[New - Windows NT]
The ObjectDeleteAuditAlarm function generates audit messages when an object is deleted. Windows NT security does not support alarms.
BOOL ObjectDeleteAuditAlarm(
| LPCTSTR SubsystemName, | // pointer to string for subsystem name |
| LPVOID HandleId, | // handle to the object |
| BOOL GenerateOnClose | // flag for audit generation |
| ); |
Parameters
SubsystemName
Pointer to a null-terminated string that specifies the name of the subsystem calling the function; for example, "DEBUG" or "WIN32". This string appears in the audit log for the object.
HandleId
Specifies a unique 32-bit value representing the client's handle to the object. This should be the same value that was passed to the AccessCheckAndAuditAlarm or ObjectOpenAuditAlarm function.
GenerateOnClose
Specifies a flag set by a call to the AccessCheckAndAuditAlarm or ObjectOpenAuditAlarm function when the object handle is created.
Return Values
If the function succeeds, the return value is a nonzero value.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
Remarks
The ObjectDeleteAuditAlarm function requires the calling application to have the SE_AUDIT_NAME privilege. The test for this privilege is always performed against the primary token of the calling process, allowing the calling process to impersonate a client.
See Also
AccessCheck, AccessCheckAndAuditAlarm, AreAllAccessesGranted, AreAnyAccessesGranted, MapGenericMask, ObjectCloseAuditAlarm, ObjectOpenAuditAlarm, ObjectPrivilegeAuditAlarm, PrivilegeCheck, PrivilegedServiceAuditAlarm