Configure SACL using PowerShell | FIM guide

Related Products
ADManager Plus

Active Directory Management & Reporting
Download | Demo
ADSelfService Plus

Self-Service Password Management
Download | Demo
EventLog Analyzer

Real-time Log Analysis & Reporting
Download | Demo
Exchange Reporter Plus

Exchange Server Auditing & Reporting
Download | Demo
AD360

Integrated Identity & Access Management
Download | Demo
Log360

Comprehensive SIEM and UEBA
Download | Demo

Configuring object level auditing - Using PowerShell cmdlets

To audit file and folder access, object-level auditing must be enabled. This can be achieved in three ways:

Using Windows shares

Using PowerShell cmdlets

Using Global Object Access Auditing

Using PowerShell cmdlets

Create a CSV file containing the Universal Naming Convention (UNC) path or local path and the type of auditing (FIM) of all the folders that you want to enable auditing for.

The CSV file should contain the list of folders in the following format: <folder>,<type>
For example:
E:\test folder,FIM
\\SERVERNAME\c$\folder,FIM

Note:
When removing object-level auditing for a set of folders, the <type>strong> parameter is not mandatory.

Once you have the CSV file that lists all the servers and the type of auditing required, go to the <Installation Directory>\bin folder within the PowerShell command prompt and type in:
.\ADAP-Set-SACL.ps1 -file '.\file name' -mode add (or) remove -recurse true (or) false -username DOMAIN_NAME\username

Where:

Parameter	Input variable	Mandatory
-mode	The name of the CSV file containing the list of shared folders.	Yes
-file	Add: Sets the object-level auditing settings. (or) Remove: Removes the object-level auditing settings.	Yes
-recurse	True: Replace all subfolder object-level auditing settings with inheritable auditing settings applied to the chosen folder. (or) False: Apply object-level auditing settings only to the chosen folder. Note: By default, the -recurse parameter is set to false.	No
-username	DOMAIN_NAME\username: The user with the privileges to set the object-level auditing settings for the file or folder (no cross-domain support).	No

Parameter

Input variable

Mandatory

-mode

The name of the CSV file containing the list of shared folders.

Yes

-file

Add: Sets the object-level auditing settings.
(or)
Remove: Removes the object-level auditing settings.

Yes

-recurse

True: Replace all subfolder object-level auditing settings with inheritable auditing settings applied to the chosen folder.
(or)
False: Apply object-level auditing settings only to the chosen folder.
Note: By default, the -recurse parameter is set to false.

-username

DOMAIN_NAME\username: The user with the privileges to set the object-level auditing settings for the file or folder
(no cross-domain support).

For example

To set object-level auditing for the list of folders in a CSV file named folders.CSV, use:
.\ADAP-Set-SACL.ps1 -file '.\folders.CSV' -mode add

To replace all subfolder object-level auditing settings with inheritable auditing settings applied to a CSV file named folders.CSV, use:
.\ADAP-Set-SACL.ps1 -file '.\folders.CSV' -mode add -recurse true

To remove object-level auditing for the list of folders in a CSV file named folders.CSV, use:
.\ADAP-Set-SACL.ps1 -file '.\folders.CSV' -mode remove

Don't see what you're looking for?

Visit our community

Post your questions in the forum.
Request additional resources

Send us your requirements.
Need implementation assistance?

Try onboarding

Help Document

Configuring object level auditing - Using PowerShell cmdlets

Using PowerShell cmdlets

Don't see what you're looking for?

Visit our community

Request additional resources

Need implementation assistance?

On this page