Getting File audit settings

Hello,

I’ve found several sites that show how to set the file audit settings…but I haven’t had much luck finding any information about retrieving audit settings on a particular folder…

I’m trying to write a health check script that will verify certain file auditing is in place such as…

%systemroot% has audits set up for ‘failures’ on 'CreateFiles" for the ‘everyone’ user. I know how to set this up using:

New-Object System.Security.AccessControl.FileSystemAuditRule(“Everyone”,“CreateFiles”,“none”,“none”,”Failure”)

But I’m unsure how to query a folder and get it’s audit settings for a particular user (almost ‘everyone’ user in my case).

Any help or tips would be greatly appreciated.

You’d use the Get-Acl command with the -Audit switch to retrieve the folder or file’s current settings:

$acl = Get-Acl C:\Some\Folder -Audit
$acl.Audit

God I feel dumb lol…

That was very easy, thanks again for such a direct and easy solution!

So how do you check access to a file?

$acl.Access