typedef struct _POLICY_AUDIT_EVENTS_INFO
{
BOOLEAN AuditingMode;
PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions;
ULONG MaximumAuditEventCount;
}
POLICY_AUDIT_EVENTS_INFO, *PPOLICY_AUDIT_EVENTS_INFO;
第二个变量EventAuditingOptions对应着结构POLICY_AUDIT_EVENT_TYPE
typedef enum _POLICY_AUDIT_EVENT_TYPE
{
AuditCategorySystem ;
AuditCategoryLogon ;
AuditCategoryObjectAccess ;
AuditCategoryPrivilegeUse ;
AuditCategoryDetailedTracking ;
AuditCategoryPolicyChange ;
AuditCategoryAccountManagement ;
AuditCategoryDirectoryService ;
AuditCategoryAccountLogon; } POLICY_AUDIT_EVENT_TYPE, *PPOLICY_AUDIT_EVENT_TYPE;对应的功能是组策略中本地策略 审核策略中的每一项,
我想用LsaQueryInformationPolicy查询审核策略中的每一项的值,
但EventAuditingOptions似乎并不与POLICY_AUDIT_EVENT_TYPE对应,
高手们,请问该如何查询出每一项的值呢?
{
BOOLEAN AuditingMode;
PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions;
ULONG MaximumAuditEventCount;
}
POLICY_AUDIT_EVENTS_INFO, *PPOLICY_AUDIT_EVENTS_INFO;
第二个变量EventAuditingOptions对应着结构POLICY_AUDIT_EVENT_TYPE
typedef enum _POLICY_AUDIT_EVENT_TYPE
{
AuditCategorySystem ;
AuditCategoryLogon ;
AuditCategoryObjectAccess ;
AuditCategoryPrivilegeUse ;
AuditCategoryDetailedTracking ;
AuditCategoryPolicyChange ;
AuditCategoryAccountManagement ;
AuditCategoryDirectoryService ;
AuditCategoryAccountLogon; } POLICY_AUDIT_EVENT_TYPE, *PPOLICY_AUDIT_EVENT_TYPE;对应的功能是组策略中本地策略 审核策略中的每一项,
我想用LsaQueryInformationPolicy查询审核策略中的每一项的值,
但EventAuditingOptions似乎并不与POLICY_AUDIT_EVENT_TYPE对应,
高手们,请问该如何查询出每一项的值呢?
Value Meaning POLICY_AUDIT_EVENT_UNCHANGED
For set operations, specify this value to leave the current options unchanged. This is the default. POLICY_AUDIT_EVENT_SUCCESS
Generate audit records for successful events of this type. POLICY_AUDIT_EVENT_FAILURE
Generate audit records for failed attempts to cause an event of this type to occur. POLICY_AUDIT_EVENT_NONE
Do not generate audit records for events of this type.