Modify, copy and paste the following with appropraite permissions to enable SACL object access on the ScreenConnect directories or App_Extensions directory.
# PowerShell script to enable auditing for event ID 4663 for all write operations to a specified path
# Define the path
$folderPath = "C:\Program Files (x86)\ScreenConnect\App_Extensions"
# Step 1: Enable Audit Policy
# Enable Object Access Audit
AuditPol.exe /set /subcategory:"File System" /success:enable /failure:enable
# Step 2: Configure SACL for the specified folder
# Check if the folder exists
if (Test-Path $folderPath) {
# Get the current ACL of the folder
$acl = Get-Acl $folderPath
# Define a new audit rule: Everyone, Write, Success and Failure
$auditRule = New-Object System.Security.AccessControl.FileSystemAuditRule("Everyone", "Write", "None", "None", "Success,Failure")
# Add the audit rule to the ACL
$acl.AddAuditRule($auditRule)
# Set the ACL back to the folder
Set-Acl -Path $folderPath -AclObject $acl
Write-Host "Audit policy and SACL configured successfully for path: $folderPath"
} else {
Write-Host "The specified folder does not exist: $folderPath"
}