locked
How to set audit in Folders and SubFolders RRS feed

  • Question

  • Hi everyone,

    I tryed to find something about it on Google, but I couldn't. How can I set audit permissions for folders, subfolders and files by powershell?

    Thank you

    Thursday, July 23, 2020 1:29 PM

All replies

  • YOU can dump all permissions using ICACLS.

    ICACLS /?

    You can also find numerous third party tools that can audit.

    To select a tool you need to define what you mean by "audit".  "Audit" means compare to some standard or initial condition.

    PowerShell has no command to do this.  You would have to design and build a tool that meets your specifications.


    \_(ツ)_/

    Thursday, July 23, 2020 8:57 PM
  • Hello,

    Here is one great tool I often use, it provides you useful Powershell cmdlets to insert in your scripts :

    https://gallery.technet.microsoft.com/scriptcenter/1abd77a5-9c0b-4a2b-acef-90dbb2b84e85

    and a helpful link about how to use it : https://devblogs.microsoft.com/scripting/weekend-scripter-use-powershell-to-get-add-and-remove-ntfs-permissions/

    I use it on my file server to compare existing permissions with a template on regular basis, and to send me a notification when some new permissions doesn't fit the template. NTFS audit is a complex task when it involves inheritance, path length, generic permission etc.. and this tool helps a lot.

    But JRV is right, it depends on what you really want to achieve 1st !

    ++

    Thursday, July 23, 2020 9:15 PM
  • as i remember icacls working with dacl's, but audit configuration stored in sacl's

    some time ago i had a project based on setacl + powershell. Important thing that you need to know, that you should use propper util version (x86/x64)


    The opinion expressed by me is not an official position of Microsoft

    Thursday, July 23, 2020 9:19 PM
  • So you are really asking how to set the SACL ACES on folders.

    Have you searched.  There are numerous scripts on teh web that will do this.

    You can also use Get-Acl and Set-Acl.

    https://www.rootusers.com/implement-auditing-using-windows-powershell/

    If you search you can find everything you need quickly.


    \_(ツ)_/

    Thursday, July 23, 2020 9:29 PM
  • So you are really asking how to set the SACL ACES on folders.


    \_(ツ)_/

    nope, i do not asking anythig, i'm not a topic starter but as i get he/she trying find something for audit configuration, and icacls not the correct one.

    The opinion expressed by me is not an official position of Microsoft

    Thursday, July 23, 2020 9:36 PM
  • So you are really asking how to set the SACL ACES on folders.


    \_(ツ)_/

    nope, i do not asking anythig, i'm not a topic starter but as i get he/she trying find something for audit configuration, and icacls not the correct one.

    The opinion expressed by me is not an official position of Microsoft

    Post was not for you.


    \_(ツ)_/

    Thursday, July 23, 2020 9:38 PM
  • Hi guys,

    So, there isn't any command line (neither PowerShell nor cmd, whatever) that I'm able to use in this case, right? I'll have to do this manually, folder by folder, right?

    Best regards

    Friday, July 24, 2020 2:59 PM
  • at least 2 or even 3 comments from this topic have solutions for your case. please check comments once again

    The opinion expressed by me is not an official position of Microsoft

    Friday, July 24, 2020 3:39 PM