Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The AuditLogon function is used to audit a logon attempt.
Syntax
LSA_AUDIT_LOGON LsaAuditLogon;
void LsaAuditLogon(
[in] NTSTATUS Status,
[in] NTSTATUS SubStatus,
[in] PUNICODE_STRING AccountName,
[in] PUNICODE_STRING AuthenticatingAuthority,
[in] PUNICODE_STRING WorkstationName,
[in, optional] PSID UserSid,
[in] SECURITY_LOGON_TYPE LogonType,
[in] PTOKEN_SOURCE TokenSource,
[in] PLUID LogonId
)
{...}
Parameters
[in] Status
Status of the logon attempt.
[in] SubStatus
Additional status information for the logon attempt.
[in] AccountName
Pointer to a UNICODE_STRING that contains the account name used in the logon attempt.
[in] AuthenticatingAuthority
Pointer to a UNICODE_STRING that contains the name of the authority that authenticated the logon, normally the operating system domain name.
[in] WorkstationName
Pointer to a UNICODE_STRING that contains the name of the workstation used to attempt the logon.
[in, optional] UserSid
Pointer to the SID of the security principal attempting to logon.
[in] LogonType
A SECURITY_LOGON_TYPE value indicating the type of logon.
[in] TokenSource
Pointer to a TOKEN_SOURCE structure that specifies the source for the user token. This value must include the package name.
[in] LogonId
Pointer to the logon session identifier. LogonId is valid only if the logon attempt was successful.
Return value
None
Remarks
A pointer to the AuditLogon function is available in the LSA_SECPKG_FUNCTION_TABLE structure received by the SpInitialize function.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows XP [desktop apps only] |
| Minimum supported server | Windows Server 2003 [desktop apps only] |
| Target Platform | Windows |
| Header | ntsecpkg.h |