Configure SACL using PowerShell | FIM guide

Related Products
AD360

Integrated Identity & Access Management
Download | Demo
Log360

Comprehensive SIEM and UEBA
Download | Demo
ADManager Plus

Active Directory Management & Reporting
Download | Demo
ADSelfService Plus

Self-Service Password Management
Download | Demo
EventLog Analyzer

Real-time Log Analysis & Reporting
Download | Demo
Exchange Reporter Plus

Exchange Server Auditing & Reporting
Download | Demo

Configuring object level auditing - Using PowerShell cmdlets

To audit file and folder access, object-level auditing must be enabled. This can be achieved in three ways:

Using Windows shares

Using PowerShell cmdlets

Using Global Object Access Auditing

Using PowerShell cmdlets

Create a CSV file that lists the Universal Naming Convention (UNC) paths or local paths of all files and folders for which you want to enable File Server Auditing (FIM).

The CSV file should list the files/folders in the following format: <file/folder>,FIM

Example:

E:\test folder,FIM

\\SERVERNAME\c$\folder,FIM

E:\test file.txt,FIM

Once you have the CSV file ready with all the required paths, open PowerShell and navigate to the <Installation Directory>\bin folder.

Type in:

.\ADAP-Set-SACL.ps1 -file '.\file name' -mode add (or) remove -recurse true (or) false -username DOMAIN_NAME\username

Where:

Parameter	Input variable	Mandatory
-mode	The name of the CSV file containing the list of shared folders.	Yes
-file	Add: Sets the object-level auditing settings. (or) Remove: Removes the object-level auditing settings.	Yes
-recurse	True: Replace all subfolder object-level auditing settings with inheritable auditing settings applied to the chosen folder. (or) False: Apply object-level auditing settings only to the chosen folder. Note: By default, the -recurse parameter is set to false.	No
-username	DOMAIN_NAME\username: The user with the privileges to set the object-level auditing settings for the file or folder (no cross-domain support).	No

Parameter

Input variable

Mandatory

-mode

The name of the CSV file containing the list of shared folders.

Yes

-file

Add: Sets the object-level auditing settings.
(or)
Remove: Removes the object-level auditing settings.

Yes

-recurse

True: Replace all subfolder object-level auditing settings with inheritable auditing settings applied to the chosen folder.
(or)
False: Apply object-level auditing settings only to the chosen folder.
Note: By default, the -recurse parameter is set to false.

-username

DOMAIN_NAME\username: The user with the privileges to set the object-level auditing settings for the file or folder
(no cross-domain support).

Note: When removing object-level auditing for a set of files or folders, the <type> parameter 'FIM' is not mandatory.

For example

To set object-level auditing for the list of folders in a CSV file named folders.CSV, use:
.\ADAP-Set-SACL.ps1 -file '.\folders.CSV' -mode add

To replace all subfolder object-level auditing settings with inheritable auditing settings applied to a CSV file named folders.CSV, use:
.\ADAP-Set-SACL.ps1 -file '.\folders.CSV' -mode add -recurse true

To remove object-level auditing for the list of folders in a CSV file named folders.CSV, use:
.\ADAP-Set-SACL.ps1 -file '.\folders.CSV' -mode remove

Don't see what you're looking for?

Visit our community

Post your questions in the forum.
Request additional resources

Send us your requirements.
Need implementation assistance?

Try OnboardPro

Configuring object level auditing - Using PowerShell cmdlets

Using PowerShell cmdlets

Don't see what you're looking for?

Visit our community

Request additional resources

Need implementation assistance?

On this page