FileSystemAuditRule disables inheritance (Powershell script)

Question

I'm using a powershell script to create auditing in a windows directory and all of its subfolders.

$DrivePath = $args[0]

$AuditUser = "Everyone"
$AuditRules = "FullControl"
$InheritType = "ContainerInherit,ObjectInherit"
$AuditType = "Success,Failure"
$AccessRule = New-Object System.Security.AccessControl.FileSystemAuditRule($AuditUser,$AuditRules,$InheritType,"None",$AuditType)

$ACL = Get-Acl $DrivePath
$ACL.SetAuditRule($AccessRule)
$ACL | Set-Acl $DrivePath

After running the script, the auditing is created for the root directory, but all of the subfolders have disabled the checkbox- "include inheritable auditing entries from this object's parent".

How can i use the script and keep the inheritance?

score 0 · Answer 1 · edited Mar 16 '16 at 23:49

0

$ACL = Get-Acl $DrivePath
$ACL.SetAuditRule($AccessRule)
# Add this line
$ACL.SetAuditRuleProtection($True, $False)
$ACL | Set-Acl $DrivePath

edited Mar 16 '16 at 23:49

Nathan Tuggy

2,237
27
30
38

answered Mar 16 '16 at 09:47

user6070843

1

FileSystemAuditRule disables inheritance (Powershell script)

1 Answers1