How to enable auditing on subfolders and files using powershell - windows

I tried to enable the audit policy on folder using powershell script. But in my case the audit policy is not applied for subfolders and files within the folder which applied the audit policy.
I used the following code:
$TargetFolders = Get-Content C:\Input.txt
$AuditUser = "Everyone"
$AuditRules = "Delete,DeleteSubdirectoriesAndFiles,ChangePermissions,Takeownership"
$InheritType = "ContainerInherit,ObjectInherit"
$AuditType = "Success"
$AccessRule = New-Object System.Security.AccessControl.FileSystemAuditRule($AuditUser,$AuditRules,$InheritType,"None",$AuditType)
foreach ($TargetFolder in $TargetFolders)
{
$ACL = Get-Acl $TargetFolder
$ACL.SetAuditRule($AccessRule)
Write-Host "Processing >",$TargetFolder
$ACL | Set-Acl $TargetFolder
}
Write-Host "Audit Policy applied successfully."
In Advanced security setting prompt prompt it also shows that
“apply onto: ‘this folder,subfolder and files.'”
but audit policy is not applied for the subfolders and files. when i tick on the following tick box.
“Replace all existing inheritable auditing entries on all descendants
with inheritable auditing entries from this object”
then it's applied on subfolders and files within it.
So how can I tick on this programatically (using powershell)?

Related

apply folder rights to other folders powershell

I need to change a lot of sub folders's ACL rights. The folders all have the same name "06 - Offers". I've found a powershell command to "copy past" the acl rights from one folder to another. I wonder if anybody here can point me in the right direction to automate this?
It would need to search in a defined folder and change all the access rights for a specific folder in each of it's sub folders (if that makes sense).
(Get-Item 'C:\testfolder').GetAccessControl("Access") | Set-Acl -Path 'D:\realfolder'
So for example we have the folders:
D:\project\project1\06offers
D:\project\project2\06offers
d:\project\project3\06offers
etc...
And all the 06offers folders need the exact same ACL rights.
With this you should be able to create a solution which fits for you:
#Get "example" rights
$PathToExampleFolder = "PathToFile"
$MasterACL = (Get-Item $PathToExampleFolder).GetAccessControl("Access")
#Search all folders
$Folders = Get-ChildItem -Path "PathWhereTheFoldersAre" -Recurse -Filter "06offers"
#Set ACL
foreach ($folder in $Folders) {
Set-Acl -Path $folder.Fullname -AclObject $MasterACL
}

How to detect if there is any file added in a folder?

Is it a way to detect if there is any file added in a folder? Include the sub-folder.
For example, check if any text file *.txt is added in folder c:\data-files\ or its sub-folders.
The folder can be shared folder of another machine too.
Perhaps you are confused on the types of events that are triggered:
http://msdn.microsoft.com/en-us/library/system.io.filesystemwatcher_events(v=vs.110).aspx
This should work, taken from the link above and modified for your requirements:
#By BigTeddy 05 September 2011
#This script uses the .NET FileSystemWatcher class to monitor file events in folder(s).
#The advantage of this method over using WMI eventing is that this can monitor sub-folders.
#The -Action parameter can contain any valid Powershell commands. I have just included two for example.
#The script can be set to a wildcard filter, and IncludeSubdirectories can be changed to $true.
#You need not subscribe to all three types of event. All three are shown for example.
# Version 1.1
$folder = '\\remote\shared' # Enter the root path you want to monitor.
$filter = '*.txt' # You can enter a wildcard filter here.
# In the following line, you can change 'IncludeSubdirectories to $true if required.
$fsw = New-Object IO.FileSystemWatcher $folder, $filter -Property #{IncludeSubdirectories = $true;NotifyFilter = [IO.NotifyFilters]'FileName, LastWrite'}
# Here, all three events are registerd. You need only subscribe to events that you need:
Register-ObjectEvent $fsw Created -SourceIdentifier FileCreated -Action {
$name = $Event.SourceEventArgs.Name
$changeType = $Event.SourceEventArgs.ChangeType
$timeStamp = $Event.TimeGenerated
Write-Host "The file '$name' was $changeType at $timeStamp" -fore green
Out-File -FilePath c:\scripts\filechange\outlog.txt -Append -InputObject "The file '$name' was $changeType at $timeStamp"}
Please note that once you close the powershell console the fileSystemWatcher is thrown away, and will no longer monitor the folder(s). So you have to make sure the powershell window stays open. In order to do that without it getting in your way I suggest a scheduled task http://blogs.technet.com/b/heyscriptingguy/archive/2011/01/12/use-scheduled-tasks-to-run-powershell-commands-on-windows.aspx

How to make new subfolders inherent permissions ( windows server 2008 )

I have a share with a file structue like so
Public ( no restrictions )
Sales ( only sales people have access )
Production ( Production only has access to this )
I created the permissions, but if someone creates a new folder in there, the permissions on that new folder is not the same as the parrent, Is there a way to force permissions ( or even a script I could run to re-set the permissions nightly )
This can be done through the GUI as a once off - click the Advanced button on the Security tab in the folder properties, and make you've disabled inheritance on your main sub folders, and then check to ensure any custom security settings apply to "this folder, sub folders and files". You may also need to check "replace all child object permissions ..." as well.
From the command prompt, you can use the command "icacls" which is really powerful and is what I tend to use when configuring permissions like this.
as u suggested, I wrote below script. Hope it could help
$folders = Get-ChildItem -Path $share -Directory
foreach ($folder in $folders)
{
$acl = Get-Acl $folder
Get-ChildItem $folder -Recurse | %{Set-Acl -Path $_.FullName -AclObject $acl}
}

chmod function for PowerShell

I was looking around to understand how to chmod (change permissions of a file) a file on Windows 7 Power Shell. So I have found different (wired for me, because I am used to simple chmod command) code snippets and wondering would't it be simple to wrap that wired commands in a chmod function and write it on in a $profile file of Power Shell. I guess this is what many ex-linux shell, but now power shell users would like to have for changing permissions of a file.
I am new to Power Shell. Please help me with the code.
Here is an example with the native way, using ACL and ACE. You have to build your own functions arround that.
# Get the Access Control List from the file
# Be careful $acl is more a security descriptor with more information than ACL
$acl = Get-Acl "c:\temp\test.txt"
# Show here how to refer to useful enumerate values (see MSDN)
$Right = [System.Security.AccessControl.FileSystemRights]::FullControl
$Control = [System.Security.AccessControl.AccessControlType]::Allow
# Build the Access Control Entry ACE
# Be careful you need to replace "everybody" by the user or group you want to add rights to
$ace = New-Object System.Security.AccessControl.FileSystemAccessRule ("everybody", $Right, $Control)
# Add ACE to ACL
$acl.AddAccessRule($ace)
# Put ACL to the file
Set-Acl "c:\temp\test.txt" $acl
(Get-Acl "c:\temp\test.txt").access
Read-Host "--------- Test Here --------------"
# Remove ACE from ACL
$acl.RemoveAccessRule($ace)
Set-Acl "c:\temp\test.txt" $acl
(Get-Acl "c:\temp\test.txt").access
Look at the following:
Set-Acl - Run Get-Help Set-Acl -Full
attrib.exe - Standard Windows tool for setting file attributes. Not Powershell-specific, but of course still works in Powershell.
icacls.exe - Standard Windows tool for setting ACLs. Not Powershell-specific, but of course still works in Powershell.
Source: http://www.cs.wright.edu/~pmateti/Courses/233/Labs/Scripting/bashVsPowerShellTable.html
Just do a web search for chmod powershell.

Add group "Everyone" to directory and all of it's sub-directories

I'm currently using Vista 32-bit. How do I add the Windows security group "Everyone" and give full control to a directory and all of it's sub-directories and all files? Is there a powershell script that I could use?
Thanks!
I've expanded on martona's snippet and was able to give access to all folders and sub-folders. Here's my code -
$FilesAndFolders = gci "c:\data" -recurse | % {$_.FullName}
foreach($FileAndFolder in $FilesAndFolders)
{
#using get-item instead because some of the folders have '[' or ']' character and Powershell throws exception trying to do a get-acl or set-acl on them.
$item = gi -literalpath $FileAndFolder
$acl = $item.GetAccessControl()
$permission = "Everyone","FullControl","Allow"
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($rule)
$item.SetAccessControl($acl)
}
Sometimes the "native" PowerShell way isn't necessarily the best way. For something like this I would still use icacls.exe. Remember that good ol' exes work pretty good in PowerShell. Just cd to the directory you want to set and execute:
icacls $pwd /grant "Everyone":(OI)(CI)F
This will give Everyone full access to the current directory downwards (via permission inheritance). This should work as long as there are no explicit denials to Everyone in the dir structure.
$acl = Get-Acl c:\mydir
$permission = "Everyone","FullControl","Allow"
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($rule)
$acl | Set-Acl c:\mydir

Resources