{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 孤傲高冷的网名 的问题《how to get audit rule in acl object with getauditr》','https://www.manongdao.com/q-966513.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am trying to apply audit rules with this code
function add-acl($Right,$Access)
{
$audit = "mydomain\myaccount","$Right","containerinherit","none","$Access"
$r = new-object system.security.accesscontrol.registryauditrule $audit
$acl.addauditrule($r)
}
$acl = get-acl hklm:\software\_test
add-acl "CreateSubKey" "Success"
add-acl "Delete" "Success"
add-acl "Delete" "Failure"
$acl | set-acl
but this code writes audit rules without taking account of earlier rules. So I wanted to retrieve audit rules before applying the code. To do so, I used the method getauditrules() :
$acl.getauditrules($true,$true,??)
In ?? position, I tried NTaccount object and windowsSecurity. It doesn't return an error and in fact does not return something at all. This is really disapointing because while using windows interface, I can see that an audit rule is applied. I don't understand what type of object is expecting the getauditrules() method. Can someone help me ?
Try adding the
-auditparamenter toget-aclcmdlet ( this retrieveSACL,System Access Control List).the you can use:
or
based on your goal.