PrivilegedServiceAuditAlarm


static void PrivilegedServiceAuditAlarm(String^ Subsystem,
                                        String^ ServiceName,
                                        Handle Client,
                                        Handle Privileges,
                                        bool Granted)

This function generates an audit message in the security event log.

Parameters

String^ Subsystem

A pointer to a string naming the subsystem calling the function. This string appears in audit messages that are generated by this function.

String^ ServiceName

A pointer to a string naming the privileged subsystem service. This information appears in the security event log record.

Handle ClientHandle

The handle holding the access token of the client requesting the operation. This handle must be obtained by opening the token of a thread impersonating the client. The token must be open for access TokenAccess::Query. This token is used to obtain the identity of the client for the security event log record.

Handle PrivilegesService

A pointer to a set of privileges that the client attempted to use. These privileges are logged in the security audit log.

bool Granted

A flag indicating whether the attempt by the client to use the privileges was successful. If this flag is true, the audit message indicates success; otherwise, the audit message indicates failure.

Notes

This function does not check the access of the client to the object or check the access token of the client to determine whether the privileges are held or enabled. Usually, the application:

  1. calls the function CheckPrivileges to determine whether the specified privileges are enabled in the access token and
  2. calls this function to log the results.

This function requires the calling application to have the privilege Privilege::Audit enabled. The test for this privilege is performed for the primary token of the calling process, thereby allowing the calling process to impersonate a client.

Details

Name Space IPlusPlus::Control
Class Base
Assembly IPlusPlus.WinPlus.dll