Where I work we have several security policies, which include the auditing of certain folders. Below is a script I’m working on, the $folders variable will contain many system folders such as “c:\windows”, c:\windows\system32 etc.
Can anyone forsee an issue with the below script? (It should just run through and put the everyone group in the failure audit with all boxes checked)
Also, is there a way to display the folder’s auditing policy? I tried ($folder | get-acl).getauditrules but it just displays the method properties.
I would like to also be able to pull a report that would say like
folder, audit policies
c:\test, failure - everyone - full control
Thanks for the assistance in advance!
$folders = “C:\test”
$User = “Everyone”
$Rules = “FullControl”
$InheritType = “None”
$AuditType = “Failure”
$hostn = hostname
write-host “$hostn”
foreach($folder in $folders)
{
$ACL = new-object System.Security.AccessControl.DirectorySecurity
$AccessRule = New-Object System.Security.AccessControl.FileSystemAuditRule($user,$Rules,$InheritType,“None”,$AuditType)
$ACL.SetAuditRule($AccessRule)
$ACL | Set-Acl $Folder
write-host “Setting Audit Rules on $folder”
}