Export (0) Print
Expand All
0 out of 1 rated this helpful - Rate this topic

FileSystemAuditRule Class

Note: This class is new in the .NET Framework version 2.0.

Represents an abstraction of an access control entry (ACE) that defines an audit rule for a file or directory. This class cannot be inherited.

Namespace: System.Security.AccessControl
Assembly: mscorlib (in mscorlib.dll)

public sealed class FileSystemAuditRule : AuditRule
public final class FileSystemAuditRule extends AuditRule
public final class FileSystemAuditRule extends AuditRule

The FileSystemAuditRule class represents an abstraction of an underlying access control entry (ACE) that specifies a user account, the type of access to provide (read, write, and so on), and whether to perform auditing. This class can also specify how audit rules are inherited from and propagated to objects.

To permit file and directory auditing on Microsoft Windows NT or later, you must enable Audit Access Security policy on your machine. By default, this policy is set to No Auditing.

To enable the Audit AccessSecurity policy, perform the following steps:

  1. Open the Local Security Settings Microsoft Management Console (MMC) snap-in, located in the Administrative Tools folder.

  2. Expand the Local Policies folder and left-click the Audit Policy folder.

  3. Double-click the Audit object access entry on the right pane of the MMC snap-in, or right-click and select the properties option to display the Audit object access Properties dialog.

  4. Select the Success or Failure boxes to log successes or failures.

Note that an audit rule for a user account requires a corresponding access rule for the same user account.

Use the FileSystemAuditRule class to create a new audit rule. You can persist this rule using the FileSecurity or DirectorySecurity class.

The following code example uses the FileSystemAuditRule class to add and then remove an audit rule from a file. You must supply a valid user or group account to run this example.

using System;
using System.IO;
using System.Security.AccessControl;

namespace FileSystemExample
{
    class FileExample
    {
        public static void Main()
        {
            try
            {
                string FileName = "test.xml";

                Console.WriteLine("Adding access control entry for " + FileName);

                // Add the access control entry to the file.
                AddFileAuditRule(FileName, @"MYDOMAIN\MyAccount", FileSystemRights.ReadData, AuditFlags.Failure);

                Console.WriteLine("Removing access control entry from " + FileName);

                // Remove the access control entry from the file.
                RemoveFileAuditRule(FileName, @"MYDOMAIN\MyAccount", FileSystemRights.ReadData, AuditFlags.Failure);

                Console.WriteLine("Done.");
            }
            catch (Exception e)
            {
                Console.WriteLine(e);
            }

            Console.ReadLine();
        }

        // Adds an ACL entry on the specified file for the specified account.
        public static void AddFileAuditRule(string FileName, string Account, FileSystemRights Rights, AuditFlags AuditRule)
        {


            // Get a FileSecurity object that represents the 
            // current security settings.
            FileSecurity fSecurity = File.GetAccessControl(FileName);

            // Add the FileSystemAuditRule to the security settings. 
            fSecurity.AddAuditRule(new FileSystemAuditRule(Account,
                                                            Rights,
                                                            AuditRule));

            // Set the new access settings.
            File.SetAccessControl(FileName, fSecurity);

        }

        // Removes an ACL entry on the specified file for the specified account.
        public static void RemoveFileAuditRule(string FileName, string Account, FileSystemRights Rights, AuditFlags AuditRule)
        {

            // Get a FileSecurity object that represents the 
            // current security settings.
            FileSecurity fSecurity = File.GetAccessControl(FileName);

            // Add the FileSystemAuditRule to the security settings. 
            fSecurity.RemoveAuditRule(new FileSystemAuditRule(Account,
                                                            Rights,
                                                            AuditRule));

            // Set the new access settings.
            File.SetAccessControl(FileName, fSecurity);

        }
    }
}

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see System Requirements.

.NET Framework

Supported in: 2.0
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.