Hi,
I am looking to remove the NTFS audit settings for millions of files. I created the following script and started testing. It all looked promising until I tested against one of the paths and found that it didn’t work, nor did it produce an error.
$PathList = Get-Content C:\script\pathlist.txt
foreach ($Path in $PathList)
{
$acl = Get-Acl $Path -Audit
$acl.GetAuditRules | Foreach-Object $acl.RemoveAuditRuleAll
Set-Acl $Path $acl
}
I’ve cross checked the working paths to the one that doesn’t work and the permissions/inheritance seem identical. The folders where the audit script has worked do not allow the local\admin group access, same as the problem folder. I tried a second script which takes ownership and adds local\admin with full control to the problem folder, then re-ran the audit script and it still doesn’t work. After running the permissions script to add local\admin, I can manually remove the audit settings.
Any ideas please?
As an aside, how does get/set-acl work when I don’t have permissions to read/edit the folders/files?
Thanks in advance