
    acWrite = FILE_WRITE_DATA Or FILE_APPEND_DATA Or FILE_WRITE_ATTRIBUTES Or FILE_WRITE_EA Or SYNCHRONIZE
    acReadAndExecute = acRead Or FILE_EXECUTE
    acList = acReadAndExecute
    acModify = acReadAndExecute Or acWrite Or DELETE
    acFullControl = acModify Or FILE_DELETE_CHILD Or WRITE_DAC Or WRITE_OWNER
    Dim arr(7)
    For i = 0 To 6
        arr(i) = ""
    Next
    If (accessMask And acFullControl) = acFullControl Then arr(0) = "Y"
    If (accessMask And acModify) = acModify Then arr(1) = "Y"
    If (accessMask And acReadAndExecute) = acReadAndExecute Then arr(2) = "Y"
    If (accessMask And acList) = acList Then arr(3) = "Y"
    If (accessMask And acRead) = acRead Then arr(4) = "Y"
    If (accessMask And acWrite) = acWrite Then arr(5) = "Y"
    If arr(0) = "" And arr(1) = "" And arr(2) = "" And _
            arr(3) = "" And arr(4) = "" And arr(5) = "" Then
        arr(6) = "Y"
    End If
    GetAccessFlag = Join(arr, ",")
End Function

程序执行完后会放到将结果保存到 D:\security_result.txt 中，此时复制该文件中的文本，粘贴到Excel中即可。D:\forbidden_result.txt保存当前用户无法访问的目录列表。