SID in a Powershell function

Question

I have a PowerShell function that will enable auditing on the Perflogs folder. The function works just fine on a Windows PC with an English installation language. But when I use it on a Danish version it fails because "Everyone" doesnt exit on a Danish installation. On a Danish installation "Everyone" is called "Alle"

So instead of using everyone, then I would like to use the SID "S-1-1-0"

S-1-1-0 = Everyone/World link

But for some reason this also does not work. Does anyone have a clue about this and why I can’t do this?

function AddAuditToFile {
param
(
    [Parameter(Mandatory=$true)]
    [string]$path
)

Get-Acl $path -Audit | Format-List Path,AuditToString | Out-File -FilePath 'file_before.txt' -Width 200 -Append
$File_ACL = Get-Acl $path
$AccessRule = New-Object System.Security.AccessControl.FileSystemAuditRule("S-1-1-0","CreateFiles,Modify,AppendData”,"none","none",”Success")
$File_ACL.AddAuditRule($AccessRule)
$File_ACL | Set-Acl $path
Get-Acl $path -Audit | Format-List Path,AuditToString | Out-File -FilePath 'file_after.txt' -Width 200 -Append}

I call the function like this:

AddAuditToFile "C:\Perflogs"

Answer 1

Gungnir from Spiceworks found the solution.

I had to translate the SID and make a variable and then use the variable

$AccountSID = New-Object -TypeName System.Security.Principal.SecurityIdentifier -ArgumentList 'S-1-1-0'

$AccountName = $AccountSID.Translate([System.Security.Principal.NTAccount]).Value

$AccessRule = New-Object System.Security.AccessControl.FileSystemAuditRule -ArgumentList ($AccountName,'CreateFiles,Modify,AppendData','none','none','Success')

Answer 2

Use the SecurityIdentifier class to translate the SID:

$everyoneSid= New-Object System.Security.Principal.SecurityIdentifier "S-1-1-0"
$everyoneSidName= $everyoneSid.Translate([System.Security.Principal.NTAccount])
$everyoneSidName.Value

This will output the actual everyone group name depending on the actual machine.