This line:

$RetVal = $wmiFileSecSetting.GetSecurityDescriptor($wmiSecurityDescriptor)

is not very kixtart (scripting) friendly. I don't know what the hell MS was thinking when they designed this sucker. This intent (I think) is to pass $wmiSecurityDescriptor as an empty object variable that is initialized by the COM object itself ... kinda like passing a variable by reference. It works in VBS but probably not a lot of other scripting languages. That is why they came out with these COM reskit utils, like ADsid and ADsSecurity.

ADsSecurity handles this nicely, here's a working kixtart version:

Break On

$Security = CreateObject("ADsSecurity")

$SecurityDescriptor = $Security.GetSecurityDescriptor("%temp%")

For Each $ACE in $SecurityDescriptor.DiscretionaryACL
 ?"Name="$ACE.Trustee
 ?"Type="$ACE.AceType
 ?"Mask="$ACE.AccessMask
Next

Exit 1

ADsSecurity is part of the ADSI reskit, available here:

ADSI SDK Download

Just unzip ADsSecurity.dll into system32 and run:

regsvr32 adssecurity.dll

This assumes win2000 or windows xp or nt/9x with ADSI already installed.

Hope this helps

-Shawn