Click here to Skip to main content
15,886,806 members
Search within:


Articles / Desktop Programming / MFC
 

Query the New Windows Audit Policies Programmatically

Rate me:
Please Sign up or sign in to vote.
4.08/5 (7 votes)
26 Feb 2010CPOL3 min read 54K   2K   14  
This sample show how to access the information retrieved by running Auditpol.
 
//	---------------------------------------------------------------------------------------------
//	Author:			Marc Ochsenmeier
//	Email:			info@winitor.net
//	Web:			www.winitor.net
//	Date:			25.02.2010
//
//	Description:	Read the Windows Audit Policy settings programmatically like "Auditpol" does.
//	---------------------------------------------------------------------------------------------
#include "stdafx.h"
#include "Audit Policy Manager.h"

CAuditPolicyManager::CAuditPolicyManager()
{
}
CAuditPolicyManager::~CAuditPolicyManager()
{
	CleanAuditCategoriesCollection();
}
vector<CAuditPolicyCategory*> CAuditPolicyManager::GetCategories()
{
	GUID* pGuid = NULL;
	ULONG uCount = 0;

	//	Clean from previous call
	CleanAuditCategoriesCollection();

	//	Enumerate
	if(AuditEnumerateCategories(&pGuid, &uCount))
	{
		GUID* pCurrentGuid = pGuid;
		for(ULONG i=0; i<uCount; i++)
		{
			m_vAuditPolicyCategories.push_back(new CAuditPolicyCategory(pCurrentGuid));
			pCurrentGuid++;
		}
	}
	else
	{
		//	Error
	}

	return m_vAuditPolicyCategories;
}
void CAuditPolicyManager::CleanAuditCategoriesCollection()
{
	AuditPolicyCategory::iterator it = m_vAuditPolicyCategories.begin();
	for( ; it!=m_vAuditPolicyCategories.end(); it++)
	{
		CAuditPolicyCategory* item = (CAuditPolicyCategory*)*it;
		delete item;
	}
	m_vAuditPolicyCategories.clear();
}
CAuditPolicyCategory* CAuditPolicyManager::GetCategory(wstring& name)
{
	CAuditPolicyCategory* pCategory = NULL;
	
	AuditPolicyCategory::iterator it = m_vAuditPolicyCategories.begin();
	for( ; it!=m_vAuditPolicyCategories.end(); it++)
	{
		CAuditPolicyCategory* item = (CAuditPolicyCategory*)*it;
		wstring sName = item->GetFriendlyName();
		if(sName.compare(name)==0)
		{
			pCategory = item;
			break;
		}
	}
	return pCategory;
}
CAuditPolicySubCategory* CAuditPolicyManager::GetSubcategory(wstring& name)
{
	CAuditPolicySubCategory* subcategory = NULL;
	if(name.size())
	{
		AuditPolicyCategory::iterator it = m_vAuditPolicyCategories.begin();
		for( ; it!=m_vAuditPolicyCategories.end(); it++)
		{
			CAuditPolicyCategory* cat = (CAuditPolicyCategory*)*it;
			wstring sName = cat->GetFriendlyName();
			
			vector<CAuditPolicySubCategory*> collection = cat->GetSubCategories();
			vector<CAuditPolicySubCategory*>::iterator it = collection.begin();
			for( ;it!=collection.end(); it++)
			{
				CAuditPolicySubCategory* sub = *it;
				wstring subName = sub->GetFriendlyName();
				if(subName.compare(name)==0)
				{
					subcategory = sub;
					break;
				}
			}
			//	Item found?
			if(subcategory)
			{
				break;
			}
		}
	}
	return subcategory;
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
marc ochsenmeier
Software Developer winitor
Germany Germany
Marc Ochsenmeier is the author of pestudio (www.winitor.com) and worked as developer with the focus on Windows Security. He now works as a Malware Analyst

pestudio is on twitter at: https://twitter.com/ochsenmeier

Comments and Discussions

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 26 Feb 2010

Article Copyright 2010 by marc ochsenmeier
Everything else Copyright © CodeProject, 1999-2024

Web04 2.8:2024-04-02:1