Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All
Expand Minimize

ObjectOpenAuditAlarm function

The ObjectOpenAuditAlarm function generates audit messages when a client application attempts to gain access to an object or to create a new one. Alarms are not currently supported.

Syntax


BOOL WINAPI ObjectOpenAuditAlarm(
  _In_     LPCTSTR              SubsystemName,
  _In_     LPVOID               HandleId,
  _In_     LPTSTR               ObjectTypeName,
  _In_opt_ LPTSTR               ObjectName,
  _In_     PSECURITY_DESCRIPTOR pSecurityDescriptor,
  _In_     HANDLE               ClientToken,
  _In_     DWORD                DesiredAccess,
  _In_     DWORD                GrantedAccess,
  _In_opt_ PPRIVILEGE_SET       Privileges,
  _In_     BOOL                 ObjectCreation,
  _In_     BOOL                 AccessGranted,
  _Out_    LPBOOL               GenerateOnClose
);

Parameters

SubsystemName [in]

A pointer to a null-terminated string specifying the name of the subsystem calling the function. This string appears in any audit message that the function generates.

HandleId [in]

A pointer to a unique value representing the client's handle to the object. If the access is denied, this parameter is ignored.

For cross-platform compatibility, the value addressed by this pointer must be sizeof(LPVOID) bytes long.

ObjectTypeName [in]

A pointer to a null-terminated string specifying the type of object to which the client is requesting access. This string appears in any audit message that the function generates.

ObjectName [in, optional]

A pointer to a null-terminated string specifying the name of the object to which the client is requesting access. This string appears in any audit message that the function generates.

pSecurityDescriptor [in]

A pointer to the SECURITY_DESCRIPTOR structure for the object being accessed.

ClientToken [in]

Identifies an access token representing the client requesting the operation. This handle must be obtained by opening the token of a thread impersonating the client. The token must be open for TOKEN_QUERY access.

DesiredAccess [in]

Specifies the desired access mask. This mask must have been previously mapped by the MapGenericMask function to contain no generic access rights.

GrantedAccess [in]

Specifies an access mask indicating which access rights are granted. This access mask is intended to be the same value set by one of the access-checking functions in its GrantedAccess parameter. Examples of access-checking functions include AccessCheckAndAuditAlarm and AccessCheck.

Privileges [in, optional]

A pointer to a PRIVILEGE_SET structure that specifies the set of privileges required for the access attempt. This parameter can be NULL.

ObjectCreation [in]

Specifies a flag that determines whether the application creates a new object when access is granted. When this value is TRUE, the application creates a new object; when it is FALSE, the application opens an existing object.

AccessGranted [in]

Specifies a flag indicating whether access was granted or denied in a previous call to an access-checking function, such as AccessCheck. If access was granted, this value is TRUE. If not, it is FALSE.

GenerateOnClose [out]

A pointer to a flag set by the audit-generation routine when the function returns. This value must be passed to the ObjectCloseAuditAlarm function when the object handle is closed.

Return value

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

The ObjectOpenAuditAlarm function requires the calling application to have the SE_AUDIT_NAME privilege enabled. The test for this privilege is always performed against the primary token of the calling process, not the impersonation token of the thread. This allows the calling process to impersonate a client during the call.

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

Header

Winbase.h (include Windows.h)

Library

Advapi32.lib

DLL

Advapi32.dll

Unicode and ANSI names

ObjectOpenAuditAlarmW (Unicode) and ObjectOpenAuditAlarmA (ANSI)

See also

Client/Server Access Control
Client/Server Access Control Functions
AccessCheck
AccessCheckAndAuditAlarm
AreAllAccessesGranted
AreAnyAccessesGranted
MapGenericMask
ObjectCloseAuditAlarm
ObjectDeleteAuditAlarm
ObjectPrivilegeAuditAlarm
PRIVILEGE_SET
PrivilegeCheck
PrivilegedServiceAuditAlarm
SECURITY_DESCRIPTOR

 

 

Community Additions

ADD
Show:
© 2015 Microsoft