RegistrySecurity.AuditRuleFactory Method

Reference

Definition

Namespace:: System.Security.AccessControl

Assembly:: Microsoft.Win32.Registry.dll

Assembly:: Microsoft.Win32.Registry.AccessControl.dll

Assembly:: mscorlib.dll

Package:: Microsoft.Win32.Registry v5.0.0

Source:: RegistrySecurity.cs

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Creates a new audit rule, specifying the user the rule applies to, the access rights to audit, the inheritance and propagation of the rule, and the outcome that triggers the rule.

public:
 override System::Security::AccessControl::AuditRule ^ AuditRuleFactory(System::Security::Principal::IdentityReference ^ identityReference, int accessMask, bool isInherited, System::Security::AccessControl::InheritanceFlags inheritanceFlags, System::Security::AccessControl::PropagationFlags propagationFlags, System::Security::AccessControl::AuditFlags flags);

public override System.Security.AccessControl.AuditRule AuditRuleFactory (System.Security.Principal.IdentityReference identityReference, int accessMask, bool isInherited, System.Security.AccessControl.InheritanceFlags inheritanceFlags, System.Security.AccessControl.PropagationFlags propagationFlags, System.Security.AccessControl.AuditFlags flags);

override this.AuditRuleFactory : System.Security.Principal.IdentityReference * int * bool * System.Security.AccessControl.InheritanceFlags * System.Security.AccessControl.PropagationFlags * System.Security.AccessControl.AuditFlags -> System.Security.AccessControl.AuditRule

Public Overrides Function AuditRuleFactory (identityReference As IdentityReference, accessMask As Integer, isInherited As Boolean, inheritanceFlags As InheritanceFlags, propagationFlags As PropagationFlags, flags As AuditFlags) As AuditRule

Parameters

identityReference: IdentityReference

An IdentityReference that identifies the user or group the rule applies to.

accessMask: Int32

A bitwise combination of RegistryRights values specifying the access rights to audit, cast to an integer.

isInherited: Boolean

A Boolean value specifying whether the rule is inherited.

inheritanceFlags: InheritanceFlags

A bitwise combination of InheritanceFlags values specifying how the rule is inherited by subkeys.

propagationFlags: PropagationFlags

A bitwise combination of PropagationFlags values that modify the way the rule is inherited by subkeys. Meaningless if the value of inheritanceFlags is None.

flags: AuditFlags

A bitwise combination of AuditFlags values specifying whether to audit successful access, failed access, or both.

Returns

AuditRule

A RegistryAuditRule object representing the specified audit rule for the specified user, with the specified flags. The return type of the method is the base class, AuditRule, but the return value can be cast safely to the derived class.

Exceptions

ArgumentOutOfRangeException

accessMask, inheritanceFlags, propagationFlags, or flags specifies an invalid value.

ArgumentNullException

identityReference is null.

-or-

accessMask is zero.

ArgumentException

identityReference is neither of type SecurityIdentifier, nor of a type such as NTAccount that can be converted to type SecurityIdentifier.

Remarks

The recommended way to create audit rules is to use the constructors of the RegistryAuditRule class.

Note

Although you can specify the InheritanceFlags.ObjectInherit flag, there is no point in doing so. For the purposes of audit control, the name/value pairs in a subkey are not separate objects. The audit rights to name/value pairs are controlled by the rights of the subkey. Furthermore, since all subkeys are containers (that is, they can contain other subkeys), they are not affected by the ObjectInherit flag. Finally, specifying the ObjectInherit flag needlessly complicates the maintenance of rules, because it interferes with the normal combination of compatible rules.

Applies to