Getting File audit settings

aaron-miller · March 11, 2015, 2:25am

Hello,

I’ve found several sites that show how to set the file audit settings…but I haven’t had much luck finding any information about retrieving audit settings on a particular folder…

I’m trying to write a health check script that will verify certain file auditing is in place such as…

%systemroot% has audits set up for ‘failures’ on 'CreateFiles" for the ‘everyone’ user. I know how to set this up using:

New-Object System.Security.AccessControl.FileSystemAuditRule(“Everyone”,“CreateFiles”,“none”,“none”,”Failure”)

But I’m unsure how to query a folder and get it’s audit settings for a particular user (almost ‘everyone’ user in my case).

Any help or tips would be greatly appreciated.

system · March 11, 2015, 2:43am

You’d use the Get-Acl command with the -Audit switch to retrieve the folder or file’s current settings:

$acl = Get-Acl C:\Some\Folder -Audit
$acl.Audit

aaron-miller · March 11, 2015, 2:53am

God I feel dumb lol…

That was very easy, thanks again for such a direct and easy solution!

patrick-burwell · January 7, 2016, 6:53am

So how do you check access to a file?

toby-hessellund · January 7, 2016, 11:30am

$acl.Access

Topic		Replies	Views
Auditing setting on files PowerShell Help	3	222	May 16, 2024
Setting audit permission through powershell PowerShell Help	2	274	May 16, 2024
using powershell to set file audit settings PowerShell Help	3	396	May 16, 2024
Setting up Audit rules with PS PowerShell Help	3	315	May 16, 2024
File Audit over writing PowerShell Help	3	197	May 16, 2024

Getting File audit settings

Related topics