PrivilegedServiceAuditAlarm

  BOOL PrivilegedServiceAuditAlarm(SubsystemName, ServiceName, ClientToken, Privileges, AccessGranted)    
  LPTSTR SubsystemName;    
  LPTSTR ServiceName;    
  HANDLE ClientToken;    
  PPRIVILEGE_SET Privileges;    
  BOOL AccessGranted;    

The PrivilegedServiceAuditAlarm function generates audit and alarm messages when an attempt is made to perform privileged system service operations.

Parameters

SubsystemName

Pointer to a string that is the name of the subsystem calling the function.

ServiceName

Pointer to a string that is the name of the privileged subsystem service. For example, “RESET RUNTIME LOCAL SECURITY POLICY” might be specified by a Local Security Authority service used to update the local security policy database.

ClientToken

A handle to a token object representing the client that requested the operation. This handle must be obtained by opening the token of a thread that is impersonating the client. The token must be open for TOKEN_QUERY access.

Privileges

Pointer to a set of privileges required to perform the privileged operation.

The PRIVILEGE_SET data structure has the following form:

typedef struct _PRIVILEGE_SET { /* ps */

DWORD PrivilegeCount;

DWORD Control;

LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY];

} PRIVILEGE_SET;

AccessGranted

Pointer to a Boolean value that the function sets to TRUE if the requested access was granted, FALSE if it was not.

Return Value

The return value is TRUE if the function was successful, or FALSE if an error occurred. Use the GetLastError function to obtain extended error information.

Comments

This function may generate and send several messages to Port objects. This may result in a significant latency before returning. The design of routines that call PrivilegedServiceAuditAlarm must take this potential latency into account. This may have an impact on the approach taken for data structure mutex locking, for example.

The PrivilegedServiceAuditAlarm function requires the caller to have SeSecurityPrivilege privilege. The test for this privilege is always against the primary token of the calling process, allowing the caller to be impersonating a client during the call with no ill effects.