The AccessCheckAndAuditAlarm function performs an access validation and generates corresponding audit messages. An application can also use this function to determine whether necessary privileges are held by a client process. This function is generally used by a server application impersonating a client process. Alarms are not supported in the current version of Windows NT.
BOOL AccessCheckAndAuditAlarm(
LPCTSTR SubsystemName, |
// address of string for subsystem name |
LPVOID HandleId, |
// address of handle identifier |
LPTSTR ObjectTypeName, |
// address of string for object type |
LPTSTR ObjectName, |
// address of string for object name |
PSECURITY_DESCRIPTOR SecurityDescriptor, |
// address of security descriptor |
DWORD DesiredAccess, |
// mask for requested access rights |
PGENERIC_MAPPING GenericMapping, |
// address of GENERIC_MAPPING |
BOOL ObjectCreation, |
// object-creation flag |
LPDWORD GrantedAccess, |
// address of mask for granted rights |
LPBOOL AccessStatus, |
// address of flag for results |
LPBOOL pfGenerateOnClose |
// pointer to flag for audit generation |
); |
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
The AccessCheckAndAuditAlarm function compares the specified security descriptor with the impersonation access token of the calling process and indicates whether access is granted or denied. If access is granted, the requested access mask becomes the granted access mask for the object. This function also generates any necessary audit messages as a result of the access attempt.
This function requires the calling process to have the SE_AUDIT_NAME privilege. The test for this privilege is performed against the primary token of the calling process, not the impersonation token of the thread.
AccessCheck, AreAllAccessesGranted, AreAnyAccessesGranted, GENERIC_MAPPING, MapGenericMask, ObjectCloseAuditAlarm, ObjectOpenAuditAlarm, ObjectPrivilegeAuditAlarm, PrivilegeCheck, PrivilegedServiceAuditAlarm, SECURITY_DESCRIPTOR