vinyar · August 14, 2014 21:30
diff --git a/HKLM auditpolicy.ps1 b/HKLM auditpolicy.ps1
    # $sddl = 'O:BAG:SYD:PAI(A;CI;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KA;;;BA)(A;CI;KR;;;BU)(A;CI;KR;;;AC)S:AI(AU;CISA;KA;;;WD)'  # alternative just in case

    $acl  = get-acl HKLM:\\SOFTWARE -audit
    $audit = "Everyone","FullControl","containerinherit","none","Fail"
    $rule = new-object system.security.accesscontrol.registryauditrule $audit
    $acl.SetAuditRule($rule)

    # $acl.SetSecurityDescriptorSddlForm($sddl)    # alternative just in case
    
    set-acl -Path HKLM:\\SOFTWARE -AclObject $acl
	# $sddl = 'O:BAG:SYD:PAI(A;CI;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KA;;;BA)(A;CI;KR;;;BU)(A;CI;KR;;;AC)S:AI(AU;CISA;KA;;;WD)' # alternative just in case

	$acl = get-acl HKLM:\\SOFTWARE -audit
	$audit = "Everyone","FullControl","containerinherit","none","Fail"
	$rule = new-object system.security.accesscontrol.registryauditrule $audit
	$acl.SetAuditRule($rule)

	# $acl.SetSecurityDescriptorSddlForm($sddl) # alternative just in case

	set-acl -Path HKLM:\\SOFTWARE -AclObject $acl