I have some contracts at work that require folder and file auditing be enabled in C:\Windows and the subdirectories. I've been using Windowx XP, but now we're moving to Windows 7. Microsoft has (finally!) enabled good security by default, so I don't think I need to change permissions. I am having problems enabling auditing, though. If I enable auditing on C:\Windows using Windows Explorer, many of the subfolders and files don't get the setting because inheritance has been disabled. It's obviously impractical to change auditing using Explorer on hundreds (thousands?) of folders and files on a whole bunch of computers. I've been writing my network administration scripts in PowerShell lately, so that was an obvious choice for this project. However, when I run Set-Acl, I get the error Set-Acl : Attempted to perform an unauthorized operation. At E:\Security Templates\Set-FileAudit.ps1:134 char:19 + $ACL | Set-Acl <<<< $_.PSPath + CategoryInfo : PermissionDenied: (C:\Windows\en-US:String) [Set-Acl], UnauthorizedAccessException + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetAclCommand I quickly found out that my account (in the Administrators group) and even the Administrator account don't have permissions to change permissions on C:\Windows, or most of the critical subdirectories. I also tried "Run as administrator", but that doesn't work either. The script I wrote works fine in XP, so I know the logic is correct, it just doesn't work in Windows 7 because of permission issues. I am very reluctant to take ownership of the folders and files, although I suspect if I take ownership I'd then be able to set the audits I need. Since Microsoft has (finally!) enabled good security, I believe taking ownership would reduce the security, so this is an extremely poor option. On the folders I've checked, the owner is TrustedInstaller, and I'd like to leave it that way. So, how can I enable auditing on C:\Windows and it's subfolders and files, even the ones which have inheritance disabled? As I stated above, my PowerShell script works on XP, but not Windows 7.