Edit

AuditQuerySystemPolicy function (ntsecapi.h)

  • Article

The AuditQuerySystemPolicy function retrieves system audit policy for one or more audit-policy subcategories.

Syntax

BOOLEAN AuditQuerySystemPolicy(
  [in]  const GUID                *pSubCategoryGuids,
  [in]  ULONG                     dwPolicyCount,
  [out] PAUDIT_POLICY_INFORMATION *ppAuditPolicy
);

Parameters

[in] pSubCategoryGuids

A pointer to an array of GUID values that specify the subcategories for which to query audit policy. For a list of defined audit-policy subcategories, see Auditing Constants.

[in] dwPolicyCount

The number of elements in each of the pSubCategoryGuids and ppAuditPolicy arrays.

[out] ppAuditPolicy

A pointer to a single buffer that contains both an array of pointers to AUDIT_POLICY_INFORMATION structures and the structures themselves. The AUDIT_POLICY_INFORMATION structures specify the system audit policy for the subcategories specified by the pSubCategoryGuids array.

When you have finished using this buffer, free it by calling the AuditFree function.

Return value

If the function succeeds, it returns TRUE.

If the function fails, it returns FALSE. To get extended error information, call GetLastError. GetLastError may return one of the following error codes defined in WinError.h.

Return code/value Description
ERROR_FILE_NOT_FOUND
2
 No per-user audit policy exists for the principal specified by the pSid parameter.
ERROR_ACCESS_DENIED
5
 The caller does not have the privilege or access rights necessary to call this function.
ERROR_INVALID_PARAMETER
87
 One or more parameters are invalid.

Remarks

To successfully call this function, the caller must have SeSecurityPrivilege or have AUDIT_QUERY_SYSTEM_POLICY access on the audit security object.

Requirements

Requirement Value
Minimum supported client Windows Vista [desktop apps only]
Minimum supported server Windows Server 2008 [desktop apps only]
Target Platform Windows
Header ntsecapi.h
Library Advapi32.lib
DLL Advapi32.dll