public bool SetAuditPol(Auditing audit)
{
//MiscFunc.Exec("auditpol.exe", "/set /subcategory:{0CCE9226-69AE-11D9-BED3-505054503030} /failure:enable /success:enable");
try
{
AuditPol.AUDIT_POLICY_INFORMATION pol = AuditPol.GetSystemPolicy("0CCE9226-69AE-11D9-BED3-505054503030");
switch (audit)
{
case Auditing.All: pol.AuditingInformation = AuditPol.AUDIT_POLICY_INFORMATION_TYPE.Success | AuditPol.AUDIT_POLICY_INFORMATION_TYPE.Failure; break;
case Auditing.Blocked: pol.AuditingInformation = AuditPol.AUDIT_POLICY_INFORMATION_TYPE.Failure; break;
case Auditing.Allowed: pol.AuditingInformation = AuditPol.AUDIT_POLICY_INFORMATION_TYPE.Success; break;
case Auditing.Off: pol.AuditingInformation = AuditPol.AUDIT_POLICY_INFORMATION_TYPE.None; break;
}
TokenManipulator.AddPrivilege(TokenManipulator.SE_SECURITY_NAME);
// Note: without SeSecurityPrivilege this fails silently
AuditPol.SetSystemPolicy(pol);
TokenManipulator.RemovePrivilege(TokenManipulator.SE_SECURITY_NAME);
}
catch (Exception err)
{
AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message);
return(false);
}
return(true);
}
public bool SetAuditPolicy(Auditing audit)
{
try
{
AuditPolicy.AUDIT_POLICY_INFORMATION pol = AuditPolicy.GetSystemPolicy(FirewallEventPolicyID);
switch (audit)
{
case Auditing.All: pol.AuditingInformation = AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Success | AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Failure; break;
case Auditing.Blocked: pol.AuditingInformation = AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Failure; break;
case Auditing.Allowed: pol.AuditingInformation = AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Success; break;
case Auditing.Off: pol.AuditingInformation = AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.None; break;
}
TokenManipulator.AddPrivilege(TokenManipulator.SE_SECURITY_NAME);
// Note: without SeSecurityPrivilege this fails silently
AuditPolicy.SetSystemPolicy(pol);
TokenManipulator.RemovePrivilege(TokenManipulator.SE_SECURITY_NAME);
}
catch (Exception err)
{
AppLog.Exception(err);
return(false);
}
return(true);
}
public static string SID_SPLevel = "S-1-16-28672"; // Secure Process Mandatory Level
internal static bool TakeOwn(string path)
{
bool ret = true;
try
{
//TokenManipulator.AddPrivilege("SeRestorePrivilege");
//TokenManipulator.AddPrivilege("SeBackupPrivilege");
TokenManipulator.AddPrivilege("SeTakeOwnershipPrivilege");
FileSecurity ac = File.GetAccessControl(path);
ac.SetOwner(new SecurityIdentifier(FileOps.SID_Admins));
File.SetAccessControl(path, ac);
}
catch (PrivilegeNotHeldException err)
{
AppLog.Line("Couldn't take Ownership {0}", err.ToString());
ret = false;
}
finally
{
//TokenManipulator.RemovePrivilege("SeRestorePrivilege");
//TokenManipulator.RemovePrivilege("SeBackupPrivilege");
TokenManipulator.RemovePrivilege("SeTakeOwnershipPrivilege");
}
return(ret);
}
public bool SetAuditPolicy(bool audit)
{
try
{
AuditPolicy.AUDIT_POLICY_INFORMATION pol = AuditPolicy.GetSystemPolicy(FirewallEventPolicyID);
if (audit)
{
pol.AuditingInformation = AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Success;
}
else
{
pol.AuditingInformation = AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.None;
}
TokenManipulator.AddPrivilege(TokenManipulator.SE_SECURITY_NAME);
// Note: without SeSecurityPrivilege this fails silently
AuditPolicy.SetSystemPolicy(pol);
TokenManipulator.RemovePrivilege(TokenManipulator.SE_SECURITY_NAME);
}
catch (Exception err)
{
AppLog.Exception(err);
return(false);
}
return(true);
}
public static string SID_SPLevel = "S-1-16-28672"; // Secure Process Mandatory Level
internal static bool TakeOwn(string path)
{
bool ret = true;
try
{
TokenManipulator.AddPrivilege(TokenManipulator.SE_TAKE_OWNERSHIP_NAME);
FileSecurity ac = File.GetAccessControl(path);
ac.SetOwner(new SecurityIdentifier(FileOps.SID_Admins));
File.SetAccessControl(path, ac);
}
catch (Exception err)
{
AppLog.Exception(err);
ret = false;
}
finally
{
TokenManipulator.RemovePrivilege(TokenManipulator.SE_TAKE_OWNERSHIP_NAME);
}
return(ret);
}