FileSystemAuditRule Class
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Represents an abstraction of an access control entry (ACE) that defines an audit rule for a file or directory. This class cannot be inherited.
public ref class FileSystemAuditRule sealed : System::Security::AccessControl::AuditRule
public sealed class FileSystemAuditRule : System.Security.AccessControl.AuditRule
[System.Security.SecurityCritical]
public sealed class FileSystemAuditRule : System.Security.AccessControl.AuditRule
type FileSystemAuditRule = class
inherit AuditRule
[<System.Security.SecurityCritical>]
type FileSystemAuditRule = class
inherit AuditRule
Public NotInheritable Class FileSystemAuditRule
Inherits AuditRule
- Inheritance
- Attributes
Examples
The following code example uses the FileSystemAuditRule class to add and then remove an audit rule from a file. You must supply a valid user or group account to run this example.
using System;
using System.IO;
using System.Security.AccessControl;
namespace FileSystemExample
{
class FileExample
{
public static void Main()
{
try
{
string FileName = "test.xml";
Console.WriteLine("Adding access control entry for " + FileName);
// Add the access control entry to the file.
AddFileAuditRule(FileName, @"MYDOMAIN\MyAccount", FileSystemRights.ReadData, AuditFlags.Failure);
Console.WriteLine("Removing access control entry from " + FileName);
// Remove the access control entry from the file.
RemoveFileAuditRule(FileName, @"MYDOMAIN\MyAccount", FileSystemRights.ReadData, AuditFlags.Failure);
Console.WriteLine("Done.");
}
catch (IOException e)
{
Console.WriteLine("Unable to open the file: " + e.Message);
}
catch (PrivilegeNotHeldException e)
{
Console.WriteLine("The current account does not have the correct privileges: " + e.Message);
}
Console.ReadLine();
}
// Adds an ACL entry on the specified file for the specified account.
public static void AddFileAuditRule(string FileName, string Account, FileSystemRights Rights, AuditFlags AuditRule)
{
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity fSecurity = File.GetAccessControl(FileName);
// Add the FileSystemAuditRule to the security settings.
fSecurity.AddAuditRule(new FileSystemAuditRule(Account,
Rights,
AuditRule));
// Set the new access settings.
File.SetAccessControl(FileName, fSecurity);
}
// Removes an ACL entry on the specified file for the specified account.
public static void RemoveFileAuditRule(string FileName, string Account, FileSystemRights Rights, AuditFlags AuditRule)
{
// Get a FileSecurity object that represents the
// current security settings.
FileSecurity fSecurity = File.GetAccessControl(FileName);
// Add the FileSystemAuditRule to the security settings.
fSecurity.RemoveAuditRule(new FileSystemAuditRule(Account,
Rights,
AuditRule));
// Set the new access settings.
File.SetAccessControl(FileName, fSecurity);
}
}
}
Imports System.IO
Imports System.Security.AccessControl
Module FileExample
Sub Main()
Try
Dim FileName As String = "test.xml"
Console.WriteLine("Adding access control entry for " + FileName)
' Add the access control entry to the file.
AddFileAuditRule(FileName, "MYDOMAIN\MyAccount", FileSystemRights.ReadData, AuditFlags.Failure)
Console.WriteLine("Removing access control entry from " + FileName)
' Remove the access control entry from the file.
RemoveFileAuditRule(FileName, "MYDOMAIN\MyAccount", FileSystemRights.ReadData, AuditFlags.Failure)
Console.WriteLine("Done.")
Catch e As IOException
Console.WriteLine("Unable to open the file: " & e.Message)
Catch e As PrivilegeNotHeldException
Console.WriteLine("The current account does not have the correct privileges: " & e.Message)
End Try
Console.ReadLine()
End Sub
' Adds an ACL entry on the specified file for the specified account.
Sub AddFileAuditRule(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal AuditRule As AuditFlags)
' Get a FileSecurity object that represents the
' current security settings.
Dim fSecurity As FileSecurity = File.GetAccessControl(FileName)
' Add the FileSystemAuditRule to the security settings.
fSecurity.AddAuditRule(New FileSystemAuditRule(Account, Rights, AuditRule))
' Set the new access settings.
File.SetAccessControl(FileName, fSecurity)
End Sub
' Removes an ACL entry on the specified file for the specified account.
Sub RemoveFileAuditRule(ByVal FileName As String, ByVal Account As String, ByVal Rights As FileSystemRights, ByVal AuditRule As AuditFlags)
' Get a FileSecurity object that represents the
' current security settings.
Dim fSecurity As FileSecurity = File.GetAccessControl(FileName)
' Add the FileSystemAuditRule to the security settings.
fSecurity.RemoveAuditRule(New FileSystemAuditRule(Account, Rights, AuditRule))
' Set the new access settings.
File.SetAccessControl(FileName, fSecurity)
End Sub
End Module
Remarks
The FileSystemAuditRule class represents an abstraction of an underlying access control entry (ACE) that specifies a user account, the type of access to provide (read, write, and so on), and whether to perform auditing. This class can also specify how audit rules are inherited from and propagated to objects.
To permit file and directory auditing on Windows NT or later, you must enable Audit Access Security policy on your machine. By default, this policy is set to No Auditing.
To enable the Audit Access Security policy, perform the following steps:
Open the Local Security Settings Microsoft Management Console (MMC) snap-in, located in the Administrative Tools folder.
Expand the Local Policies folder and left-click the Audit Policy folder.
Double-click the Audit object access entry on the right pane of the MMC snap-in, or right-click and choose Properties to display the Audit object access properties dialog box.
Select the Success or Failure check boxes to log successes or failures.
Note that an audit rule for a user account requires a corresponding access rule for the same user account.
Use the FileSystemAuditRule class to create a new audit rule. You can persist this rule using the FileSecurity or DirectorySecurity class.
Constructors
FileSystemAuditRule(IdentityReference, FileSystemRights, AuditFlags) |
Initializes a new instance of the FileSystemAuditRule class using a reference to a user account, a value that specifies the type of operation associated with the audit rule, and a value that specifies when to perform auditing. |
FileSystemAuditRule(IdentityReference, FileSystemRights, InheritanceFlags, PropagationFlags, AuditFlags) |
Initializes a new instance of the FileSystemAuditRule class using the name of a reference to a user account, a value that specifies the type of operation associated with the audit rule, a value that determines how rights are inherited, a value that determines how rights are propagated, and a value that specifies when to perform auditing. |
FileSystemAuditRule(String, FileSystemRights, AuditFlags) |
Initializes a new instance of the FileSystemAuditRule class using a user account name, a value that specifies the type of operation associated with the audit rule, and a value that specifies when to perform auditing. |
FileSystemAuditRule(String, FileSystemRights, InheritanceFlags, PropagationFlags, AuditFlags) |
Initializes a new instance of the FileSystemAuditRule class using the name of a user account, a value that specifies the type of operation associated with the audit rule, a value that determines how rights are inherited, a value that determines how rights are propagated, and a value that specifies when to perform auditing. |
Properties
AccessMask |
Gets the access mask for this rule. (Inherited from AuthorizationRule) |
AuditFlags |
Gets the audit flags for this audit rule. (Inherited from AuditRule) |
FileSystemRights |
Gets the FileSystemRights flags associated with the current FileSystemAuditRule object. |
IdentityReference |
Gets the IdentityReference to which this rule applies. (Inherited from AuthorizationRule) |
InheritanceFlags |
Gets the value of flags that determine how this rule is inherited by child objects. (Inherited from AuthorizationRule) |
IsInherited |
Gets a value indicating whether this rule is explicitly set or is inherited from a parent container object. (Inherited from AuthorizationRule) |
PropagationFlags |
Gets the value of the propagation flags, which determine how inheritance of this rule is propagated to child objects. This property is significant only when the value of the InheritanceFlags enumeration is not None. (Inherited from AuthorizationRule) |
Methods
Equals(Object) |
Determines whether the specified object is equal to the current object. (Inherited from Object) |
GetHashCode() |
Serves as the default hash function. (Inherited from Object) |
GetType() |
Gets the Type of the current instance. (Inherited from Object) |
MemberwiseClone() |
Creates a shallow copy of the current Object. (Inherited from Object) |
ToString() |
Returns a string that represents the current object. (Inherited from Object) |