3.1.4.11 ElfrBackupELFW (Opnum 1)
The ElfrBackupELFW (Opnum 1) method instructs the server to back up the event log to a specified file name.
-
NTSTATUS ElfrBackupELFW( [in] IELF_HANDLE LogHandle, [in] PRPC_UNICODE_STRING BackupFileName );
LogHandle: Handle to an event log. This parameter is a server context handle, as specified in section 2.2.6. This handle MUST NOT be obtained via the ElfrOpenBELA (section 3.1.4.2) method or the ElfrOpenBELW (section 3.1.4.1) method.
BackupFileName: Provides a Unicode string (as specified in section 2.2.11) that points to an NT Object Path of a file, (as specified in section 2.2.4.1), in which a current copy of the event log is to be placed. This MUST NOT be NULL or empty. The path is evalutated relative to the server.
Return Values: The method MUST return STATUS_SUCCESS (0x00000000) on success; otherwise, it MUST return an implementation-based, nonzero NTSTATUS value specified in [MS-ERREF].<25>
In response to this request from the client, the server MUST first check that the handle is valid. The server MUST fail the operation with the error STATUS_INVALID_HANDLE (0xC0000008) if the handle is invalid or if the handle is for a backup event log. Handles to backup event logs are obtained via the ElfrOpenBELW (section 3.1.4.1) method or the ElfrOpenBELA (section 3.1.4.2) method.
For a description of how the server determines if the handle is a backup handle, see section 3.1.4.9.
If the handle is valid, the server MUST validate the BackupFileName and fail the call if it is not a legal NT Object Path, or if it specifies a file that already exists, or if the user does not have write access to the specified file path. The server MAY return STATUS_INVALID_PARAMETER (0xC000000D) if the BackupFileName is not a legal NT Object Path or the file already exists, and the server MUST return STATUS_ACCESS_DENIED (0xC0000022) if the user does not have write access to the file.
If the checks above are successful, the server MUST attempt to create a backup of the log associated with the LogHandle parameter. This operation can fail for implementation errors other than the ones mentioned in the preceding paragraphs. The return value of this method is of the type NTSTATUS. Protocol implementers can choose to return other, implementation-based return values, such as those returned from operating system components that are used to implement the protocol. Protocol implementers SHOULD only use return values listed in [MS-ERREF].