Powershell – Update NTFS Audit Levels


Here are the required steps for updating audit rules on Windows NTFS shares with PowerShell.

 # PowerShell Script used for updating and removing NTFS Audit Rules
 # The $path variable represents the UNC path to the share that the script is being executed against.
 #
 # Comment or Un-Comment the Remove or Set rules to update a shares permissions.
get-date
 $path \\\
# Get the current ACL details
 $CurrentACL = get-acl $path
if (!($CurrentACL -eq $null)) {
# Success & Failure
 $AccessRule = new-object System.Security.AccessControl.FileSystemAuditRule("Everyone","ChangePermissions,DeleteSubdirectoriesAndFiles,Delete,TakeOwnership","ContainerInherit","None","Success,Failure")
# Remove Audit Rule
 #$CurrentACL.RemoveAuditRule($AccessRule)
# Set New Audit Rule
 #$CurrentACL.AddAuditRule($AccessRule)
# Apply New Permissions
 set-acl $path -AclObject $CurrentACL
 } else {
 Write-Host "ACL's unsuccessfully pulled from path $path"
 }
get-date
Advertisements

One thought on “Powershell – Update NTFS Audit Levels

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s