Is there any way to set only Auditing permissions using "Set-ACL" function in Powershell script?

Paramesh T S 1 Reputation point
2021-10-07T05:22:39.117+00:00

Hi , I have been looking for setting an ACL only for the Auditing permissions, We can able to retrieve only auditing permissions using "-Audit" Parameter in "Get-ACL" function, but there is no option of set only the Auditing permissions in "Set-ACL" , lack of "-Audit" parameter in that . Even if we use the Generic "Set-ACL $Path" command , it wipes out the DACL permissions and sets Auditing permission that we retrieved from "Get-ACL -Audit $Path".This causes deletion of DACL , I have attached references and generic code here , let me know if there is any option to set SACL without affecting DACL using "Set-ACL" or any other functions in Powershell script.Thanks in Advance.

References : https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.security/get-acl?view=powershell-7.1, https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.security/set-acl?view=powershell-7.1

code :

Function Add-SACL {  
[cmdletbinding()]  
Param (  
	[string]$Path,  
	[PSObject]$folderAcl  
)   

$permission1 = "everyone","ChangePermissions,TakeOwnership","ContainerInherit","None","Success,Failure"  
$AuditRule1 = New-Object  System.Security.AccessControl.FileSystemAuditRule $permission1  
$folderAcl.AddAuditRule($AuditRule1)  

$permission2 = "everyone","CreateFiles,WriteData,CreateDirectories,AppendData,WriteAttributes,WriteExtendedAttributes,DeleteSubdirectoriesAndFiles,Delete","ContainerInherit,ObjectInherit","None","Success,Failure"  
$AuditRule2 = New-Object  System.Security.AccessControl.FileSystemAuditRule $permission2  
$folderAcl.AddAuditRule($AuditRule2)  


$folderAcl.SetAuditRuleProtection($false,$false)  
$folderAcl | Set-Acl $Path  
	  
}  

$parentSACL = Get-ACL -Audit $parentfolder | select Path,Audit,AreAuditRulesProtected  
Add-SACL -Path $parentfolder
Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,512 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,625 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,455 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 39,496 Reputation points
    2021-10-13T08:52:19.44+00:00

    Hi there,

    This might be helpful for you

    $HomeDirectory = "\server\share$\Folder"
    Powershell
    $Name = "TestUser"

    Get Permissions for Home Directory

    $ACL = Get-Acl $HomeDirectory

    Allow ACL/Audit inheritance from parent directories

    $ACL.SetAccessRuleProtection($false, $false)
    $ACL.SetAuditRuleProtection($false, $false)

    Set Permissions for Home Directory

    $ACL.Access | ForEach { [Void]$ACL.RemoveAccessRule($_) }
    $ACL.AddAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule("Domain\Domain Admins","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")))
    $ACL.AddAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule("Domain\$Name","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")))
    Set-Acl -path $HomeDirectory $ACL

    Set Audit Rules

    $AuditUser = "Everyone"
    $AuditRules = "Delete,DeleteSubdirectoriesAndFiles,CreateFiles,AppendData,ExecuteFile,ReadData"
    $InheritType = "ContainerInherit,ObjectInherit"
    $AuditType = "Success"
    $AccessRule = New-Object System.Security.AccessControl.FileSystemAuditRule($AuditUser,"None",$InheritType,"None",$AuditType)
    $ACL = Get-Acl $HomeDirectory
    $ACL.SetAuditRule($AccessRule)
    $ACL | Set-Acl $HomeDirectory


    If the reply is helpful, please Upvote and Accept it as an answer

    0 comments No comments