public bool SetAuditPolicy(Auditing audit) { try { AuditPolicy.AUDIT_POLICY_INFORMATION pol = AuditPolicy.GetSystemPolicy(FirewallEventPolicyID); switch (audit) { case Auditing.All: pol.AuditingInformation = AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Success | AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Failure; break; case Auditing.Blocked: pol.AuditingInformation = AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Failure; break; case Auditing.Allowed: pol.AuditingInformation = AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Success; break; case Auditing.Off: pol.AuditingInformation = AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.None; break; } TokenManipulator.AddPrivilege(TokenManipulator.SE_SECURITY_NAME); // Note: without SeSecurityPrivilege this fails silently AuditPolicy.SetSystemPolicy(pol); TokenManipulator.RemovePrivilege(TokenManipulator.SE_SECURITY_NAME); } catch (Exception err) { AppLog.Exception(err); return(false); } return(true); }
public bool SetAuditPolicy(bool audit) { try { AuditPolicy.AUDIT_POLICY_INFORMATION pol = AuditPolicy.GetSystemPolicy(FirewallEventPolicyID); if (audit) { pol.AuditingInformation = AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Success; } else { pol.AuditingInformation = AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.None; } TokenManipulator.AddPrivilege(TokenManipulator.SE_SECURITY_NAME); // Note: without SeSecurityPrivilege this fails silently AuditPolicy.SetSystemPolicy(pol); TokenManipulator.RemovePrivilege(TokenManipulator.SE_SECURITY_NAME); } catch (Exception err) { AppLog.Exception(err); return(false); } return(true); }
public bool HasAuditPolicy() { try { AuditPolicy.AUDIT_POLICY_INFORMATION pol = AuditPolicy.GetSystemPolicy(FirewallEventPolicyID); if ((pol.AuditingInformation & AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Success) != 0) { return(true); } } catch (Exception err) { AppLog.Exception(err); } return(false); }
public Auditing GetAuditPolicy() { try { AuditPolicy.AUDIT_POLICY_INFORMATION pol = AuditPolicy.GetSystemPolicy(FirewallEventPolicyID); if ((pol.AuditingInformation & AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Success) != 0 && (pol.AuditingInformation & AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Failure) != 0) { return(Auditing.All); } if ((pol.AuditingInformation & AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Success) != 0) { return(Auditing.Allowed); } if ((pol.AuditingInformation & AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Failure) != 0) { return(Auditing.Blocked); } } catch (Exception err) { AppLog.Exception(err); } return(Auditing.Off); }