Add-NTFSAudit

Apr 20, 2016 at 2:56 PM
Found via technet, has this feature been removed? Am looking to apply auditing to a number of folders but am unable to run after successfully importing NTFSSecurity module.

Many thanks
Coordinator
Apr 20, 2016 at 9:51 PM
No, it has not been removed. Is the cmdlet no longer visible when running
Get-Command -Module NTFSSecurity
Apr 21, 2016 at 6:56 AM
Thanks for following up, appears not. Get-Command returns:

Image
Coordinator
Apr 21, 2016 at 9:03 AM
Which version of the module do you use. Looks like you have downloaded the old 1.3 version. I am keeping this only for demonstration purposes. I am pretty sure the list of cmdlets will be different when using 4.2.1.
Marked as answer by raandree on 4/21/2016 at 7:49 AM
Apr 21, 2016 at 9:14 AM
Thanks for clarifying, had indeed grabbed 1.3 in haste! Much appreciated and thanks for your work!
Apr 21, 2016 at 3:06 PM
Hoping I haven't overlooked something else here?: Add-NTFSAudit

The parameter 'AuditFlags' cannot be specified because it conflicts with the parameter alias of the same name for parameter 'AuditFlags'.
Coordinator
Apr 21, 2016 at 3:20 PM
Right, even the help does not work for this cmdlet. I am working on it and should have a solution very soon.
Coordinator
Apr 21, 2016 at 3:31 PM
Can you download this fixed version at https://dl.dropboxusercontent.com/u/10137606/NTFSSecurity.zip and try it? It has the version number 4.2.2 and contains also some other fixes. Thanks in advance!
Marked as answer by kamao on 4/22/2016 at 12:20 AM
Apr 22, 2016 at 7:20 AM
This looks good, Get-Help Add-NTFSAudit returns info. Will try and test today and let you know. Thanks for sorting so quickly!
Apr 25, 2016 at 2:42 PM
Just to update that 4.2.2 solved that issue. Quick query, would the following switches have the same effect?

-InheritanceFlags ContainerInherit, ObjectInherit

-AppliesTo ThisFolderSubfoldersAndFiles

I am trying to apply auditing to a drive and replicate the 'Replace all child object auditing entries with inheritable auditing entries from this object' with the correct switch(es).