How can I set audit controls on files owned by TrustedInstaller using Powershell?

Question

I am trying to set audit controls on a number of files (listed in ACLsWin.txt) located in \%Windows%\System32 (for example, aaclient.dll) using the following Powershell script:

$FileList = Get-Content ".\ACLsWin.txt"
$ACL = New-Object System.Security.AccessControl.FileSecurity

$AccessRule = New-Object System.Security.AccessControl.FileSystemAuditRule("Everyone", "Delete", "Failure")
$ACL.AddAuditRule($AccessRule)
foreach($File in $FileList)
{
    Write-Host "Changing audit on $File"
    $ACL | Set-Acl $File
}

Whenever I run the script, I get the error PermissionDenied [Set-Acl] UnauthorizedAccessException.

This seems to come from the fact that the owner of these files is TrustedInstaller. I am running these scripts as Administrator (even though I'm on the the built-in Administrator account) and it's still failing. I can set these audit controls by hand using the Security tab, but there are at least 200 files for which doing by hand may lead to human errors.

How can I get around TrustedInstaller and set these audit controls using Powershell?

Answer 1

From the Administrative command-line(run as administrator):

takeown /f "filename" /A

Will give ownership of the file to the Administrators group and allow you to execute your script.

You also might need to use the icacls command to add or modify the permissions for the Administrators group after you give it ownership of the file.