Get/Set-ACL, Auditing, Inheritance

PowerShell Help
1

Hi,

Hope you can help. I’ve created this script to remove all auditing from all files/folder/sub-folders. It seems to work apart from where inheritance has been disabled. What am I doing wrong please?

$PathList = Get-Content C:\NetApp\script\pathlist.txt

foreach($path in $PathList) 
{
  $acl = Get-Acl $path -Audit
  $acl.SetAuditRuleProtection($True, $False)
  $acl.GetAuditRules($True, $False, [System.Security.Principal.SecurityIdentifier]) | Foreach-Object { $acl.RemoveAuditRule($_); }
  Set-Acl $path $acl

    $files = Get-ChildItem -Path $Path -File -Recurse
    foreach ($file in $files) {
        $fileacl = Get-Acl $file.FullName -Audit
        $fileacl.SetAuditRuleProtection($True, $False)
        $fileacl.GetAuditRules($True, $False, [System.Security.Principal.SecurityIdentifier]) | Foreach-Object { $fileacl.RemoveAuditRule($_); }
        Set-Acl $file.FullName $fileacl
       
    }
}```
2

Anyone please? Thanks in advance

3

I can’t replicate the problem you’re having. I have tested your code with the following folder structure:

Folder1\
 File1.txt
 Folder2\
    File2.txt

I applied a SACL to Folder1, then disabled inheritence on File2.txt and converted to the SACL to an explicit audit entry on File2.txt. I also created a second entry on File2.txt.

When I run your code, with Folder1 listed in pathlist.txt, the audit entries are removed from all folders and files, including File2.txt.

As your code is OK, this may be a problem with your permissions or the ownership of the files. Are you able to remove the entries manually via the Explorer GUI?

1 Like
4

Thanks for your response Matt. My test environment looks like this:

test.folders