LSA_AUDIT_ACCOUNT_LOGON callback function (ntsecpkg.h)
The AuditAccountLogon function produces an audit record that represents the mapping of a foreign principal name onto a Windows account.
Syntax
LSA_AUDIT_ACCOUNT_LOGON LsaAuditAccountLogon;
NTSTATUS LsaAuditAccountLogon(
[in] ULONG AuditId,
[in] BOOLEAN Success,
[in] PUNICODE_STRING Source,
[in] PUNICODE_STRING ClientName,
[in] PUNICODE_STRING MappedName,
[in] NTSTATUS Status
)
{...}
Parameters
[in] AuditId
Security package–defined message identifier. This value is included in the audit record.
[in] Success
Specifies whether the audit record is generated on success or failure of the logon.
[in] Source
Pointer to a UNICODE_STRING specifying the source of the logon attempt.
[in] ClientName
Pointer to a UNICODE_STRING specifying the client name.
[in] MappedName
Pointer to a UNICODE_STRING containing the Windows account name to which the client name was mapped, if any.
[in] Status
An NTSTATUS value specifying any error that occurred.
Return value
This function returns STATUS_SUCCESS.
Remarks
A pointer to the AuditAccountLogon function is available in the LSA_SECPKG_FUNCTION_TABLE structure received by the SpInitialize function.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows XP [desktop apps only] |
| Minimum supported server | Windows Server 2003 [desktop apps only] |
| Target Platform | Windows |
| Header | ntsecpkg.h |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for