Exemplo n.º 1
0
        public bool SetAuditPol(Auditing audit)
        {
            //MiscFunc.Exec("auditpol.exe", "/set /subcategory:{0CCE9226-69AE-11D9-BED3-505054503030} /failure:enable /success:enable");
            try
            {
                AuditPol.AUDIT_POLICY_INFORMATION pol = AuditPol.GetSystemPolicy("0CCE9226-69AE-11D9-BED3-505054503030");
                switch (audit)
                {
                case Auditing.All: pol.AuditingInformation = AuditPol.AUDIT_POLICY_INFORMATION_TYPE.Success | AuditPol.AUDIT_POLICY_INFORMATION_TYPE.Failure; break;

                case Auditing.Blocked: pol.AuditingInformation = AuditPol.AUDIT_POLICY_INFORMATION_TYPE.Failure; break;

                case Auditing.Allowed: pol.AuditingInformation = AuditPol.AUDIT_POLICY_INFORMATION_TYPE.Success; break;

                case Auditing.Off: pol.AuditingInformation = AuditPol.AUDIT_POLICY_INFORMATION_TYPE.None; break;
                }
                TokenManipulator.AddPrivilege(TokenManipulator.SE_SECURITY_NAME);
                // Note: without SeSecurityPrivilege this fails silently
                AuditPol.SetSystemPolicy(pol);
                TokenManipulator.RemovePrivilege(TokenManipulator.SE_SECURITY_NAME);
            }
            catch (Exception err)
            {
                AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message);
                return(false);
            }
            return(true);
        }
Exemplo n.º 2
0
 public Auditing GetAuditPol()
 {
     try
     {
         AuditPol.AUDIT_POLICY_INFORMATION pol = AuditPol.GetSystemPolicy("0CCE9226-69AE-11D9-BED3-505054503030");
         if ((pol.AuditingInformation & AuditPol.AUDIT_POLICY_INFORMATION_TYPE.Success) != 0 && (pol.AuditingInformation & AuditPol.AUDIT_POLICY_INFORMATION_TYPE.Failure) != 0)
         {
             return(Auditing.All);
         }
         if ((pol.AuditingInformation & AuditPol.AUDIT_POLICY_INFORMATION_TYPE.Success) != 0)
         {
             return(Auditing.Allowed);
         }
         if ((pol.AuditingInformation & AuditPol.AUDIT_POLICY_INFORMATION_TYPE.Failure) != 0)
         {
             return(Auditing.Blocked);
         }
     }
     catch (Exception err)
     {
         AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message);
     }
     return(Auditing.Off);
 }