| BOOL ObjectPrivilegeAuditAlarm(SubsystemName, HandleId, ClientToken, DesiredAccess, Privileges, AccessGranted) | |||
| LPTSTR SubsystemName; | |||
| LPVOID HandleId; | |||
| HANDLE ClientToken; | |||
| DWORD DesiredAccess; | |||
| PPRIVILEGE_SET Privileges; | |||
| BOOL AccessGranted; |
The ObjectPrivilegeAuditAlarm function generates audit and alarm messages as a result of a client's attempt to perform a privileged operation on a server application object via an already opened handle to that object.
SubsystemName
Pointer to a string that is the name of the subsystem calling the function.
HandleId
A unique value representing the client's handle to the object.
ClientToken
A handle to a token object representing the client that requested the operation. This handle must be obtained by opening the token of a thread that is impersonating the client. The token must be open for TOKEN_QUERY access.
DesiredAccess
An access mask indicating the privileged access types being used or being attempted to be used. The access mask should not contain any generic access types.
Privileges
Optional pointer to a PRIVILEGE_SET structure that gives the set of privileges required for the requested operation.
The PRIVILEGE_SET data structure has the following form:
typedef struct _PRIVILEGE_SET { /* ps */
DWORD PrivilegeCount;
DWORD Control;
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY];
} PRIVILEGE_SET;
AccessGranted
Pointer to a Boolean value that the function sets to TRUE if the access was granted, FALSE if it was not.
The return value is TRUE if the function was successful, or FALSE if an error occurred. Use the GetLastError function to obtain extended error information.
This function may generate and send many messages to Port objects. This may result in a significant latency before returning. The design of routines that call ObjectPrivilegeAuditAlarm must take this potential latency into account. This may have an impact on the approach taken for data structure mutex locking, for example.
The ObjectPrivilegeAuditAlarm function requires the caller to have SeSecurityPrivilege privilege. The test for this privilege is always against the primary token of the calling process, allowing the caller to be impersonating a client during the call with no ill effects.
AccessCheck, AccessCheckAndAuditAlarm, AreAllAccessesGranted, AreAnyAccessesGranted, MapGenericMask, ObjectCloseAuditAlarm, ObjectOpenAuditAlarm, PrivilegeCheck, PrivilegedServiceAuditAlarm