Update

Author: Horacio Fernandez

PowerShellAccessControl.psd1

@@ -251,16 +251,16 @@ can be used to provide AuditFlags and Inheritance/Propagation flags (WMI ACE obj
 
         #region Get Inheritance and Propagation flags       
         if (-not $PSBoundParameters.ContainsKey("AppliesTo")) {
-            if ($PSBoundParameters.ContainsKey("AceFlags") -and $AceFlags -band [System.Security.AccessControl.AceFlags]::InheritanceFlags) {
+            if ($PSBoundParameters.ContainsKey("AceFlags") -and $AceFlags.value__ -band [System.Security.AccessControl.AceFlags]::InheritanceFlags.value__) {
                 # AceFlags contains inheritance/propagation info, so get the AppliesTo from that
                 $InheritanceFlags = $PropagationFlags = 0
                 foreach ($CurrentFlag in "ContainerInherit", "ObjectInherit") {
-                    if ($AceFlags -band [System.Security.AccessControl.AceFlags]::$CurrentFlag) {
+                    if ($AceFlags.value__ -band ([int][System.Security.AccessControl.AceFlags]::$CurrentFlag)) {
                         $InheritanceFlags = $InheritanceFlags -bor [System.Security.AccessControl.InheritanceFlags]::$CurrentFlag
                     }
                 }
                 foreach ($CurrentFlag in "NoPropagateInherit","InheritOnly") {
-                    if ($AceFlags -band [System.Security.AccessControl.AceFlags]::$CurrentFlag) {
+                    if ($AceFlags.value__ -band ([int][System.Security.AccessControl.AceFlags]::$CurrentFlag)) {
                         $PropagationFlags = $PropagationFlags -bor [System.Security.AccessControl.PropagationFlags]::$CurrentFlag
                     }
                 }
@@ -315,8 +315,8 @@ can be used to provide AuditFlags and Inheritance/Propagation flags (WMI ACE obj
 
             # Or Success/Failure audits may have been specified through AceFlags (usually happens
             # when another ACE is fed to New-AccessControlEntry through pipeline.
-            if ($PSBoundParameters.AceFlags -band [System.Security.AccessControl.AceFlags]::SuccessfulAccess) { $AuditFlags += "Success" }
-            if ($PSBoundParameters.AceFlags -band [System.Security.AccessControl.AceFlags]::FailedAccess) { $AuditFlags += "Failure" }
+            if ([int] $PSBoundParameters.AceFlags -band [System.Security.AccessControl.AceFlags]::SuccessfulAccess) { $AuditFlags += "Success" }
+            if ([int] $PSBoundParameters.AceFlags -band [System.Security.AccessControl.AceFlags]::FailedAccess) { $AuditFlags += "Failure" }
 
             if ($AuditFlags) {
                 $AuditFlags = $AuditFlags -as [System.Security.AccessControl.AuditFlags]

PowerShellAccessControl.psm1

@@ -530,7 +530,7 @@ etc.
                     # Get a copy of the rule (we don't want to touch the original object)
                     Write-Debug "$($MyInvocation.MyCommand): No conversion necessary"
                     $Rule = $Rule.Copy()
-                    $IsRuleInherited = [bool] ($Rule.AceFlags -band [System.Security.AccessControl.AceFlags]::Inherited)
+                    $IsRuleInherited = [bool] ([int] $Rule.AceFlags -band [System.Security.AccessControl.AceFlags]::Inherited.value__)
                     break
                 }
 
@@ -618,7 +618,7 @@ etc.
                   ($_ -eq "Microsoft.Management.Infrastructure.CimInstance" -and
                    ($Rule.CimClass.CimClassName -eq "Win32_ACE") -or ($Rule.CimClass.CimClassName -eq "__ACE")) } {
 
-                    $IsRuleInherited = [bool] ($Rule.AceFlags -band [System.Security.AccessControl.AceFlags]::Inherited)
+                    $IsRuleInherited = [bool] ([int] $Rule.AceFlags -band [System.Security.AccessControl.AceFlags]::Inherited.value__)
 
                     # Long and scary looking condition, but it just means do the
                     # following if it's a WMI object of the Win32_ACE class
@@ -643,8 +643,8 @@ etc.
 
                     if ($Rule.AceType -eq [System.Security.AccessControl.AceQualifier]::SystemAudit) {
                         # Not an access entry, but an audit entry
-                        $Params.AuditSuccess = [bool] ($Rule.AceFlags -band [System.Security.AccessControl.AceFlags]::SuccessfulAccess)
-                        $Params.AuditFailure = [bool] ($Rule.AceFlags -band [System.Security.AccessControl.AceFlags]::FailedAccess)
+                        $Params.AuditSuccess = [bool] ([int] $Rule.AceFlags -band [System.Security.AccessControl.AceFlags]::SuccessfulAccess.value__)
+                        $Params.AuditFailure = [bool] ([int] $Rule.AceFlags -band [System.Security.AccessControl.AceFlags]::FailedAccess.value__)
                     }
 
                     # Make the rule:
@@ -666,14 +666,14 @@ etc.
                 # it's usually to add or remove an ACE. In either of those 
                 # scenarios, you don't want the resulting ACE to still be
                 # inherited, so remove that flag if it's present
-                if ($Rule.AceFlags -band [System.Security.AccessControl.AceFlags]::Inherited) {
-                    $Rule.AceFlags = $Rule.AceFlags -bxor [System.Security.AccessControl.AceFlags]::Inherited
+                if ([int] $Rule.AceFlags -band [System.Security.AccessControl.AceFlags]::Inherited.value__) {
+                    $Rule.AceFlags = [int] $Rule.AceFlags -bxor [System.Security.AccessControl.AceFlags]::Inherited.value__
                 }
             }
             else {
-                if ($IsRuleInherited -and (-not ($Rule.AceFlags -band [System.Security.AccessControl.AceFlags]::Inherited))) {
+                if ($IsRuleInherited -and (-not ([int] $Rule.AceFlags -band [System.Security.AccessControl.AceFlags]::Inherited.value__))) {
                     # If the original rule was inherited, but the converted one isn't, fix it!
-                    $Rule.AceFlags = $Rule.AceFlags -bxor [System.Security.AccessControl.AceFlags]::Inherited
+                    $Rule.AceFlags = [int] $Rule.AceFlags -bxor [System.Security.AccessControl.AceFlags]::Inherited.value__
                 }
             }