I ran across another tool written by Grant Holliday (of TFS Bug Snapper 1.0 and Clipboard Image Monitor fame) today - one to use the CSS part of the object model to fetch the area paths and area URI's for a team foundation server and then output it into XML: ListProjectAreas.exe

Unfortunately, as he mentions in the details of why this tool was needed, TfsSecurity isn't very friendly with area paths in our V1 version, and managing permissions on area paths isn't a great experience due to lack of good tools in the box.  We're hoping we can improve this in future versions.

We are then using Areas within the team project to manage the individual subprojects. The problem came when we wanted to restrict permissions within these areas. The TFSSecurity.exe tool allows you to add specific ACLs to Team Project Areas but requires you to know “Area objectID” or “URI of the access control object” – no friendly names!!

I would’ve expected you could do something like:

TFSSecurity.exe /a+ “[Team Project]\Area1” WORK_ITEM_WRITE “[Team Project]\Contributors” ALLOW

But instead of [Team Project]\Area1 you have to specify the URI which corresponds to the area. e.g.

vstfs:///Classification/Node/53f0b4cf-dae2-4c87-a74d-23e0eb1f0335