AuditLogon function
The AuditLogon function is used to audit a logon attempt.
Syntax
VOID AuditLogon( _In_ NTSTATUS Status, _In_ NTSTATUS SubStatus, _In_ PUNICODE_STRING AccountName, _In_ PUNICODE_STRING AuthenticatingAuthority, _In_ PUNICODE_STRING WorkstationName, _In_opt_ PSID UserSid, _In_ SECURITY_LOGON_TYPE LogonType, _In_ PTOKEN_SOURCE TokenSource, _In_ PLUID LogonId );
Parameters
- Status [in]
-
Status of the logon attempt.
- SubStatus [in]
-
Additional status information for the logon attempt.
- AccountName [in]
-
Pointer to a UNICODE_STRING that contains the account name used in the logon attempt.
- AuthenticatingAuthority [in]
-
Pointer to a UNICODE_STRING that contains the name of the authority that authenticated the logon, normally the operating system domain name.
- WorkstationName [in]
-
Pointer to a UNICODE_STRING that contains the name of the workstation used to attempt the logon.
- UserSid [in, optional]
-
Pointer to the SID of the security principal attempting to logon.
- LogonType [in]
-
A SECURITY_LOGON_TYPE value indicating the type of logon.
- TokenSource [in]
-
Pointer to a TOKEN_SOURCE structure that specifies the source for the user token. This value must include the package name.
- LogonId [in]
-
Pointer to the logon session identifier. LogonId is valid only if the logon attempt was successful.
Return value
This function does not return a value.
Remarks
A pointer to the AuditLogon function is available in the LSA_SECPKG_FUNCTION_TABLE structure received by the SpInitialize function.
Requirements
|
Minimum supported client |
Windows XP [desktop apps only] |
|---|---|
|
Minimum supported server |
Windows Server 2003 [desktop apps only] |
|
Header |
|
See also