File created/modified audit settings with EventLog in C++

Hello Experts,

I want to write a C++ program for setting audit property settings.

I know we can audit file access EventLog like followings,

https://blogs.manageengine.com/it-security/eventloganalyzer/2012/06/20/object-access-auditing-simplified-find-the-who-what-where-when-of-file-folder-access.html

We have to set "Audit object access" to true in local security policy and set audit property to true of target folders manually.
I want to know how to set audit property of target folders(Folder->Property->Security->Advanced->Auditing->Create files / write data to TRUE) by C++ program.

Any idea welcome.

Nobuo Miwa



First of all - be aware that you are delving into heavy stuff here.

You can do that using 'AddAuditAccessAce()' (https://msdn.microsoft.com/en-us/library/windows/desktop/aa374973%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396). Unfortunately, there isn't much sample code out there, but surprisingly there's an MSDN entry about a bugfix that comes with code illustrating how to use it, see http://support.microsoft.com/kb/274432/en-us



First of all - be aware that you are delving into heavy stuff here.

You can do that using 'AddAuditAccessAce()' (https://msdn.microsoft.com/en-us/library/windows/desktop/aa374973%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396). Unfortunately, there isn't much sample code out there, but surprisingly there's an MSDN entry about a bugfix that comes with code illustrating how to use it, see http://support.microsoft.com/kb/274432/en-us



Thanks for the advice.
I will try this.



Thank you and good luck! ;o)





Share this

Related Posts

There was an error in this gadget