C2 Auditing default trace file permissions

  • I am working on a Powershell script to archive C2 Audit trace files to a file share. It zips them using the .Net compression features, then deletes them from the local server.

    A problem I've run into is the permissions of the trace files. By default, they appear to give Full Control to MSSQLSERVER, OWNER RIGHTS, and Administrators. "Inherited from" is None for all three principals. Since Agent Jobs are run by SQLSERVERAGENT, I added NT Service\SQLSERVERAGENT as a principal to the parent DATA directory, with Full Control on "This folder and files". It changes the permissions on existing, closed files, but open and newly created ones still have the default permissions.

    None of the manuals I've read cover the default permissions of the trace files. There is very little configuration at all, it seems, for C2 Auditing. Can't change the directory or max file size. Maybe I'll have to change the file security in the script as well.

    If it matters, I'm running SQL Server 2012, which means I'm running PowerShell v2.0 when I run scripts from Agent Jobs. I'm able to use the .Net 4.5 commands using a trick I found of running Invoke-Command with a temporary configuration. (Can't wait to start using SQL Server 2014 here.) The OS is Windows Server 2012 R2.

    I appreciate any advice offered on how to fully automate this process.

    Indy Mike 😀

  • I'm having the a similar problem. Administrators have full control, I am in the admin group, but when i try to open a file I get access is denied?!?

    David92595

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply