Query the New Windows Audit Policies Programmatically

marc ochsenmeier

Rate me:

4.08/5 (7 votes)

26 Feb 2010CPOL3 min read

54K

This sample show how to access the information retrieved by running Auditpol.

audit_policy_browser_code.zip
- Audit Policy Browser.cpp
- Audit Policy Browser.h
- Audit Policy Browser.rc
- Audit Policy Browser.sln
- Audit Policy Browser.vcproj
- Audit Policy BrowserAbout.cpp
- Audit Policy BrowserAbout.h
- Audit Policy BrowserDlg.cpp
- Audit Policy BrowserDlg.h
- Audit Policy Category.cpp
- Audit Policy Category.h
- Audit Policy Manager.cpp
- Audit Policy Manager.h
- Audit Policy Subcategory.cpp
- Audit Policy Subcategory.h
- Audit Policy.cpp
- Audit Policy.h
- Debug
- Release
- res
  - Audit Policy Browser.ico
  - AuditPolicyBrowser.rc2
- resource.h
- stdafx.cpp
- stdafx.h
- targetver.h
audit_policy_browser_demo.zip
- Audit Policy Browser.exe

// stdafx.h : include file for standard system include files,
// or project specific include files that are used frequently,
// but are changed infrequently
#pragma once

#ifndef _SECURE_ATL
#define _SECURE_ATL 1
#endif

#ifndef VC_EXTRALEAN
#define VC_EXTRALEAN            // Exclude rarely-used stuff from Windows headers
#endif

#include "targetver.h"

#define _ATL_CSTRING_EXPLICIT_CONSTRUCTORS      // some CString constructors will be explicit

// turns off MFC's hiding of some common and often safely ignored warning messages
#define _AFX_ALL_WARNINGS

#include <afxwin.h>         // MFC core and standard components
#include <afxext.h>         // MFC extensions


#include <afxdisp.h>        // MFC Automation classes

#ifndef _AFX_NO_OLE_SUPPORT
#include <afxdtctl.h>           // MFC support for Internet Explorer 4 Common Controls
#endif
#ifndef _AFX_NO_AFXCMN_SUPPORT
#include <afxcmn.h>             // MFC support for Windows Common Controls
#endif // _AFX_NO_AFXCMN_SUPPORT

#include <afxcontrolbars.h>     // MFC support for ribbons and control bars

#ifdef _UNICODE
#if defined _M_IX86
#pragma comment(linker,"/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='x86' publicKeyToken='6595b64144ccf1df' language='*'\"")
#elif defined _M_IA64
#pragma comment(linker,"/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='ia64' publicKeyToken='6595b64144ccf1df' language='*'\"")
#elif defined _M_X64
#pragma comment(linker,"/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='amd64' publicKeyToken='6595b64144ccf1df' language='*'\"")
#else
#pragma comment(linker,"/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*'\"")
#endif
#endif

//	Audit Specific
#include "Ntsecapi.h"
#include "Audit Policy Manager.h"
#include "Audit Policy.h"
#include "Audit Policy Category.h"
#include "Audit Policy Subcategory.h"

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Written By

marc ochsenmeier

Software Developer winitor

Germany

Marc Ochsenmeier is the author of pestudio (www.winitor.com) and worked as developer with the focus on Windows Security. He now works as a Malware Analyst

pestudio is on twitter at: https://twitter.com/ochsenmeier

Query the New Windows Audit Policies Programmatically

License

Comments and Discussions