ObjectCloseAuditAlarm

The ObjectCloseAuditAlarm function generates an audit message in the security event log when a handle to a private object is deleted. Alarms are not currently supported.

BOOL ObjectCloseAuditAlarm(
  LPCTSTR SubsystemName, // subsystem name
  LPVOID HandleId,       // handle identifier
  BOOL GenerateOnClose   // audit generation
);

Parameters

SubsystemName

[in] Pointer to a null-terminated string specifying the name of the subsystem calling the function. This string appears in any audit message that the function generates.

HandleId

[in] A unique value representing the client's handle to the object. This should be the same value that was passed to the AccessCheckAndAuditAlarm or ObjectOpenAuditAlarm function.

GenerateOnClose

[in] Specifies a flag set by a call to the AccessCheckAndAuditAlarm or ObjectOpenAuditAlarm function when the object handle is created. If this flag is TRUE, the function generates an audit message. If it is FALSE, the function does not generate an audit message.

Return Values

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

The ObjectCloseAuditAlarm function requires the calling application to have the SE_AUDIT_NAME privilege enabled. The test for this privilege is always performed against the primary token of the calling process, allowing the calling process to impersonate a client.

Requirements

  Windows NT/2000: Requires Windows NT 3.1 or later.
  Header: Declared in Winbase.h; include Windows.h.
  Library: Use Advapi32.lib.
  Unicode: Implemented as Unicode and ANSI versions on Windows NT/2000.

See Also

Client/Server Access Control Overview, Client/Server Access Control Functions, AccessCheckAndAuditAlarm, ObjectDeleteAuditAlarm, ObjectOpenAuditAlarm, ObjectPrivilegeAuditAlarm