Set-ACL - script runs, fails to apply changes, but no errors

tao · July 2, 2023, 5:56pm

Hi,

I am looking to remove the NTFS audit settings for millions of files. I created the following script and started testing. It all looked promising until I tested against one of the paths and found that it didn’t work, nor did it produce an error.

$PathList = Get-Content C:\script\pathlist.txt

foreach ($Path in $PathList)
{
  $acl = Get-Acl $Path -Audit
   $acl.GetAuditRules | Foreach-Object $acl.RemoveAuditRuleAll
  Set-Acl $Path $acl
}

I’ve cross checked the working paths to the one that doesn’t work and the permissions/inheritance seem identical. The folders where the audit script has worked do not allow the local\admin group access, same as the problem folder. I tried a second script which takes ownership and adds local\admin with full control to the problem folder, then re-ran the audit script and it still doesn’t work. After running the permissions script to add local\admin, I can manually remove the audit settings.

Any ideas please?

As an aside, how does get/set-acl work when I don’t have permissions to read/edit the folders/files?

Thanks in advance

krzydoug · July 2, 2023, 11:51pm

This here is wrong

| Foreach-Object $acl.RemoveAuditRuleAll

when you use the Foreach-Object cmdlet, the variable in the loop is $_

Also, the removeauditrule is a method that takes a parameter. I think what you’re looking for is

| Foreach-Object {$acl.RemoveAuditRuleAll($_)}

tao · July 3, 2023, 7:11am

Thanks krzydog, my attempt at the script seems to work as-is without your enhancements, but on one of my test samples it doesn’t. I’m trying to work out why that might be.

I did however make your suggested change in the script and it failed until I added [System.Security.Principal.SecurityIdentifier]

$acl.GetAuditRules($True, $False, [System.Security.Principal.SecurityIdentifier]) | Foreach-Object { $acl.RemoveAuditRule($_); }

However, it still doesn’t remove the SACL from the path - I still have the same problem.

Thanks again

tao · July 5, 2023, 11:02am

Inheritance! Grrrrrrrrr

system · February 10, 2024, 5:34pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Get/Set-ACL, Auditing, Inheritance PowerShell Help	3	347	July 13, 2023
using powershell to set file audit settings PowerShell Help	2	237	December 7, 2018
Setting ACL Over writes Audits PowerShell Help	2	153	November 17, 2015
Remove ACL Question PowerShell Help	2	127	August 25, 2014
Modify NTFS Permissions on multiple folders PowerShell Help	0	174	December 31, 2011

Set-ACL - script runs, fails to apply changes, but no errors

Related Topics