ObjectDeleteAuditAlarm

The ObjectDeleteAuditAlarm function generates audit messages when an object is deleted. Alarms are not currently supported.

BOOL ObjectDeleteAuditAlarm(
  LPCTSTR SubsystemName, // subsystem name
  LPVOID HandleId,       // handle to the object
  BOOL GenerateOnClose   // audit generation
);

Parameters

SubsystemName

[in] Pointer to a null-terminated string specifying the name of the subsystem calling the function. This string appears in any audit message that the function generates.

HandleId

[in] Specifies a unique value representing the client's handle to the object. This should be the same value that was passed to the AccessCheckAndAuditAlarm or ObjectOpenAuditAlarm function.

GenerateOnClose

[in] Specifies a flag set by a call to the AccessCheckAndAuditAlarm or ObjectOpenAuditAlarm function when the object handle is created.

Return Values

If the function succeeds, the return value is a nonzero value.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

The ObjectDeleteAuditAlarm function requires the calling application to have the SE_AUDIT_NAME privilege enabled. The test for this privilege is always performed against the primary token of the calling process, allowing the calling process to impersonate a client.

Requirements

  Windows NT/2000: Requires Windows NT 4.0 or later.
  Header: Declared in Winbase.h; include Windows.h.
  Library: Use Advapi32.lib.
  Unicode: Implemented as Unicode and ANSI versions on Windows NT/2000.

See Also

Client/Server Access Control Overview, Client/Server Access Control Functions, AccessCheck, AccessCheckAndAuditAlarm, AreAllAccessesGranted, AreAnyAccessesGranted, MapGenericMask, ObjectCloseAuditAlarm, ObjectOpenAuditAlarm, ObjectPrivilegeAuditAlarm, PrivilegeCheck, PrivilegedServiceAuditAlarm