diff --git a/.DS_Store b/.DS_Store
new file mode 100644
index 0000000..9838a4a
Binary files /dev/null and b/.DS_Store differ
diff --git a/.gitignore b/.gitignore
index 3a2238d..590a81d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -13,11 +13,7 @@
 # Build results
 [Dd]ebug/
 [Dd]ebugPublic/
-[Rr]elease/
 [Rr]eleases/
-[Xx]64/
-[Xx]86/
-[Bb]uild/
 bld/
 [Bb]in/
 [Oo]bj/
diff --git a/Build/Release/x64/repacls.exe b/Build/Release/x64/repacls.exe
new file mode 100644
index 0000000..94d3597
Binary files /dev/null and b/Build/Release/x64/repacls.exe differ
diff --git a/Build/Release/x86/repacls.exe b/Build/Release/x86/repacls.exe
new file mode 100644
index 0000000..08ff40a
Binary files /dev/null and b/Build/Release/x86/repacls.exe differ
diff --git a/Build/build.cmd b/Build/build.cmd
new file mode 100644
index 0000000..5806862
--- /dev/null
+++ b/Build/build.cmd
@@ -0,0 +1,35 @@
+@ECHO OFF
+
+:: cert info to use for signing
+SET CERT=9CC90E20ABF21CDEF09EE4C467A79FD454140C5A
+set TSAURL=http://time.certum.pl/
+set LIBNAME=Repacls
+set LIBURL=https://github.com/NoMoreFood/Repacls
+
+:: do cleanup
+FOR %%X IN (Debug Temp .vs) DO (
+  FORFILES /S /P "%~dp0.." /M "%%X" /C "CMD /C IF @isdir==TRUE RD /S /Q @path"
+)
+FOR %%X IN (Win32 x64 Debug Release) DO (
+  FORFILES /S /P "%~dp0.." /M "*.*pdb" /C "CMD /C DEL /Q @path"
+  FORFILES /S /P "%~dp0.." /M "*.*obj" /C "CMD /C DEL /Q @path"
+  FORFILES /S /P "%~dp0.." /M "*.log" /C "CMD /C DEL /Q @path"
+)
+
+:: setup environment variables based on location of this script
+SET BINDIR=%~dp0Release
+
+:: determine 32-bit program files directory
+IF DEFINED ProgramFiles SET PX86=%ProgramFiles%
+IF DEFINED ProgramFiles(x86) SET PX86=%ProgramFiles(x86)%
+
+:: setup paths
+SET PATH=%WINDIR%\system32;%WINDIR%\system32\WindowsPowerShell\v1.0
+SET PATH=%PATH%;%PX86%\Windows Kits\10\bin\x64
+SET PATH=%PATH%;%PX86%\Windows Kits\8.1\bin\x64
+
+:: sign the main executables
+signtool sign /sha1 %CERT% /fd sha1 /tr %TSAURL% /td sha1 /d %LIBNAME% /du %LIBURL% "%BINDIR%\x86\*.exe" "%BINDIR%\x64\*.exe" 
+signtool sign /sha1 %CERT% /as /fd sha256 /tr %TSAURL% /td sha256 /d %LIBNAME% /du %LIBURL% "%BINDIR%\x86\*.exe" "%BINDIR%\x64\*.exe"
+
+PAUSE
\ No newline at end of file
diff --git a/Main.cpp b/Main.cpp
index 673372e..4d02ef8 100644
--- a/Main.cpp
+++ b/Main.cpp
@@ -279,8 +279,8 @@ void AnalzyingQueue()
 		IO_STATUS_BLOCK IoStatusBlock;
 		NTSTATUS Status = NtOpenFile(&hFindFile, FILE_LIST_DIRECTORY | SYNCHRONIZE,
 			&oAttributes, &IoStatusBlock, FILE_SHARE_READ | FILE_SHARE_WRITE,
-			FILE_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT | 
-			FILE_OPEN_FOR_BACKUP_INTENT | FILE_OPEN_REPARSE_POINT);
+			FILE_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT | FILE_OPEN_FOR_BACKUP_INTENT |
+			((oEntry.IsRoot) ? 0 : FILE_OPEN_REPARSE_POINT));
 
 		if (Status == STATUS_ACCESS_DENIED)
 		{
diff --git a/OperationFactory.h b/OperationFactory.h
index 7e6fafd..7e2dd17 100644
--- a/OperationFactory.h
+++ b/OperationFactory.h
@@ -32,7 +32,8 @@ class FactoryPlant
 		}
 
 		// convert to uppercase for map matching
-		std::transform(sCommand.begin(), sCommand.end(), sCommand.begin(), ::toupper);
+		std::transform(sCommand.begin(), sCommand.end(), sCommand.begin(), 
+			[](const WCHAR c) { return static_cast<WCHAR>(::toupper(c)); });
 
 		// remove the first character
 		sCommand.erase(0, 1);
@@ -66,7 +67,8 @@ template <class SubType> class ClassFactory : public FactoryPlant
 
 	ClassFactory(std::wstring sCommand)
 	{
-		std::transform(sCommand.begin(), sCommand.end(), sCommand.begin(), ::toupper);
+		std::transform(sCommand.begin(), sCommand.end(), sCommand.begin(), 
+			[](const WCHAR c) { return static_cast<WCHAR>(::toupper(c)); });
 		GetCommands()[sCommand] = this;
 	};
 };
diff --git a/OperationHelp.cpp b/OperationHelp.cpp
index e5fd5e7..2ce9f83 100644
--- a/OperationHelp.cpp
+++ b/OperationHelp.cpp
@@ -115,12 +115,6 @@ Commands That Do Not Alter Security
    ConvertDescriptorToStringSecurityDescriptor().  This command does
    not print informational messages other than errors.
 
-/RestoreSecurity <FileName>
-   The reverse operation of /BackupSecurity.  Takes the file name and security
-   descriptors specified in the file specified and applies them to the file
-   system.  This command does not print informational messages other than 
-   errors.
-
 /FindAccount <Name|Sid>
    Reports any instance of an account specified.
 
@@ -190,7 +184,7 @@ LR"(
    have been littered from the old cacls.exe command that didn't understand 
    how to set up inheritance.
 
-/ReplaceAccount <SearchAccount> <ReplaceAccount>
+/ReplaceAccount <SearchAccount>:<ReplaceAccount>
    Search for an account and replace it with another account.
 
 /Report <FileName> <RegularExpression>
@@ -203,6 +197,12 @@ LR"(
    regular expression to refine what part of the security descriptor to scan.
    See Other Notes & Limitations section for more information.
 
+/RestoreSecurity <FileName>
+   The reverse operation of /BackupSecurity.  Takes the file name and security
+   descriptors specified in the file specified and applies them to the file
+   system.  This command does not print informational messages other than 
+   errors.
+
 /SetOwner <Name|Sid>
    Will set the owner of the file to the name specified.
 
diff --git a/OperationSharePaths.cpp b/OperationSharePaths.cpp
index ff50484..52c9efd 100644
--- a/OperationSharePaths.cpp
+++ b/OperationSharePaths.cpp
@@ -120,7 +120,8 @@ OperationSharePaths::OperationSharePaths(std::queue<std::wstring> & oArgList) :
 			if (sLocalPath.back() != L'\\') sLocalPath += L'\\';
 
 			// convert to uppercase
-			std::transform(sLocalPath.begin(), sLocalPath.end(), sLocalPath.begin(), ::toupper);
+			std::transform(sLocalPath.begin(), sLocalPath.end(), sLocalPath.begin(), 
+				[](const WCHAR c) { return static_cast<WCHAR>(::toupper(c)); });
 
 			// see if the share name matches the regular expression
 			if (!std::regex_search(tInfo[iEntry].shi2_netname, oMatchRegex)) continue;
diff --git a/Version.h b/Version.h
index b797bc1..8fa0323 100644
--- a/Version.h
+++ b/Version.h
@@ -1,3 +1,3 @@
 #pragma once
 
-#define VERSION_STRING "1.8.0.0"
+#define VERSION_STRING "1.8.0.1"
diff --git a/repacls.vcxproj b/repacls.vcxproj
index 41f18dd..d218c81 100644
--- a/repacls.vcxproj
+++ b/repacls.vcxproj
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|Win32">
       <Configuration>Debug</Configuration>
@@ -22,34 +22,34 @@
     <ProjectGuid>{0E11E31A-BE5D-4B31-AA8E-DA9AEEC84F37}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>PermChange</RootNamespace>
-    <WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
+    <WindowsTargetPlatformVersion>10.0.15063.0</WindowsTargetPlatformVersion>
     <ProjectName>repacls</ProjectName>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
-    <PlatformToolset>v140</PlatformToolset>
+    <PlatformToolset>v141</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
-    <PlatformToolset>v140</PlatformToolset>
+    <PlatformToolset>v141</PlatformToolset>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
-    <PlatformToolset>v140</PlatformToolset>
+    <PlatformToolset>v141</PlatformToolset>
     <CharacterSet>Unicode</CharacterSet>
     <WholeProgramOptimization>false</WholeProgramOptimization>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
-    <PlatformToolset>v140</PlatformToolset>
+    <PlatformToolset>v141</PlatformToolset>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>