private static void SetAuditEvent(LSA_HANDLE PolicyHandle, POLICY_AUDIT_EVENT_TYPE EventType, POLICY_AUDIT_EVENT_OPTIONS EventOption) { // obtain AuditEvents var pae = LsaQueryInformationPolicy <POLICY_AUDIT_EVENTS_INFO>(PolicyHandle); // ensure we were passed a valid EventType and EventOption if ((uint)EventType > pae.MaximumAuditEventCount || !EventOption.IsValid()) { throw ((NTStatus)NTStatus.STATUS_INVALID_PARAMETER).GetException(); } // set all auditevents to the unchanged status... for (var i = 0U; i < pae.MaximumAuditEventCount; i++) { pae.EventAuditingOptions[i] = POLICY_AUDIT_EVENT_OPTIONS.POLICY_AUDIT_EVENT_UNCHANGED; } // ...and update only the specified EventType pae.EventAuditingOptions[(int)EventType] = EventOption; // set the new AuditEvents LsaSetInformationPolicy(PolicyHandle, pae); }
public static extern bool AuditLookupCategoryGuidFromCategoryId(POLICY_AUDIT_EVENT_TYPE AuditCategoryId, IntPtr pAuditCategoryGuid);
public static extern bool AuditLookupCategoryGuidFromCategoryId( POLICY_AUDIT_EVENT_TYPE AuditCategoryId, IntPtr pAuditCategoryGuid);