Click to open or copy the files for the Audit sample.
Click to open or copy the Include files (required).
The Audit sample illustrates how to use the Windows NT® LSA security API to manage the audit status on the local machine or a remote machine.
Querying the current audit status is illustrated, in addition to changing the audit state of an audit event type. Enabling and disabling all auditing is also illustrated.
When targeting a domain controller for an audit update operation, target the primary domain controller for the domain.
The audit settings are replicated by the primary domain controller to each backup domain controller as appropriate. The NetGetDCName Lan Manager API call can be used to get the primary domain controller computer name from a domain name.
If no command line argument is specified, this sample will target the local machine. Or, you can specify a machine in argv[1]; for example:
Audit.exe \\winbase
The sample relies on the Ntsecapi.h header file found in the Win32SDK \mstools\security directory.
This sample uses the following keywords:
displayaudit; displayauditeventoption; displayntstatus; displaywinerror; formatmessagea; fprintf; getstdhandle; initlsastring; localfree; lsaclose; lsafreememory; lsantstatustowinerror; lsaopenpolicy; lsaqueryinformationpolicy; lsasetinformationpolicy; lstrlenw; makelangid; openpolicy; printf; setauditevent; setauditmode; wmain; writefile; zeromemory