Jump to content
  • Windows 10 Forums

    Welcome to the Windows 10 forums, a free community where people just like you come together to discuss, share and learn how to use their computers.

    As a guest, you can browse and view all the content on the site, however, you won't be able to leave comments or create new topics unless you create a free account. 

auditpol and icacls


Recommended Posts

I have a script that resets all permissions on a set of folders and then applies custom permissions. I have another one that set's up auditing on selected folders. For some reason when I run the script that set's up auditing after running the script setting up permissions the permissions on audited folders are set back to default.

To audit I run

$user = "Everyone"

$rules = "Delete,CreateFiles,AppendData"

$Inheritance = "ContainerInherit,ObjectInherit"

$type = "Success"

$ACL = New-Object System.Security.AccessControl.DirectorySecurity

$rule = New-Object System.Security.AccessControl.FileSystemAuditRule($user,$rules,$inheritance,"None",$type)

$acl.AddAuditRule($rule)

foreach($folder in $folders){ $ACL | Set-Acl $folder}

auditpol /set /subcategory:"File Share" /success:enable

 

in the script for permissions I have

takeown /F c:\test /A /R /D Y

icacls c:\test /reset /t /c

icacls c:\test /grant:r "NT Authority\Authenticated Users":(CI) (OI) R

icacls c:\test\item1 /inheritance:r /grant:r "admin group": (CI) (OI) RWD /grant:r "read group": (CI) (OI) R /grant:r "builtin\Administrators": (OI) (CI) F  .....

and more lines in pretty much the same manner for diferent subfolders.

Can someone spot where it goes wrong?

Link to comment
Share on other sites

13 hours ago, jackaustin said:

I have a script that resets all permissions on a set of folders and then applies custom permissions. I have another one that set's up auditing on selected folders. For some reason when I run the script that set's up auditing after running the script setting up permissions the permissions on audited folders are set back to default.

To audit I run

$user = "Everyone"

$rules = "Delete,CreateFiles,AppendData"

$Inheritance = "ContainerInherit,ObjectInherit"

$type = "Success" " ICACLS"

$ACL = New-Object System.Security.AccessControl.DirectorySecurity

$rule = New-Object System.Security.AccessControl.FileSystemAuditRule($user,$rules,$inheritance,"None",$type)

$acl.AddAuditRule($rule)

foreach($folder in $folders){ $ACL | Set-Acl $folder}

auditpol /set /subcategory:"File Share" /success:enable

 

in the script for permissions I have

takeown /F c:\test /A /R /D Y

icacls c:\test /reset /t /c

icacls c:\test /grant:r "NT Authority\Authenticated Users":(CI) (OI) R

icacls c:\test\item1 /inheritance:r /grant:r "admin group": (CI) (OI) RWD /grant:r "read group": (CI) (OI) R /grant:r "builtin\Administrators": (OI) (CI) F  .....

and more lines in pretty much the same manner for diferent subfolders.

Can someone spot where it goes wrong?

Didn't get any solution

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Who's Online   0 Members, 0 Anonymous, 3 Guests (See full list)

    There are no registered users currently online

×
×
  • Create New...