Sample PowerShell code to enable auditing on a folder
$computer = gc env:computername
$path = "C:\New Folder"
$user = "everyone"
$path = $path.replace("\", "\\")
$SD = ([WMIClass] "Win32_SecurityDescriptor").CreateInstance()
$ace = ([WMIClass] "Win32_ace").CreateInstance()
$Trustee = ([WMIClass] "Win32_Trustee").CreateInstance()
$SID = (new-object security.principal.ntaccount $user).translate([security.principal.securityidentifier])
[byte[]] $SIDArray = ,0 * $SID.BinaryLength
$SID.GetBinaryForm($SIDArray,0)
$Trustee.Name = $user
$Trustee.SID = $SIDArray
$ace.AccessMask = [System.Security.AccessControl.FileSystemRights]"Modify"
$ace.AceFlags = "0x67"
$ace.AceType = 2
$ace.Trustee = $trustee
$SD.SACL = $ace
$SD.ControlFlags="0x10"
$wPrivilege = gwmi Win32_LogicalFileSecuritySetting -computername $computer -filter "path='$path'"
$wPrivilege.psbase.Scope.Options.EnablePrivileges = $true
$wPrivilege.setsecuritydescriptor($SD)
Comments
- Anonymous
January 30, 2018
The comment has been removed - Anonymous
February 21, 2018
Hello.I would like to ask if it's possible to modify the script so it can fit the needs. For example if we want the type of audit to be "Fail", for "$computer\Everyone" and to be applied to "This folder only", how do we modify it????Kind Regards