The PrivilegedServiceAuditAlarm function generates audit messages when an attempt is made to perform privileged system service operations. Alarms are not supported in the current version of Windows NT.
BOOL PrivilegedServiceAuditAlarm(
LPCTSTR SubsystemName, |
// address of string for subsystem name |
LPCTSTR ServiceName, |
// address of string for service name |
HANDLE ClientToken, |
// handle of access token |
PPRIVILEGE_SET Privileges, |
// address of privileges |
BOOL AccessGranted |
// flag for granted access rights |
); |
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
The PrivilegedServiceAuditAlarm function requires the calling process to have SE_AUDIT_NAME privilege. The test for this privilege is always performed against the primary token of the calling process. This allows the calling process to impersonate a client during the call.
AccessCheck, AccessCheckAndAuditAlarm, AreAllAccessesGranted, AreAnyAccessesGranted, MapGenericMask, ObjectCloseAuditAlarm, ObjectDeleteAuditAlarm, ObjectOpenAuditAlarm, ObjectPrivilegeAuditAlarm, PrivilegeCheck, PRIVILEGE_SET