Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All
Expand Minimize

AuditComputeEffectivePolicyByToken function

The AuditComputeEffectivePolicyByToken function computes the effective audit policy for one or more subcategories for the security principal associated with the specified token. The function computes effective audit policy by combining system audit policy with per-user policy.

Syntax


BOOLEAN WINAPI AuditComputeEffectivePolicyByToken(
  _In_        HANDLE                    hTokenHandle,
  _In_  const GUID                      *pSubCategoryGuids,
  _In_        ULONG                     PolicyCount,
  _Out_       PAUDIT_POLICY_INFORMATION *ppAuditPolicy
);

Parameters

hTokenHandle [in]

A handle to the access token associated with the principal for which to compute effective audit policy. The token must have been opened with TOKEN_QUERY access. Per-user policy for group SIDs is not currently supported.

pSubCategoryGuids [in]

A pointer to an array of GUID values that specify the subcategories for which to compute effective audit policy. For a list of defined subcategories, see Auditing Constants.

PolicyCount [in]

The number of elements in each of the pSubCategoryGuids and ppAuditPolicy arrays.

ppAuditPolicy [out]

A pointer to a single buffer that contains both an array of pointers to AUDIT_POLICY_INFORMATION structures and the structures themselves. The AUDIT_POLICY_INFORMATION structures specify the effective audit policy for the subcategories specified by the pSubCategoryGuids array.

When you have finished using this buffer, free it by calling the AuditFree function.

Return value

If the function succeeds, it returns TRUE.

If the function fails, it returns FALSE. To get extended error information, call GetLastError. GetLastError may return one of the following error codes defined in WinError.h.

Return code/valueDescription
ERROR_ACCESS_DENIED
5

The caller does not have the privilege or access rights necessary to call this function.

ERROR_INVALID_PARAMETER
87

One or more parameters are invalid.

ERROR_FILE_NOT_FOUND
2 (0x2)

No per-user audit policy exists for the principal specified by the pSid parameter.

 

Remarks

To successfully call this function, the caller must have SeSecurityPrivilege or have both AUDIT_QUERY_SYSTEM_POLICY and AUDIT_QUERY_USER_POLICY access on the Audit security object.

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Header

Ntsecapi.h

Library

Advapi32.lib

DLL

Advapi32.dll

 

 

Community Additions

ADD
Show:
© 2015 Microsoft