Try adding the -audit
paramenter to get-acl
cmdlet ( this retrieve SACL
, System Access Control List
).
$acl = get-acl hklm:\software\_test -audit
the you can use:
$acl.getauditrules($true,$true, [System.Security.Principal.NTAccount] )
or
$acl.getauditrules($true,$true, [System.Security.Principal.SecurityIdentifier] )
based on your goal.