How can I set auditing for a folder in Windows programatically?

I need to set auditing on a folder for everyone, failure, full.

The code below seemed promising, but fails returing the code "1314."

How can I set the SACL via script?  I am not married to the attached code, but it demonstrates a flow that one might expect to work.

I have found various ways to write the DACL, but none seem to convert directly to SACL.

Thanks.

Set wmiFileSecSetting = GetObject("winmgmts:Win32_LogicalFileSecuritySetting.path='c:\\test'")
'Obtain existing security descriptor for folder
RetVal = wmiFileSecSetting.GetSecurityDescriptor(wmiSecDes)
If Err <> 0 Then
    WScript.Echo "GetSecurityDescriptor failed" _
    & VBCRLF & Err.Number & VBCRLF & Err.Description
    WScript.Quit
Else
    WScript.Echo "GetSecurityDescriptor succeeded"
End If

varSACL = wmiSecDes.SACL

Set objwmi = getobject("winmgmts:\\.\root\cimv2")
Set objaceclass = objwmi.get("win32_ace")
Set objace = objaceclass.spawninstance_()
Set objtrusteeclass = objwmi.Get("Win32_Trustee")
Set objtrustee1 = objtrusteeclass.spawninstance_()
objtrustee1.name = "Everyone"
objtrustee1.sidstring = "S-1-1-0"
objace.accessmask = 983551
objace.acetype = 2
objace.aceflags = 128
objace.Trustee = objtrustee1
wmiSecDes.sacl = objace
If wmifilesecsetting.setsecuritydescriptor(wmisecdes) = 0 Then
Wscript.echo "pass"
else
Wscript.echo "Fail " & wmifilesecsetting.setsecuritydescriptor(wmisecdes)
End If

Open in new window

jrslimAsked:
Who is Participating?
 
jrslimAuthor Commented:
I got it.

Started with the code refereenced by grave.

Added impersonate to the GetObject statements which enabled the seSecurityPrivilege and allowed modification of the SACL.

Partial credit to grave for directing me back to almost correct code.

' Connect to WMI and get the file security 
' object for the test directory 
Set wmiFileSecSetting = GetObject ( _ 
"winmgmts:{impersonationLevel=impersonate,(Security)}!Win32_LogicalFileSecuritySetting." & _ 
"path='c:\\test'") 


' Obtain existing security descriptor for folder 
RetVal = wmiFileSecSetting.GetSecurityDescriptor(wmiSecurityDescriptor) 
If Err <> 0 Then 
WScript.Echo "GetSecurityDescriptor failed" & _ 
VBCRLF & Err.Number & VBCRLF & Err.Description 
WScript.Quit 
End If 


dim oACE, oTrustee 
set oACE=GetObject("winmgmts:{impersonationLevel=impersonate,(Security)}!Win32_ACE") 
set oTrustee=GetObject("winmgmts:{impersonationLevel=impersonate,(Security)}!Win32_Trustee") 

'Set Trustee Attributes 
oTrustee.Name="Everyone" 

' Set ACE Attributes 
oAce.Trustee=oTrustee 
oACE.AccessMask=983551 
oACE.AceType=2 
oACE.AceFlags=128 

'Add ACE to Security Descriptor 
if isarray(wmiSecurityDescriptor.SACL) then 
	wmiSecurityDescriptor.SACL(UBound(wmiSecurityDescriptor.SACL)+1)=oAce 
else 
	wmiSecurityDescriptor.SACL=Array(oAce) 
end if 

'Print out Aces for test 
for each wmiAce in wmiSecurityDescriptor.SACL 
Set Trustee = wmiAce.Trustee 
wscript.echo "Trustee Domain: " & Trustee.Domain 
wscript.echo "Trustee Name: " & Trustee.Name 
wscript.echo "Trustee SIDString " & Trustee.SIDString 
wscript.echo "Access Type " & wmiAce.AceType 
wscript.echo "Access Flags " & wmiAce.AceFlags 
wscript.echo "Access Mask: " & wmiAce.AccessMask 
next 



' Call the Win32_LogicalFileSecuritySetting. 
' SetSecurityDescriptor method 
' to write the new security descriptor. 
RetVal = wmiFileSecSetting. _ 
SetSecurityDescriptor(wmiSecurityDescriptor) 

Wscript.Echo "ReturnValue is: " & RetVal

Open in new window

0
 
grayeCommented:
Take a look at this example...   It differs from yours only in the fact that it treats the SACL as an array

http://www.tech-archive.net/Archive/Windows/microsoft.public.windows.file_system/2005-05/msg00139.html
0
 
jrslimAuthor Commented:
Thanks Grave, but that method fails as well.
0
 
jrslimAuthor Commented:
Discovered my own solution.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.