Hello World!

程序员那点事儿

首页 新随笔 联系 聚合 管理
  20 Posts :: 6 Stories :: 0 Comments :: 0 Trackbacks
#include <windows.h>
#include "Ntsecapi.h"
LSA_HANDLE GetPolicyHandle()
{
LSA_OBJECT_ATTRIBUTES ObjectAttributes;
WCHAR SystemName[256] = {0};
ULONG SystemNameLength = sizeof(SystemName)/sizeof(SystemName[0]);
LSA_UNICODE_STRING lusSystemName;
NTSTATUS ntsResult;
LSA_HANDLE lsahPolicyHandle;
GetComputerNameW(SystemName, &SystemNameLength);
// Object attributes are reserved, so initialize to zeros.
ZeroMemory(&ObjectAttributes, sizeof(ObjectAttributes));
//Initialize an LSA_UNICODE_STRING to the server name.
SystemNameLength = wcslen(SystemName);
lusSystemName.Buffer = SystemName;
lusSystemName.Length = SystemNameLength * sizeof(WCHAR);
lusSystemName.MaximumLength = (SystemNameLength+1) * sizeof(WCHAR);
// Get a handle to the Policy object.
ntsResult = LsaOpenPolicy(
        &lusSystemName,    //Name of the target system.
        &ObjectAttributes, //Object attributes.
        POLICY_ALL_ACCESS, //Desired access permissions.
        &lsahPolicyHandle  //Receives the policy handle.
);
if (ntsResult != ERROR_SUCCESS)
{
// An error occurred. Display it as a win32 error code.
wprintf(L"OpenPolicy returned %lu\n",
LsaNtStatusToWinError(ntsResult));
return NULL;
return lsahPolicyHandle;
}
BOOL GetAccountDomainInfo(LSA_HANDLE PolicyHandle)
{
NTSTATUS ntsResult = ERROR_SUCCESS;
PPOLICY_AUDIT_EVENTS_INFO  pPAEInfo = NULL;
PWCHAR name = NULL;
ntsResult = LsaQueryInformationPolicy(
PolicyHandle,                   // Open handle to a Policy object.
PolicyAuditEventsInformation, // The information to get.
(PVOID *)&pPAEInfo              // Storage for the information.
);
if (ntsResult == ERROR_SUCCESS)
{  
// There is no guarantee that the LSA_UNICODE_STRING buffer
// is null terminated, so copy the name to a buffer that is.
wprintf(L"auditingMode = %d\n", pPAEInfo->AuditingMode);
wprintf(L"AuditCategorySystem = %d\n", pPAEInfo->EventAuditingOptions[AuditCategorySystem]);
wprintf(L"AuditCategoryLogon = %d\n", pPAEInfo->EventAuditingOptions[AuditCategoryLogon]);
wprintf(L"AuditCategoryObjectAccess = %d\n", pPAEInfo->EventAuditingOptions[AuditCategoryObjectAccess]);
wprintf(L"AuditCategoryPrivilegeUse = %d\n", pPAEInfo->EventAuditingOptions[AuditCategoryPrivilegeUse]);
wprintf(L"AuditCategoryDetailedTracking = %d\n", pPAEInfo->EventAuditingOptions[AuditCategoryDetailedTracking]);
wprintf(L"AuditCategoryPolicyChange = %d\n", pPAEInfo->EventAuditingOptions[AuditCategoryPolicyChange]);
wprintf(L"AuditCategoryAccountManagement = %d\n", pPAEInfo->EventAuditingOptions[AuditCategoryAccountManagement]);
wprintf(L"AuditCategoryDirectoryServiceAccess = %d\n", pPAEInfo->EventAuditingOptions[AuditCategoryDirectoryServiceAccess]);
wprintf(L"AuditCategoryAccountLogon = %d\n", pPAEInfo->EventAuditingOptions[AuditCategoryAccountLogon]);
if (ERROR_SUCCESS != LsaFreeMemory(pPAEInfo))
wprintf(L"LsaFreeMemory error\n");
}
else
{
// Show the corresponding win32 error code.
wprintf(
L"Error obtaining account domain information - (win32) %lu\n",
LsaNtStatusToWinError(ntsResult));
}
return !ntsResult;
}

int main(int argc, char* argv[])
{
LSA_HANDLE lh = NULL;
lh = GetPolicyHandle();
if(lh)
{
GetAccountDomainInfo(lh);
}
return 0;
}
posted on 2013-01-10 15:41 hello wold! 阅读(233) 评论(0)  编辑 收藏 引用

只有注册用户登录后才能发表评论。
【推荐】超50万行VC++源码: 大型组态工控、电力仿真CAD与GIS源码库
网站导航: 博客园   IT新闻   BlogJava   知识库   博问   管理