Click here to Skip to main content
Click here to Skip to main content
Add your own
alternative version
Go to top

Query the New Windows Audit Policies Programmatically

, 26 Feb 2010
This sample show how to access the information retrieved by running Auditpol.
//	---------------------------------------------------------------------------------------------
//	Author:			Marc Ochsenmeier
//	Email:			info@winitor.net
//	Web:			www.winitor.net
//	Date:			25.02.2010
//
//	Description:	Read the Windows Audit Policy settings programmatically like "Auditpol" does.
//	---------------------------------------------------------------------------------------------
#include "stdafx.h"
#include "Audit Policy Browser.h"
#include "Audit Policy BrowserDlg.h"
#include "Audit Policy BrowserAbout.h"

#ifdef _DEBUG
#define new DEBUG_NEW
#endif


CAuditPolicyBrowserDlg::CAuditPolicyBrowserDlg(CWnd* pParent /*=NULL*/)
	: CDialog(CAuditPolicyBrowserDlg::IDD, pParent)
{
	m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}

void CAuditPolicyBrowserDlg::DoDataExchange(CDataExchange* pDX)
{
	CDialog::DoDataExchange(pDX);
	DDX_Control(pDX, IDC_LIST_CATEGORIES, m_listBoxCategories);
	DDX_Control(pDX, IDC_LIST2, m_listBoxSubcategories);
	DDX_Control(pDX, IDC_STATIC_POLICY_AUDIT_EVENT_NONE, m_staticAuditPolicyNone);
	DDX_Control(pDX, IDC_STATICPOLICY_AUDIT_EVENT_SUCCESS, m_staticAuditPolicySuccess);
	DDX_Control(pDX, IDC_STATIC_POLICY_AUDIT_EVENT_FAILURE, m_staticAuditPolicyFailure);
}

BEGIN_MESSAGE_MAP(CAuditPolicyBrowserDlg, CDialog)
	ON_WM_SYSCOMMAND()
	ON_WM_PAINT()
	ON_WM_QUERYDRAGICON()
	//}}AFX_MSG_MAP
	ON_BN_CLICKED(IDC_BUTTON_ENUMERATE_CATEGORIES, &OnBnClickedButtonEnumerateCategories)
	ON_LBN_SELCHANGE(IDC_LIST_CATEGORIES, &OnCategoryChanged)
	ON_LBN_SELCHANGE(IDC_LIST2, &CAuditPolicyBrowserDlg::OnSubcategorySelection)
END_MESSAGE_MAP()


// CAuditPolicyBrowserDlg message handlers
BOOL CAuditPolicyBrowserDlg::OnInitDialog()
{
	CDialog::OnInitDialog();

	// Add "About..." menu item to system menu.

	// IDM_ABOUTBOX must be in the system command range.
	ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);
	ASSERT(IDM_ABOUTBOX < 0xF000);

	CMenu* pSysMenu = GetSystemMenu(FALSE);
	if (pSysMenu != NULL)
	{
		BOOL bNameValid;
		CString strAboutMenu;
		bNameValid = strAboutMenu.LoadString(IDS_ABOUTBOX);
		ASSERT(bNameValid);
		if (!strAboutMenu.IsEmpty())
		{
			pSysMenu->AppendMenu(MF_SEPARATOR);
			pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
		}
	}

	// Set the icon for this dialog.  The framework does this automatically
	//  when the application's main window is not a dialog
	SetIcon(m_hIcon, TRUE);			// Set big icon
	SetIcon(m_hIcon, FALSE);		// Set small icon

	//	Setup UI  
	m_staticAuditPolicyNone.EnableWindow(FALSE);;
	m_staticAuditPolicySuccess.EnableWindow(FALSE);;
	m_staticAuditPolicyFailure.EnableWindow(FALSE);;

	//	Enumerate the Audit Policy Categories
	OnBnClickedButtonEnumerateCategories();
	return TRUE;  
}

void CAuditPolicyBrowserDlg::OnSysCommand(UINT nID, LPARAM lParam)
{
	if ((nID & 0xFFF0) == IDM_ABOUTBOX)
	{
		CAboutDlg dlgAbout;
		dlgAbout.DoModal();
	}
	else
	{
		CDialog::OnSysCommand(nID, lParam);
	}
}

// If you add a minimize button to your dialog, you will need the code below
//  to draw the icon.  For MFC applications using the document/view model,
//  this is automatically done for you by the framework.
void CAuditPolicyBrowserDlg::OnPaint()
{
	if (IsIconic())
	{
		CPaintDC dc(this); // device context for painting

		SendMessage(WM_ICONERASEBKGND, reinterpret_cast<WPARAM>(dc.GetSafeHdc()), 0);

		// Center icon in client rectangle
		int cxIcon = GetSystemMetrics(SM_CXICON);
		int cyIcon = GetSystemMetrics(SM_CYICON);
		CRect rect;
		GetClientRect(&rect);
		int x = (rect.Width() - cxIcon + 1) / 2;
		int y = (rect.Height() - cyIcon + 1) / 2;

		// Draw the icon
		dc.DrawIcon(x, y, m_hIcon);
	}
	else
	{
		CDialog::OnPaint();
	}
}

// The system calls this function to obtain the cursor to display while the user drags
//  the minimized window.
HCURSOR CAuditPolicyBrowserDlg::OnQueryDragIcon()
{
	return static_cast<HCURSOR>(m_hIcon);
}

//	Enumerates all Audit Policy Categories
void CAuditPolicyBrowserDlg::OnBnClickedButtonEnumerateCategories()
{
	GUID* pGuid = NULL;
	ULONG uCount = 0;
	
	//	Clean UI from previous call
	m_listBoxCategories.ResetContent();
	m_listBoxSubcategories.ResetContent();
	m_staticAuditPolicyNone.EnableWindow(FALSE);
	m_staticAuditPolicySuccess.EnableWindow(FALSE);
	m_staticAuditPolicyFailure.EnableWindow(FALSE);

	//	Enumerate
	bool iInitialized = false;
	vector<CAuditPolicyCategory*> categories = m_auditPolicyManager.GetCategories();
	vector<CAuditPolicyCategory*>::iterator it = categories.begin();
	for ( ;it!=categories.end(); it++)
	{
		CAuditPolicyCategory* item = *it;
		wstring name = item->GetFriendlyName();
		
		//	Update UI
		m_listBoxCategories.AddString(name.c_str());
		
		if(!iInitialized)
		{
			CString s = name.c_str();
			ShowSubCategories(s);
			iInitialized = true;
		}
	}

	//	Update Counter at the UI
	m_listBoxCategories.SetCurSel(0);
}
void CAuditPolicyBrowserDlg::ShowSubCategories(const CString& category)
{
	//	Get the associated object
	CAuditPolicyCategory* item = m_auditPolicyManager.GetCategory((wstring)category);
	if(item)
	{
		bool bInitialized = false;

		//	Enumerate the subcategories of the selected categories
		vector<CAuditPolicySubCategory*> subcategories = item->GetSubCategories();
		vector<CAuditPolicySubCategory*>::iterator it = subcategories.begin();
		for( ;it!=subcategories.end(); it++)
		{
			//	Update the UI with the Subcategory
			CAuditPolicySubCategory* item = *it;
			wstring name = item->GetFriendlyName();
			m_listBoxSubcategories.AddString(name.c_str());

			//	Update the UI with the associated Audit Policy
			if(!bInitialized)
			{
				OnSubcategorySelection();
				bInitialized = true;
			}
		}
		
		//	Update Counter at the UI
		m_listBoxSubcategories.SetCurSel(0);
		OnSubcategorySelection();
	}
}
//	The user has selected a Category
void CAuditPolicyBrowserDlg::OnCategoryChanged()
{
	//	Clean UI from previous call
	m_listBoxSubcategories.ResetContent();

	int iSel = m_listBoxCategories.GetCurSel();
	if(iSel!=LB_ERR)
	{
		CString category;
		m_listBoxCategories.GetText(iSel, category);
		ShowSubCategories(category);
	}
}

void CAuditPolicyBrowserDlg::OnSubcategorySelection()
{
	//	Reset UI
	m_staticAuditPolicyNone.EnableWindow(FALSE);
	m_staticAuditPolicySuccess.EnableWindow(FALSE);
	m_staticAuditPolicyFailure.EnableWindow(FALSE);

	int iSel = m_listBoxSubcategories.GetCurSel();
	if(iSel!=LB_ERR)
	{
		CString subcategory;
		m_listBoxSubcategories.GetText(iSel, subcategory);

		wstring name = subcategory;
		CAuditPolicySubCategory* item = m_auditPolicyManager.GetSubcategory(name);
		if(item)
		{
			//	Detect the Audit Policy associated with the selected Subcategory
			CAuditPolicy* policy = item->GetAuditSystemPolicy();
			m_staticAuditPolicyNone.EnableWindow(policy->IsAuditEventNone()?TRUE:FALSE);
			m_staticAuditPolicySuccess.EnableWindow(policy->IsAuditEventSuccess()?TRUE:FALSE);
			m_staticAuditPolicyFailure.EnableWindow(policy->IsAuditEventFailure()?TRUE:FALSE);
		}
	}
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

marc ochsenmeier
Software Developer (Senior) winitor
Germany Germany
Marc Ochsenmeier is the author of PEStudio (www.winitor.com) and works as developer with the focus on Windows Hardening.
 
PEStudio is on twitter at: https://twitter.com/ochsenmeier

| Advertise | Privacy | Mobile
Web01 | 2.8.140916.1 | Last Updated 26 Feb 2010
Article Copyright 2010 by marc ochsenmeier
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid