How can I set audit controls on files owned by TrustedInstaller using Powershell?

Posted by Drise on Server Fault See other posts from Server Fault or by Drise
Published on 2013-11-07T17:40:55Z Indexed on 2013/11/07 21:59 UTC
Read the original article Hit count: 616

I am trying to set audit controls on a number of files (listed in ACLsWin.txt) located in \%Windows%\System32 (for example, aaclient.dll) using the following Powershell script:

$FileList = Get-Content ".\ACLsWin.txt"
$ACL = New-Object System.Security.AccessControl.FileSecurity

$AccessRule = New-Object System.Security.AccessControl.FileSystemAuditRule("Everyone", "Delete", "Failure")
$ACL.AddAuditRule($AccessRule)
foreach($File in $FileList)
{
    Write-Host "Changing audit on $File"
    $ACL | Set-Acl $File
}

Whenever I run the script, I get the error PermissionDenied [Set-Acl] UnauthorizedAccessException.

This seems to come from the fact that the owner of these files is TrustedInstaller. I am running these scripts as Administrator (even though I'm on the the built-in Administrator account) and it's still failing. I can set these audit controls by hand using the Security tab, but there are at least 200 files for which doing by hand may lead to human errors.

How can I get around TrustedInstaller and set these audit controls using Powershell?

© Server Fault or respective owner

Related posts about windows-7

Related posts about permissions