Hello, I have the following code (it's a mixture of other code to set SACL on files and registry keys) to set SACL entries on files. I'd like it set to Everyone Failure Full Control and Everyone Success *various* The beauty of the function was that it allowed me to put both success and failure on the file without overwriting one or the other. I've done my best to combine, but I'm still a novice and I'm getting the error below the code snippet:
function add-acl($Right,$Access)
{
$audit = "everyone","$Right","containerinherit","none","$Access"
$ACL = new-object System.Security.AccessControl.DirectorySecurity
$r = new-object system.security.accesscontrol.filesystemauditrule($audit)
$ACL.addauditrule($r)
}
#this piece would eventually Get-Content from a txt file, but was testing on a single file
$TargetFiles = (Get-Item c:\windows\system32\at.exe).GetAccessControl('Access')
foreach ($TargetFile in $TargetFiles)
{
Write-Host "Processing >",$TargetFile
add-acl "ExecuteFile" "Success"
add-acl "Delete" "Success"
add-acl "TakeOwnership" "Success"
add-acl "ChangePermissions" "Success"
add-acl "FullControl" "Failure"
$acl | Set-ACL
}
Write-Host "Audit Policy applied successfully."
OUTPUT:
PS C:\Users\me> C:\Powershell\Set_SACL_Reg.ps1
Processing > System.Security.AccessControl.FileSecurity
Set-Acl : Cannot bind argument to parameter 'AclObject' because it is null.
At C:\Powershell\Set_SACL_Reg.ps1:22 char:19
+ $acl | Set-ACL <<<<
+ CategoryInfo : InvalidData: (:) [Set-Acl], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.SetAclCommand
Audit Policy applied successfully.
Any help would be appreciated. Thanks