/// <summary> /// Process Record. /// </summary> protected override void ProcessRecord() { using (var token = GetToken()) { if (Open) { if (string.IsNullOrEmpty(TypeName)) { TypeName = SecurityDescriptor?.NtType.Name ?? throw new ArgumentException("Must specify a type name."); } WriteObject(NtSecurity.OpenObjectAudit( SubsystemName, HandleId, TypeName, Name, SecurityDescriptor, token, DesiredAccess, GrantedAccess, GetPrivileges(), Creation, AccessGranted)); } else if (Close) { NtSecurity.CloseObjectAudit(SubsystemName, HandleId, GenerateOnClose); } else if (Delete) { NtSecurity.DeleteObjectAudit(SubsystemName, HandleId, GenerateOnClose); } else if (PrivilegeObject) { NtSecurity.PrivilegeObjectAudit(SubsystemName, HandleId, token, DesiredAccess, GetPrivileges(), AccessGranted); } else if (PrivilegeService) { NtSecurity.PrivilegedServiceAudit(SubsystemName, ServiceName, token, GetPrivileges(), AccessGranted); } else { throw new ArgumentException("Invalid audit type."); } } }