Get/Set-ACL, Auditing, Inheritance

Hi,

Hope you can help. I’ve created this script to remove all auditing from all files/folder/sub-folders. It seems to work apart from where inheritance has been disabled. What am I doing wrong please?

$PathList = Get-Content C:\NetApp\script\pathlist.txt

foreach($path in $PathList) 
{
  $acl = Get-Acl $path -Audit
  $acl.SetAuditRuleProtection($True, $False)
  $acl.GetAuditRules($True, $False, [System.Security.Principal.SecurityIdentifier]) | Foreach-Object { $acl.RemoveAuditRule($_); }
  Set-Acl $path $acl

    $files = Get-ChildItem -Path $Path -File -Recurse
    foreach ($file in $files) {
        $fileacl = Get-Acl $file.FullName -Audit
        $fileacl.SetAuditRuleProtection($True, $False)
        $fileacl.GetAuditRules($True, $False, [System.Security.Principal.SecurityIdentifier]) | Foreach-Object { $fileacl.RemoveAuditRule($_); }
        Set-Acl $file.FullName $fileacl
       
    }
}```

Anyone please? Thanks in advance

I can’t replicate the problem you’re having. I have tested your code with the following folder structure:

Folder1\
 File1.txt
 Folder2\
    File2.txt

I applied a SACL to Folder1, then disabled inheritence on File2.txt and converted to the SACL to an explicit audit entry on File2.txt. I also created a second entry on File2.txt.

When I run your code, with Folder1 listed in pathlist.txt, the audit entries are removed from all folders and files, including File2.txt.

As your code is OK, this may be a problem with your permissions or the ownership of the files. Are you able to remove the entries manually via the Explorer GUI?

Thanks for your response Matt. My test environment looks like this:

test.folders