Downloads: Query the New Windows Audit Policies Programmatically

Audit_Policy_Browser_Code.zip

Audit Policy Browser.cpp

Audit Policy Browser.h

Audit Policy Browser.rc

Audit Policy Browser.sln

Audit Policy Browser.vcproj

Audit Policy BrowserAbout.cpp

Audit Policy BrowserAbout.h

Audit Policy BrowserDlg.cpp

Audit Policy BrowserDlg.h

Audit Policy Category.cpp

Audit Policy Category.h

Audit Policy Manager.cpp

Audit Policy Manager.h

Audit Policy Subcategory.cpp

Audit Policy Subcategory.h

Audit Policy.cpp

Audit Policy.h

Debug

Release

res

Audit Policy Browser.ico

AuditPolicyBrowser.rc2

resource.h

stdafx.cpp

stdafx.h

targetver.h

Audit_Policy_Browser_Demo.zip

Audit Policy Browser.exe

//	---------------------------------------------------------------------------------------------
//	Author:			Marc Ochsenmeier
//	Email:			info@winitor.net
//	Web:			www.winitor.net
//	Date:			25.02.2010
//
//	Description:	Read the Windows Audit Policy settings programmatically like "Auditpol" does.
//	---------------------------------------------------------------------------------------------
#include "stdafx.h"

CAuditPolicyCategory::CAuditPolicyCategory(GUID* const guid): 
	m_pGuid(guid), m_pName(NULL)
{
}
CAuditPolicyCategory::~CAuditPolicyCategory()
{
	CleanAuditSubCategoriesCollection();
	m_pGuid = NULL;
}
GUID* CAuditPolicyCategory::GetGuid()
{
	return m_pGuid;
}
//	Retrieve its User Friendly Name
wstring CAuditPolicyCategory::GetFriendlyName()
{
	wstring sFriendlyName;

	if(m_pGuid)
	{
		if( AuditLookupCategoryName(m_pGuid, &m_pName))
		{
			sFriendlyName = m_pName;
		}
	}
	else
	{
		//	Error
	}
	return sFriendlyName;
}
void CAuditPolicyCategory::CleanAuditSubCategoriesCollection()
{
	AuditPolicySubCategory::iterator it = m_vAuditPolicySubCategories.begin();
	for( ;it!=m_vAuditPolicySubCategories.end(); it++)
	{
		CAuditPolicySubCategory* item = *it;
		delete item;
	}
	m_vAuditPolicySubCategories.clear();
}

vector<CAuditPolicySubCategory*> CAuditPolicyCategory::GetSubCategories()
{
	//	Clean from previous call.
	CleanAuditSubCategoriesCollection();

	GUID* pGuid = NULL;
	ULONG uCount = 0;
	if(AuditEnumerateSubCategories(
		m_pGuid, 
		FALSE /*return only the Subcategories for this Category*/, 
		&pGuid, 
		&uCount))
	{
		GUID* pCurrentGuid = pGuid;
		for(ULONG i=0; i<uCount; i++)
		{
			m_vAuditPolicySubCategories.push_back(new CAuditPolicySubCategory(pCurrentGuid));
			pCurrentGuid++;
		}
	}
	else
	{
		//	Error
	}
	return m_vAuditPolicySubCategories;
}

By viewing downloads associated with this article you agree to the Terms of use and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

About the Author

marc ochsenmeier

Software Developer (Senior) winitor

Germany

Member

Marc Ochsenmeier is the author of PeStudio (www.winitor.com) and works as developer with the focus on Windows Hardening.

Follow me on twitter at: https://twitter.com/ochsenmeier

This sample show how to access the information retrieved by running Auditpol.

Type	Article
Licence	CPOL
First Posted	26 Feb 2010
Views	14,451
Downloads	580
Bookmarked	13 times

C++WindowsWin32MFC
STLDevIntermediate, +

		9,892,249 members (36,496 online) Visit CodeProject.TV Discuss CodeProject.TV Sign in Email Password Forgot your password? Sign in using