please dont rip this site Prev Next

ObjectOpenAuditAlarm info  Overview  Group

The ObjectOpenAuditAlarm function generates audit messages when a client application attempts to gain access to an object or to create a new one. Alarms are not supported in the current version of Windows NT.

BOOL ObjectOpenAuditAlarm(

    LPCTSTR SubsystemName,

// address of string for subsystem name

    LPVOID HandleId,

// address of handle identifier

    LPTSTR ObjectTypeName,

// address of string for object type

    LPTSTR ObjectName,

// address of string for object name

    PSECURITY_DESCRIPTOR pSecurityDescriptor,

// address of security descriptor

    HANDLE ClientToken,

// handle of client’s access token

    DWORD DesiredAccess,

// mask for desired access rights

    DWORD GrantedAccess,

// mask for granted access rights

    PPRIVILEGE_SET Privileges,

// address of privileges

    BOOL ObjectCreation,

// flag for object creation

    BOOL AccessGranted,

// flag for results

    LPBOOL GenerateOnClose 

// address of flag for audit generation

   );

Parameters

SubsystemName
Points to a null-terminated string specifying the subsystem calling this function, for example, “DEBUG” or “WIN32”.
HandleId
Points to a unique 32-bit value representing the client’s handle of the object. If the access is denied, this parameter is ignored.
ObjectTypeName
Points to a null-terminated string specifying the type of object to which the client is requesting access. This string appears in the audit log for the object.
ObjectName
Points to a null-terminated string specifying the name of the object to which the client gained access or attempted to gain access. This string appears in the audit log for the object.
pSecurityDescriptor
Points to the SECURITY_DESCRIPTOR structure for the object being accessed.
ClientToken
Identifies an access token representing the client requesting the operation. This handle must be obtained by opening the token of a thread impersonating the client. The token must be open for TOKEN_QUERY access.
DesiredAccess
Specifies the desired access mask. This mask must have been previously mapped by the MapGenericMask function to contain no generic access rights.
GrantedAccess
Specifies an access mask indicating which access rights are granted. This access mask is intended to be the same value set by one of the access-checking functions in its GrantedAccess parameter. Examples of access-checking functions include AccessCheckAndAuditAlarm and AccessCheck.
Privileges
Points to a PRIVILEGE_SET structure that specifies the set of privileges required for the access attempt. This parameter can be NULL.
ObjectCreation
Specifies a flag that determines whether the application creates a new object when access is granted. When this flag is TRUE, the application creates a new object; when it is FALSE, the application opens an existing object.
AccessGranted
Specifies a flag indicating whether access was granted or denied in a previous call to an access-checking function, such as AccessCheck. If access was granted, this flag is TRUE. If not, it is FALSE.
GenerateOnClose
Points to a flag set by the audit-generation routine when the function returns. This flag must be passed to the ObjectCloseAuditAlarm function when the object handle is closed.

Return Values

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

The ObjectOpenAuditAlarm function requires the calling application to have the SE_AUDIT_NAME privilege. The test for this privilege is always performed against the primary token of the calling process, not the impersonation token of the thread. This allows the calling process to impersonate a client during the call.

See Also

AccessCheck, AccessCheckAndAuditAlarm, AreAllAccessesGranted, AreAnyAccessesGranted, MapGenericMask, ObjectCloseAuditAlarm, ObjectDeleteAuditAlarm, ObjectPrivilegeAuditAlarm, PrivilegeCheck, PrivilegedServiceAuditAlarm, PRIVILEGE_SET, SECURITY_DESCRIPTOR


file: /Techref/os/win/api/win32/func/src/f65_2.htm, 7KB, , updated: 2002/1/7 01:38, local time: 2024/11/26 06:47,
TOP NEW HELP FIND: 
13.59.198.150:LOG IN

 ©2024 These pages are served without commercial sponsorship. (No popup ads, etc...).Bandwidth abuse increases hosting cost forcing sponsorship or shutdown. This server aggressively defends against automated copying for any reason including offline viewing, duplication, etc... Please respect this requirement and DO NOT RIP THIS SITE. Questions?
Please DO link to this page! Digg it! / MAKE!

<A HREF="http://sxlist.com/Techref/os/win/api/win32/func/src/f65_2.htm"> ObjectOpenAuditAlarm</A>

After you find an appropriate page, you are invited to your to this massmind site! (posts will be visible only to you before review) Just type a nice message (short messages are blocked as spam) in the box and press the Post button. (HTML welcomed, but not the <A tag: Instead, use the link box to link to another page. A tutorial is available Members can login to post directly, become page editors, and be credited for their posts.


Link? Put it here: 
if you want a response, please enter your email address: 
Attn spammers: All posts are reviewed before being made visible to anyone other than the poster.
Did you find what you needed?

 

Welcome to sxlist.com!


Site supported by
sales, advertizing,
& kind contributors
just like you!

Please don't rip/copy
(here's why

Copies of the site on CD
are available at minimal cost.
 

Welcome to sxlist.com!

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

  .