Edytuj

Udostępnij za pośrednictwem


EventWaitHandleSecurity.RemoveAuditRule(EventWaitHandleAuditRule) Method

Definition

Searches for an audit rule with the same user as the specified rule, and with compatible inheritance and propagation flags; if a compatible rule is found, the rights contained in the specified rule are removed from it.

public:
 bool RemoveAuditRule(System::Security::AccessControl::EventWaitHandleAuditRule ^ rule);
public bool RemoveAuditRule (System.Security.AccessControl.EventWaitHandleAuditRule rule);
override this.RemoveAuditRule : System.Security.AccessControl.EventWaitHandleAuditRule -> bool
Public Function RemoveAuditRule (rule As EventWaitHandleAuditRule) As Boolean

Parameters

rule
EventWaitHandleAuditRule

An EventWaitHandleAuditRule that specifies the user to search for and a set of inheritance and propagation flags that a matching rule, if found, must be compatible with. Specifies the rights to remove from the compatible rule, if found.

Returns

true if a compatible rule is found; otherwise, false.

Exceptions

rule is null.

Remarks

The current EventWaitHandleSecurity is searched for an audit rule that has the same user as rule. If no such rule is found, no action is taken, and the method returns false. If matching rules are found, their inheritance and compatibility flags are checked for compatibility with the flags specified in rule. If no compatible rule is found, no action is taken, and the method returns false. If a rule with compatible flags is found, the rights specified in rule are removed from the compatible rule, and the method returns true. If rule specifies rights not contained in the compatible rule, no action is taken with respect to those rights. If all rights are removed from the compatible rule, the entire rule is removed from the current EventWaitHandleSecurity object.

Important

Although you can specify inheritance and propagation flags for event audit rules, by creating them with the AuditRuleFactory method, this is not recommended. Inheritance and propagation have no meaning for named events, and they make the maintenance of audit rules more complicated.

Applies to