_AUDIT_POLICY_INFORMATION structure

The AUDIT_POLICY_INFORMATION structure specifies a security event type and when to audit that type.

Syntax

typedef struct _AUDIT_POLICY_INFORMATION {
  GUID  AuditSubCategoryGuid;
  ULONG AuditingInformation;
  GUID  AuditCategoryGuid;
} AUDIT_POLICY_INFORMATION, *PAUDIT_POLICY_INFORMATION;

Members

AuditSubCategoryGuid

A GUID structure that specifies an audit subcategory.

AuditingInformation

A set of bit flags that specify the conditions under which the security event type specified by the AuditSubCategoryGuid and AuditCategoryGuid members are audited. The following values are defined.

Important  Note that the meaning of these values differs depending on which function is using this structure.
 
Value Meaning
POLICY_AUDIT_EVENT_UNCHANGED
0x00000000
Do not change auditing options for the specified event type.

This value is valid for the AuditSetSystemPolicy and AuditQuerySystemPolicy functions.

POLICY_AUDIT_EVENT_SUCCESS
0x00000001
Audit successful occurrences of the specified event type.

This value is valid for the AuditSetSystemPolicy and AuditQuerySystemPolicy functions.

POLICY_AUDIT_EVENT_FAILURE
0x00000002
Audit failed attempts to cause the specified event type.

This value is valid for the AuditSetSystemPolicy and AuditQuerySystemPolicy functions.

POLICY_AUDIT_EVENT_NONE
0x00000004
Do not audit the specified event type.

This value is valid for the AuditSetSystemPolicy and AuditQuerySystemPolicy functions.

PER_USER_POLICY_UNCHANGED
0x00
Do not change auditing options for the specified event type.

This value is valid for the AuditSetPerUserPolicy and AuditQueryPerUserPolicy functions.

PER_USER_AUDIT_SUCCESS_INCLUDE
0x01
Audit successful occurrences of the specified event type.

This value is valid for the AuditSetPerUserPolicy and AuditQueryPerUserPolicy functions.

PER_USER_AUDIT_SUCCESS_EXCLUDE
0x02
Do not audit successful occurrences of the specified event type.

This value is valid for the AuditSetPerUserPolicy and AuditQueryPerUserPolicy functions.

PER_USER_AUDIT_FAILURE_INCLUDE
0x04
Audit failed attempts to cause the specified event type.

This value is valid for the AuditSetPerUserPolicy and AuditQueryPerUserPolicy functions.

PER_USER_AUDIT_FAILURE_EXCLUDE
0x08
Do not audit failed attempts to cause the specified event type.

This value is valid for the AuditSetPerUserPolicy and AuditQueryPerUserPolicy functions.

PER_USER_AUDIT_NONE
0x10
Do not audit the specified event type.

This value is valid for the AuditSetPerUserPolicy and AuditQueryPerUserPolicy functions.

AuditCategoryGuid

A GUID structure that specifies an audit-policy category.

Requirements

   
Windows version Windows Vista [desktop apps only] Windows Server 2008 [desktop apps only]
Header ntsecapi.h

See Also

AuditComputeEffectivePolicyBySid

AuditComputeEffectivePolicyByToken

AuditQueryPerUserPolicy

AuditQuerySystemPolicy

AuditSetPerUserPolicy

AuditSetSystemPolicy