How can I set audit controls on files owned by TrustedInstaller using Powershell?
Posted
by
Drise
on Server Fault
See other posts from Server Fault
or by Drise
Published on 2013-11-07T17:40:55Z
Indexed on
2013/11/07
21:59 UTC
Read the original article
Hit count: 616
I am trying to set audit controls on a number of files (listed in ACLsWin.txt
) located in \%Windows%\System32
(for example, aaclient.dll
) using the following Powershell script:
$FileList = Get-Content ".\ACLsWin.txt"
$ACL = New-Object System.Security.AccessControl.FileSecurity
$AccessRule = New-Object System.Security.AccessControl.FileSystemAuditRule("Everyone", "Delete", "Failure")
$ACL.AddAuditRule($AccessRule)
foreach($File in $FileList)
{
Write-Host "Changing audit on $File"
$ACL | Set-Acl $File
}
Whenever I run the script, I get the error PermissionDenied [Set-Acl] UnauthorizedAccessException
.
This seems to come from the fact that the owner of these files is TrustedInstaller
. I am running these scripts as Administrator (even though I'm on the the built-in Administrator account) and it's still failing. I can set these audit controls by hand using the Security tab, but there are at least 200 files for which doing by hand may lead to human errors.
How can I get around TrustedInstaller
and set these audit controls using Powershell?
© Server Fault or respective owner