summaryrefslogtreecommitdiffstats
path: root/private/ntos/seaudit
diff options
context:
space:
mode:
Diffstat (limited to 'private/ntos/seaudit')
-rw-r--r--private/ntos/seaudit/dirs29
-rw-r--r--private/ntos/seaudit/msaudite/audit.rc14
-rw-r--r--private/ntos/seaudit/msaudite/makefile6
-rw-r--r--private/ntos/seaudit/msaudite/makefile.inc4
-rw-r--r--private/ntos/seaudit/msaudite/msaudite.def3
-rw-r--r--private/ntos/seaudit/msaudite/msaudite.mc2580
-rw-r--r--private/ntos/seaudit/msaudite/sources41
-rw-r--r--private/ntos/seaudit/msauditt/audit.rc13
-rw-r--r--private/ntos/seaudit/msauditt/makefile6
-rw-r--r--private/ntos/seaudit/msauditt/msauditt.def7
-rw-r--r--private/ntos/seaudit/msauditt/msauditt.mc365
-rw-r--r--private/ntos/seaudit/msauditt/mstmp.c55
-rw-r--r--private/ntos/seaudit/msauditt/sources53
-rw-r--r--private/ntos/seaudit/msobjs/audit.rc14
-rw-r--r--private/ntos/seaudit/msobjs/makefile6
-rw-r--r--private/ntos/seaudit/msobjs/makefile.inc4
-rw-r--r--private/ntos/seaudit/msobjs/msobjs.def3
-rw-r--r--private/ntos/seaudit/msobjs/msobjs.mc1908
-rw-r--r--private/ntos/seaudit/msobjs/sources41
19 files changed, 5152 insertions, 0 deletions
diff --git a/private/ntos/seaudit/dirs b/private/ntos/seaudit/dirs
new file mode 100644
index 000000000..622df6821
--- /dev/null
+++ b/private/ntos/seaudit/dirs
@@ -0,0 +1,29 @@
+!IF 0
+
+Copyright (c) 1989 Microsoft Corporation
+
+Module Name:
+
+ dirs.
+
+Abstract:
+
+ This file specifies the subdirectories of the current directory that
+ contain component makefiles.
+
+
+Author:
+
+ Steve Wood (stevewo) 17-Apr-1990
+
+NOTE: Commented description of this file is in \nt\bak\bin\dirs.tpl
+
+!ENDIF
+
+
+DIRS=msaudite \
+ msobjs
+
+
+
+OPTIONAL_DIRS=
diff --git a/private/ntos/seaudit/msaudite/audit.rc b/private/ntos/seaudit/msaudite/audit.rc
new file mode 100644
index 000000000..2d9993b96
--- /dev/null
+++ b/private/ntos/seaudit/msaudite/audit.rc
@@ -0,0 +1,14 @@
+#include <windows.h>
+
+1 11 MSG00001.bin
+
+#include <ntverp.h>
+
+#define VER_FILETYPE VFT_DLL
+#define VER_FILESUBTYPE VFT2_UNKNOWN
+#define VER_FILEDESCRIPTION_STR "Security Audit Events DLL"
+#define VER_INTERNALNAME_STR "msaudite.dll"
+#define VER_ORIGINALFILENAME_STR "msaudite.dll"
+
+#include "common.ver"
+
diff --git a/private/ntos/seaudit/msaudite/makefile b/private/ntos/seaudit/msaudite/makefile
new file mode 100644
index 000000000..6ee4f43fa
--- /dev/null
+++ b/private/ntos/seaudit/msaudite/makefile
@@ -0,0 +1,6 @@
+#
+# DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
+# file to this component. This file merely indirects to the real make file
+# that is shared by all the components of NT OS/2
+#
+!INCLUDE $(NTMAKEENV)\makefile.def
diff --git a/private/ntos/seaudit/msaudite/makefile.inc b/private/ntos/seaudit/msaudite/makefile.inc
new file mode 100644
index 000000000..2fd6c3210
--- /dev/null
+++ b/private/ntos/seaudit/msaudite/makefile.inc
@@ -0,0 +1,4 @@
+$(NTTARGETFILE0): msaudite.rc msg00001.bin
+
+msaudite.rc msg00001.bin: msaudite.mc
+ mc -v -r . -h $(_NTROOT)\public\sdk\inc\ msaudite.mc
diff --git a/private/ntos/seaudit/msaudite/msaudite.def b/private/ntos/seaudit/msaudite/msaudite.def
new file mode 100644
index 000000000..1daa14c4d
--- /dev/null
+++ b/private/ntos/seaudit/msaudite/msaudite.def
@@ -0,0 +1,3 @@
+LIBRARY msaudit
+
+DESCRIPTION 'Message File for Auditing'
diff --git a/private/ntos/seaudit/msaudite/msaudite.mc b/private/ntos/seaudit/msaudite/msaudite.mc
new file mode 100644
index 000000000..70691841c
--- /dev/null
+++ b/private/ntos/seaudit/msaudite/msaudite.mc
@@ -0,0 +1,2580 @@
+;/*++ BUILD Version: 0001 // Increment this if a change has global effects
+;
+;Copyright (c) 1991 Microsoft Corporation
+;
+;Module Name:
+;
+; msaudite.mc
+;
+;Abstract:
+;
+; Constant definitions for the NT Audit Event Messages.
+;
+;Author:
+;
+; Jim Kelly (JimK) 30-Mar-1992
+;
+;Revision History:
+;
+;Notes:
+;
+; The .h and .res forms of this file are generated from the .mc
+; form of the file (private\ntos\seaudit\msaudite\msaudite.mc).
+; Please make all changes to the .mc form of the file.
+;
+;
+;
+;--*/
+;
+;#ifndef _MSAUDITE_
+;#define _MSAUDITE_
+;
+;/*lint -e767 */ // Don't complain about different definitions // winnt
+
+
+MessageIdTypedef=ULONG
+
+SeverityNames=(None=0x0)
+
+FacilityNames=(None=0x0)
+
+
+
+MessageId=0x0000
+ Language=English
+Unused message ID
+.
+;// Message ID 0 is unused - just used to flush out the diagram
+
+
+
+
+
+
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+
+
+
+
+;
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+;// //
+;// WARNING - WARNING - WARNING - WARNING - WARNING //
+;// //
+;// //
+;// Everything above this is currently in use in the running system. //
+;// //
+;// Everything below this is currently under development and is //
+;// slated to replace everything above. //
+;// //
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+
+
+
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+;// //
+;// //
+;// Audit Message ID Space: //
+;// //
+;// 0x0000 - 0x00FF : Reserved for future use. //
+;// //
+;// 0x0100 - 0x01FF : Categories //
+;// //
+;// 0x0200 - 0x05FF : Events //
+;// //
+;// 0x0600 - 0x063F : Standard access types and names for //
+;// specific accesses when no specific names //
+;// can be found. //
+;// //
+;// 0x0640 - 0x06FF : Well known privilege names (as we would //
+;// like them displayed in the event viewer). //
+;// //
+;// 0x0700 - 0x0FFE : Reserved for future use. //
+;// //
+;// 0X0FFF : SE_ADT_LAST_SYSTEM_MESSAGE (the highest //
+;// value audit message used by the system) //
+;// //
+;// //
+;// 0x1000 and above: For use by Parameter Message Files //
+;// //
+;///////////////////////////////////////////////////////////////////////////
+;///////////////////////////////////////////////////////////////////////////
+
+
+
+
+
+MessageId=0x0FFF
+ SymbolicName=SE_ADT_LAST_SYSTEM_MESSAGE
+ Language=English
+Highest System-Defined Audit Message Value.
+.
+
+
+
+
+
+
+
+
+;
+;/////////////////////////////////////////////////////////////////////////////
+;// //
+;// //
+;// CATEGORIES //
+;// //
+;// Categories take up the range 0x1 - 0x400 //
+;// //
+;// Category IDs: //
+;// //
+;// SE_CATEGID_SYSTEM //
+;// SE_CATEGID_LOGON //
+;// SE_CATEGID_OBJECT_ACCESS //
+;// SE_CATEGID_PRIVILEGE_USE //
+;// SE_CATEGID_DETAILED_TRACKING //
+;// SE_CATEGID_POLICY_CHANGE //
+;// SE_CATEGID_ACCOUNT_MANAGEMENT //
+;// //
+;// //
+;/////////////////////////////////////////////////////////////////////////////
+
+MessageId=0x0001
+ SymbolicName=SE_CATEGID_SYSTEM
+ Language=English
+System Event
+.
+
+MessageId=0x0002
+ SymbolicName=SE_CATEGID_LOGON
+ Language=English
+Logon/Logoff
+.
+
+MessageId=0x0003
+ SymbolicName=SE_CATEGID_OBJECT_ACCESS
+ Language=English
+Object Access
+.
+
+MessageId=0x0004
+ SymbolicName=SE_CATEGID_PRIVILEGE_USE
+ Language=English
+Privilege Use
+.
+
+MessageId=0x0005
+ SymbolicName=SE_CATEGID_DETAILED_TRACKING
+ Language=English
+Detailed Tracking
+.
+
+MessageId=0x0006
+ SymbolicName=SE_CATEGID_POLICY_CHANGE
+ Language=English
+Policy Change
+.
+
+MessageId=0x0007
+ SymbolicName=SE_CATEGID_ACCOUNT_MANAGEMENT
+ Language=English
+Account Management
+.
+
+
+
+
+
+
+
+
+
+
+
+
+;
+;/////////////////////////////////////////////////////////////////////////////
+;// //
+;// //
+;// Messages for Category: SE_CATEGID_SYSTEM //
+;// //
+;// Event IDs: //
+;// SE_AUDITID_SYSTEM_RESTART //
+;// SE_AUDITID_SYSTEM_SHUTDOWN //
+;// SE_AUDITID_AUTH_PACKAGE_LOAD //
+;// SE_AUDITID_LOGON_PROC_REGISTER //
+;// SE_AUDITID_AUDITS_DISCARDED //
+;// SE_AUDITID_NOTIFY_PACKAGE_LOAD //
+;// //
+;/////////////////////////////////////////////////////////////////////////////
+
+
+
+;//
+;//
+;// SE_AUDITID_SYSTEM_RESTART
+;//
+;// Category: SE_CATEGID_SYSTEM
+;//
+;// Parameter Strings - None
+;//
+;//
+;//
+
+MessageId=0x0200
+ SymbolicName=SE_AUDITID_SYSTEM_RESTART
+ Language=English
+Windows NT is starting up.
+.
+
+
+;//
+;//
+;// SE_AUDITID_SYSTEM_SHUTDOWN
+;//
+;// Category: SE_CATEGID_SYSTEM
+;//
+;// Parameter Strings - None
+;//
+;//
+;//
+
+MessageId=0x0201
+ SymbolicName=SE_AUDITID_SYSTEM_SHUTDOWN
+ Language=English
+Windows NT is shutting down.
+All logon sessions will be terminated by this shutdown.
+.
+
+
+;//
+;//
+;// SE_AUDITID_SYSTEM_AUTH_PACKAGE_LOAD
+;//
+;// Category: SE_CATEGID_SYSTEM
+;//
+;// Parameter Strings -
+;//
+;// 1 - Authentication Package Name
+;//
+;//
+;//
+
+MessageId=0x0202
+ SymbolicName=SE_AUDITID_AUTH_PACKAGE_LOAD
+ Language=English
+An authentication package has been loaded by the Local Security Authority.
+This authentication package will be used to authenticate logon attempts.
+%n
+Authentication Package Name:%t%1
+.
+
+
+;//
+;//
+;// SE_AUDITID_SYSTEM_LOGON_PROC_REGISTER
+;//
+;// Category: SE_CATEGID_SYSTEM
+;//
+;// Parameter Strings -
+;//
+;// 1 - Logon Process Name
+;//
+;//
+;//
+
+MessageId=0x0203
+ SymbolicName=SE_AUDITID_SYSTEM_LOGON_PROC_REGISTER
+ Language=English
+A trusted logon process has registered with the Local Security Authority.
+This logon process will be trusted to submit logon requests.
+%n
+%n
+Logon Process Name:%t%1
+.
+
+
+;//
+;//
+;// SE_AUDITID_AUDITS_DISCARDED
+;//
+;// Category: SE_CATEGID_SYSTEM
+;//
+;// Parameter Strings -
+;//
+;// 1 - Number of audits discarded
+;//
+;//
+;//
+
+MessageId=0x0204
+ SymbolicName=SE_AUDITID_AUDITS_DISCARDED
+ Language=English
+Internal resources allocated for the queuing of audit messages have been exhausted,
+leading to the loss of some audits.
+%n
+%tNumber of audit messages discarded:%t%1
+.
+
+
+;//
+;//
+;// SE_AUDITID_AUDIT_LOG_CLEARED
+;//
+;// Category: SE_CATEGID_SYSTEM
+;//
+;// Parameter Strings -
+;//
+;// 1 - Primary user account name
+;//
+;// 2 - Primary authenticating domain name
+;//
+;// 3 - Primary logon ID string
+;//
+;// 4 - Client user account name ("-" if no client)
+;//
+;// 5 - Client authenticating domain name ("-" if no client)
+;//
+;// 6 - Client logon ID string ("-" if no client)
+;//
+;//
+;//
+
+MessageId=0x0205
+ SymbolicName=SE_AUDITID_AUDIT_LOG_CLEARED
+ Language=English
+The audit log was cleared
+%n
+%tPrimary User Name:%t%1%n
+%tPrimary Domain:%t%2%n
+%tPrimary Logon ID:%t%3%n
+%tClient User Name:%t%4%n
+%tClient Domain:%t%5%n
+%tClient Logon ID:%t%6%n
+.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+;//
+;//
+;// SE_AUDITID_SYSTEM_NOTIFY_PACKAGE_LOAD
+;//
+;// Category: SE_CATEGID_SYSTEM
+;//
+;// Parameter Strings -
+;//
+;// 1 - Notification Package Name
+;//
+;//
+;//
+
+MessageId=0x0206
+ SymbolicName=SE_AUDITID_NOTIFY_PACKAGE_LOAD
+ Language=English
+An notification package has been loaded by the Security Account Manager.
+This package will be notified of any account or password changes.
+%n
+Notification Package Name:%t%1
+.
+
+
+;
+;/////////////////////////////////////////////////////////////////////////////
+;// //
+;// //
+;// Messages for Category: SE_CATEGID_LOGON //
+;// //
+;// Event IDs: //
+;// SE_AUDITID_SUCCESSFUL_LOGON //
+;// SE_AUDITID_UNKNOWN_USER_OR_PWD //
+;// SE_AUDITID_ACCOUNT_TIME_RESTR //
+;// SE_AUDITID_ACCOUNT_DISABLED //
+;// SE_AUDITID_ACCOUNT_EXPIRED //
+;// SE_AUDITID_WORKSTATION_RESTR //
+;// SE_AUDITID_LOGON_TYPE_RESTR //
+;// SE_AUDITID_PASSWORD_EXPIRED //
+;// SE_AUDITID_NO_AUTHOR_RESPONSE //
+;// SE_AUDITID_NETLOGON_NOT_STARTED //
+;// SE_AUDITID_UNSUCCESSFUL_LOGON //
+;// SE_AUDITID_LOGOFF //
+;// SE_AUDITID_ACCOUNT_LOCKED //
+;// //
+;// //
+;// //
+;/////////////////////////////////////////////////////////////////////////////
+
+;//
+;//
+;// SE_AUDITID_SUCCESSFUL_LOGON
+;//
+;// Category: SE_CATEGID_LOGON
+;//
+;// Parameter Strings -
+;//
+;// 1 - User account name
+;//
+;// 2 - Authenticating domain name
+;//
+;// 3 - Logon ID string
+;//
+;// 4 - Logon Type string
+;//
+;// 5 - Logon process name
+;//
+;// 6 - Authentication package name
+;//
+;//
+;//
+
+MessageId=0x0210
+ SymbolicName=SE_AUDITID_SUCCESSFUL_LOGON
+ Language=English
+Successful Logon:%n
+%tUser Name:%t%1%n
+%tDomain:%t%t%2%n
+%tLogon ID:%t%t%3%n
+%tLogon Type:%t%4%n
+%tLogon Process:%t%5%n
+%tAuthentication Package:%t%6%n
+%tWorkstation Name:%t%7
+.
+
+;//
+;//
+;// SE_AUDITID_UNKNOWN_USER_OR_PWD
+;//
+;// Category: SE_CATEGID_LOGON
+;//
+;// Parameter Strings -
+;//
+;// 1 - User account name
+;//
+;// 2 - Authenticating domain name
+;//
+;// 3 - Logon Type string
+;//
+;// 4 - Logon process name
+;//
+;// 5 - Authentication package name
+;//
+;//
+
+MessageId=0x0211
+ SymbolicName=SE_AUDITID_UNKNOWN_USER_OR_PWD
+ Language=English
+Logon Failure:%n
+%tReason:%t%tUnknown user name or bad password%n
+%tUser Name:%t%1%n
+%tDomain:%t%t%2%n
+%tLogon Type:%t%3%n
+%tLogon Process:%t%4%n
+%tAuthentication Package:%t%5%n
+%tWorkstation Name:%t%6
+.
+
+;//
+;//
+;// SE_AUDITID_ACCOUNT_TIME_RESTR
+;//
+;// Category: SE_CATEGID_LOGON
+;//
+;// Parameter Strings -
+;//
+;// 1 - User account name
+;//
+;// 2 - Authenticating domain name
+;//
+;// 3 - Logon Type string
+;//
+;// 4 - Logon process name
+;//
+;// 5 - Authentication package name
+;//
+;//
+
+MessageId=0x0212
+ SymbolicName=SE_AUDITID_ACCOUNT_TIME_RESTR
+ Language=English
+Logon Failure:%n
+%tReason:%t%tAccount logon time restriction violation%n
+%tUser Name:%t%1%n
+%tDomain:%t%2%n
+%tLogon Type:%t%3%n
+%tLogon Process:%t%4%n
+%tAuthentication Package:%t%5%n
+%tWorkstation Name:%t%6
+.
+
+
+;//
+;//
+;// SE_AUDITID_ACCOUNT_DISABLED
+;//
+;// Category: SE_CATEGID_LOGON
+;//
+;// Parameter Strings -
+;//
+;// 1 - User account name
+;//
+;// 2 - Authenticating domain name
+;//
+;// 3 - Logon Type string
+;//
+;// 4 - Logon process name
+;//
+;// 5 - Authentication package name
+;//
+;//
+
+MessageId=0x0213
+ SymbolicName=SE_AUDITID_ACCOUNT_DISABLED
+ Language=English
+Logon Failure:%n
+%tReason:%t%tAccount currently disabled%n
+%tUser Name:%t%1%n
+%tDomain:%t%t%2%n
+%tLogon Type:%t%3%n
+%tLogon Process:%t%4%n
+%tAuthentication Package:%t%5%n
+%tWorkstation Name:%t%6
+.
+
+
+;//
+;//
+;// SE_AUDITID_ACCOUNT_EXPIRED
+;//
+;// Category: SE_CATEGID_LOGON
+;//
+;// Parameter Strings -
+;//
+;// 1 - User account name
+;//
+;// 2 - Authenticating domain name
+;//
+;// 3 - Logon Type string
+;//
+;// 4 - Logon process name
+;//
+;// 5 - Authentication package name
+;//
+;//
+
+MessageId=0x0214
+ SymbolicName=SE_AUDITID_ACCOUNT_EXPIRED
+ Language=English
+Logon Failure:%n
+%tReason:%t%tThe specified user account has expired%n
+%tUser Name:%t%1%n
+%tDomain:%t%t%2%n
+%tLogon Type:%t%3%n
+%tLogon Process:%t%4%n
+%tAuthentication Package:%t%5%n
+%tWorkstation Name:%t%6
+.
+
+
+;//
+;//
+;// SE_AUDITID_WORKSTATION_RESTR
+;//
+;// Category: SE_CATEGID_LOGON
+;//
+;// Parameter Strings -
+;//
+;// 1 - User account name
+;//
+;// 2 - Authenticating domain name
+;//
+;// 3 - Logon Type string
+;//
+;// 4 - Logon process name
+;//
+;// 5 - Authentication package name
+;//
+;//
+
+MessageId=0x0215
+ SymbolicName=SE_AUDITID_WORKSTATION_RESTR
+ Language=English
+Logon Failure:%n
+%tReason:%t%tUser not allowed to logon at this computer%n
+%tUser Name:%t%1%n
+%tDomain:%t%2%n
+%tLogon Type:%t%3%n
+%tLogon Process:%t%4%n
+%tAuthentication Package:%t%5%n
+%tWorkstation Name:%t%6
+.
+
+
+;//
+;//
+;// SE_AUDITID_LOGON_TYPE_RESTR
+;//
+;// Category: SE_CATEGID_LOGON
+;//
+;// Parameter Strings -
+;//
+;// 1 - User account name
+;//
+;// 2 - Authenticating domain name
+;//
+;// 3 - Logon Type string
+;//
+;// 4 - Logon process name
+;//
+;// 5 - Authentication package name
+;//
+;//
+
+MessageId=0x0216
+ SymbolicName=SE_AUDITID_LOGON_TYPE_RESTR
+ Language=English
+Logon Failure:%n
+%tReason:%tThe user has not be granted the requested%n
+%t%tlogon type at this machine%n
+%tUser Name:%t%1%n
+%tDomain:%t%t%2%n
+%tLogon Type:%t%3%n
+%tLogon Process:%t%4%n
+%tAuthentication Package:%t%5%n
+%tWorkstation Name:%t%6
+.
+
+
+;//
+;//
+;// SE_AUDITID_PASSWORD_EXPIRED
+;//
+;// Category: SE_CATEGID_LOGON
+;//
+;// Parameter Strings -
+;//
+;// 1 - User account name
+;//
+;// 2 - Authenticating domain name
+;//
+;// 3 - Logon Type string
+;//
+;// 4 - Logon process name
+;//
+;// 5 - Authentication package name
+;//
+;//
+
+MessageId=0x0217
+ SymbolicName=SE_AUDITID_PASSWORD_EXPIRED
+ Language=English
+Logon Failure:%n
+%tReason:%t%tThe specified account's password has expired%n
+%tUser Name:%t%1%n
+%tDomain:%t%t%2%n
+%tLogon Type:%t%3%n
+%tLogon Process:%t%4%n
+%tAuthentication Package:%t%5%n
+%tWorkstation Name:%t%6
+.
+
+
+;//
+;//
+;// SE_AUDITID_NETLOGON_NOT_STARTED
+;//
+;// Category: SE_CATEGID_LOGON
+;//
+;// Parameter Strings -
+;//
+;// 1 - User account name
+;//
+;// 2 - Authenticating domain name
+;//
+;// 3 - Logon Type string
+;//
+;// 4 - Logon process name
+;//
+;// 5 - Authentication package name
+;//
+;//
+
+MessageId=0x0218
+ SymbolicName=SE_AUDITID_NETLOGON_NOT_STARTED
+ Language=English
+Logon Failure:%n
+%tReason:%t%tThe NetLogon component is not active%n
+%tUser Name:%t%1%n
+%tDomain:%t%t%2%n
+%tLogon Type:%t%3%n
+%tLogon Process:%t%4%n
+%tAuthentication Package:%t%5%n
+%tWorkstation Name:%t%6
+.
+
+
+;//
+;//
+;// SE_AUDITID_UNSUCCESSFUL_LOGON
+;//
+;// Category: SE_CATEGID_LOGON
+;//
+;// Parameter Strings -
+;//
+;// 1 - User account name
+;//
+;// 2 - Authenticating domain name
+;//
+;// 3 - Logon Type string
+;//
+;// 4 - Logon process name
+;//
+;// 5 - Authentication package name
+;//
+;//
+
+MessageId=0x0219
+ SymbolicName=SE_AUDITID_UNSUCCESSFUL_LOGON
+ Language=English
+Logon Failure:%n
+%tReason:%t%tAn unexpected error occured during logon%n
+%tUser Name:%t%1%n
+%tDomain:%t%t%2%n
+%tLogon Type:%t%3%n
+%tLogon Process:%t%4%n
+%tAuthentication Package:%t%5%n
+%tWorkstation Name:%t%6
+.
+
+
+;//
+;//
+;// SE_AUDITID_LOGOFF
+;//
+;// Category: SE_CATEGID_LOGON
+;//
+;// Parameter Strings -
+;//
+;// 1 - User account name
+;//
+;// 2 - Authenticating domain name
+;//
+;// 3 - Logon ID string
+;//
+;// 3 - Logon Type string
+;//
+;//
+;//
+
+MessageId=0x021A
+ SymbolicName=SE_AUDITID_LOGOFF
+ Language=English
+User Logoff:%n
+%tUser Name:%t%1%n
+%tDomain:%t%t%2%n
+%tLogon ID:%t%t%3%n
+%tLogon Type:%t%4%n
+.
+
+;//
+;//
+;// SE_AUDITID_ACCOUNT_LOCKED
+;//
+;// Category: SE_CATEGID_LOGON
+;//
+;// Parameter Strings -
+;//
+;// 1 - User account name
+;//
+;// 2 - Authenticating domain name
+;//
+;// 3 - Logon Type string
+;//
+;// 4 - Logon process name
+;//
+;// 5 - Authentication package name
+;//
+;//
+
+MessageId=0x021B
+ SymbolicName=SE_AUDITID_ACCOUNT_LOCKED
+ Language=English
+Logon Failure:%n
+%tReason:%t%tAccount locked out%n
+%tUser Name:%t%1%n
+%tDomain:%t%2%n
+%tLogon Type:%t%3%n
+%tLogon Process:%t%4%n
+%tAuthentication Package:%t%5%n
+%tWorkstation Name:%t%6
+.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+;
+;/////////////////////////////////////////////////////////////////////////////
+;// //
+;// //
+;// Messages for Category: SE_CATEGID_OBJECT_ACCESS //
+;// //
+;// Event IDs: //
+;// SE_AUDITID_OPEN_HANDLE //
+;// SE_AUDITID_CLOSE_HANDLE //
+;// SE_AUDITID_OPEN_OBJECT_FOR_DELETE //
+;// SE_AUDITID_DELETE_OBJECT //
+;// //
+;// //
+;// //
+;/////////////////////////////////////////////////////////////////////////////
+
+
+;//
+;//
+;// SE_AUDITID_OPEN_HANDLE
+;//
+;// Category: SE_CATEGID_OBJECT_ACCESS
+;//
+;// Parameter Strings -
+;//
+;// 1 - Object Type string
+;//
+;// 2 - Object name
+;//
+;// 3 - New handle ID string
+;//
+;// 4 - Object server name
+;//
+;// 5 - Process ID string
+;//
+;// 6 - Primary user account name
+;//
+;// 7 - Primary authenticating domain name
+;//
+;// 8 - Primary logon ID string
+;//
+;// 9 - Client user account name ("-" if no client)
+;//
+;// 10 - Client authenticating domain name ("-" if no client)
+;//
+;// 11 - Client logon ID string ("-" if no client)
+;//
+;// 12 - Access names
+;//
+;//
+;//
+;//
+
+MessageId=0x0230
+ SymbolicName=SE_AUDITID_OPEN_HANDLE
+ Language=English
+Object Open:%n
+%tObject Server:%t%1%n
+%tObject Type:%t%2%n
+%tObject Name:%t%3%n
+%tNew Handle ID:%t%4%n
+%tOperation ID:%t{%5,%6}%n
+%tProcess ID:%t%7%n
+%tPrimary User Name:%t%8%n
+%tPrimary Domain:%t%9%n
+%tPrimary Logon ID:%t%10%n
+%tClient User Name:%t%11%n
+%tClient Domain:%t%12%n
+%tClient Logon ID:%t%13%n
+%tAccesses%t%t%14%n
+%tPrivileges%t%t%15%n
+.
+
+
+;//
+;//
+;// SE_AUDITID_CREATE_HANDLE
+;//
+;// Category: SE_CATEGID_OBJECT_ACCESS
+;//
+;// Parameter Strings -
+;//
+;// 1 - Handle ID string
+;//
+;// 2,3 - Operation ID
+;//
+;// 4 - Process ID string
+;//
+;//
+;//
+;//
+
+MessageId=0x0231
+ SymbolicName=SE_AUDITID_CREATE_HANDLE
+ Language=English
+Handle Allocated:%n
+%tHandle ID:%t%1%n
+%tOperation ID:%t{%2,%3}%n
+%tProcess ID:%t%4%n
+.
+
+
+;//
+;//
+;// SE_AUDITID_CLOSE_HANDLE
+;//
+;// Category: SE_CATEGID_OBJECT_ACCESS
+;//
+;// Parameter Strings -
+;//
+;// 1 - Object server name
+;//
+;// 2 - Handle ID string
+;//
+;// 3 - Process ID string
+;//
+;//
+;//
+;//
+
+MessageId=0x0232
+ SymbolicName=SE_AUDITID_CLOSE_HANDLE
+ Language=English
+Handle Closed:%n
+%tObject Server:%t%1%n
+%tHandle ID:%t%2%n
+%tProcess ID:%t%3%n
+.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+;//
+;//
+;// SE_AUDITID_OPEN_OBJECT_FOR_DELETE
+;//
+;// Category: SE_CATEGID_OBJECT_ACCESS
+;//
+;// Parameter Strings -
+;//
+;// 1 - Object Type string
+;//
+;// 2 - Object name
+;//
+;// 3 - New handle ID string
+;//
+;// 4 - Object server name
+;//
+;// 5 - Process ID string
+;//
+;// 6 - Primary user account name
+;//
+;// 7 - Primary authenticating domain name
+;//
+;// 8 - Primary logon ID string
+;//
+;// 9 - Client user account name ("-" if no client)
+;//
+;// 10 - Client authenticating domain name ("-" if no client)
+;//
+;// 11 - Client logon ID string ("-" if no client)
+;//
+;// 12 - Access names
+;//
+;//
+;//
+;//
+
+MessageId=0x0233
+ SymbolicName=SE_AUDITID_OPEN_OBJECT_FOR_DELETE
+ Language=English
+Object Open for Delete:%n
+%tObject Server:%t%1%n
+%tObject Type:%t%2%n
+%tObject Name:%t%3%n
+%tNew Handle ID:%t%4%n
+%tOperation ID:%t{%5,%6}%n
+%tProcess ID:%t%7%n
+%tPrimary User Name:%t%8%n
+%tPrimary Domain:%t%9%n
+%tPrimary Logon ID:%t%10%n
+%tClient User Name:%t%11%n
+%tClient Domain:%t%12%n
+%tClient Logon ID:%t%13%n
+%tAccesses%t%t%14%n
+%tPrivileges%t%t%15%n
+.
+
+
+;//
+;//
+;// SE_AUDITID_DELETE_OBJECT
+;//
+;// Category: SE_CATEGID_OBJECT_ACCESS
+;//
+;// Parameter Strings -
+;//
+;// 1 - Object server name
+;//
+;// 2 - Handle ID string
+;//
+;// 3 - Process ID string
+;//
+;//
+;//
+;//
+
+MessageId=0x0234
+ SymbolicName=SE_AUDITID_DELETE_OBJECT
+ Language=English
+Object Deleted:%n
+%tObject Server:%t%1%n
+%tHandle ID:%t%2%n
+%tProcess ID:%t%3%n
+.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+;
+;/////////////////////////////////////////////////////////////////////////////
+;// //
+;// //
+;// Messages for Category: SE_CATEGID_PRIVILEGE_USE //
+;// //
+;// Event IDs: //
+;// SE_AUDITID_ASSIGN_SPECIAL_PRIV //
+;// SE_AUDITID_PRIVILEGED_SERVICE //
+;// SE_AUDITID_PRIVILEGED_OBJECT //
+;// //
+;// //
+;// //
+;/////////////////////////////////////////////////////////////////////////////
+
+
+
+;//
+;//
+;// SE_AUDITID_ASSIGN_SPECIAL_PRIV
+;//
+;// Category: SE_CATEGID_PRIVILEGE_USE
+;//
+;// Parameter Strings -
+;//
+;// 1 - User name
+;//
+;// 2 - domain name
+;//
+;// 3 - Logon ID string
+;//
+;// 4 - Privilege names (as 1 string, with formatting)
+;//
+;//
+;//
+;//
+
+MessageId=0x0240
+ SymbolicName=SE_AUDITID_ASSIGN_SPECIAL_PRIV
+ Language=English
+Special privileges assigned to new logon:%n
+%tUser Name:%t%1%n
+%tDomain:%t%t%2%n
+%tLogon ID:%t%t%3%n
+%tAssigned:%t%t%4
+.
+
+
+
+
+
+;//
+;//
+;// SE_AUDITID_PRIVILEGED_SERVICE
+;//
+;// Category: SE_CATEGID_PRIVILEGE_USE
+;//
+;// Parameter Strings -
+;//
+;// 1 - server name
+;//
+;// 2 - service name
+;//
+;// 3 - Primary User name
+;//
+;// 4 - Primary domain name
+;//
+;// 5 - Primary Logon ID string
+;//
+;// 6 - Client User name (or "-" if not impersonating)
+;//
+;// 7 - Client domain name (or "-" if not impersonating)
+;//
+;// 8 - Client Logon ID string (or "-" if not impersonating)
+;//
+;// 9 - Privilege names (as 1 string, with formatting)
+;//
+;//
+;//
+;//
+
+MessageId=0x0241
+ SymbolicName=SE_AUDITID_PRIVILEGED_SERVICE
+ Language=English
+Privileged Service Called:%n
+%tServer:%t%t%1%n
+%tService:%t%t%2%n
+%tPrimary User Name:%t%3%n
+%tPrimary Domain:%t%4%n
+%tPrimary Logon ID:%t%5%n
+%tClient User Name:%t%6%n
+%tClient Domain:%t%7%n
+%tClient Logon ID:%t%8%n
+%tPrivileges:%t%9
+.
+
+
+
+
+
+
+;//
+;//
+;// SE_AUDITID_PRIVILEGED_OBJECT
+;//
+;// Category: SE_CATEGID_PRIVILEGE_USE
+;//
+;// Parameter Strings -
+;//
+;// 1 - Object type
+;//
+;// 2 - object name (if available)
+;//
+;// 3 - server name
+;//
+;// 4 - process ID string
+;//
+;// 5 - Primary User name
+;//
+;// 6 - Primary domain name
+;//
+;// 7 - Primary Logon ID string
+;//
+;// 8 - Client User name (or "-" if not impersonating)
+;//
+;// 9 - Client domain name (or "-" if not impersonating)
+;//
+;// 10 - Client Logon ID string (or "-" if not impersonating)
+;//
+;// 11 - Privilege names (as 1 string, with formatting)
+;//
+;//
+;//
+;//
+
+;//
+;// Jimk Original
+;//
+;//MessageId=0x0242
+;// SymbolicName=SE_AUDITID_PRIVILEGED_OBJECT
+;// Language=English
+;//%tPrivileged object operation:%n
+;//%t%tObject Type:%t%1%n
+;//%t%tObject Name:%t%2%n
+;//%t%tObject Server:%t%3%n
+;//%t%tProcess ID:%t%4%n
+;//%t%tPrimary User Name:%t%5%n
+;//%t%tPrimary Domain:%t%6%n
+;//%t%tPrimary Logon ID:%t%7%n
+;//%t%tClient User Name:%t%8%n
+;//%t%tClient Domain:%t%9%n
+;//%t%tClient Logon ID:%t%10%n
+;//%t%tPrivileges:%t%11
+;//.
+
+
+MessageId=0x0242
+ SymbolicName=SE_AUDITID_PRIVILEGED_OBJECT
+ Language=English
+Privileged object operation:%n
+%tObject Server:%t%1%n
+%tObject Handle:%t%2%n
+%tProcess ID:%t%3%n
+%tPrimary User Name:%t%4%n
+%tPrimary Domain:%t%5%n
+%tPrimary Logon ID:%t%6%n
+%tClient User Name:%t%7%n
+%tClient Domain:%t%8%n
+%tClient Logon ID:%t%9%n
+%tPrivileges:%t%10
+.
+
+
+
+
+
+
+
+
+
+;
+;/////////////////////////////////////////////////////////////////////////////
+;// //
+;// //
+;// Messages for Category: SE_CATEGID_DETAILED_TRACKING //
+;// //
+;// Event IDs: //
+;// SE_AUDITID_PROCESS_CREATED //
+;// SE_AUDITID_PROCESS_EXIT //
+;// SE_AUDITID_DUPLICATE_HANDLE //
+;// SE_AUDITID_INDIRECT_REFERENCE //
+;// //
+;// //
+;// //
+;/////////////////////////////////////////////////////////////////////////////
+
+
+;//
+;//
+;// SE_AUDITID_PROCESS_CREATED
+;//
+;// Category: SE_CATEGID_DETAILED_TRACKING
+;//
+;// Parameter Strings -
+;//
+;// 1 - process ID string
+;//
+;// 2 - Image file name (if available - otherwise "-")
+;//
+;// 3 - Creating process's ID
+;//
+;// 4 - User name (of new process)
+;//
+;// 5 - domain name (of new process)
+;//
+;// 6 - Logon ID string (of new process)
+;//
+
+MessageId=0x0250
+ SymbolicName=SE_AUDITID_PROCESS_CREATED
+ Language=English
+A new process has been created:%n
+%tNew Process ID:%t%1%n
+%tImage File Name:%t%2%n
+%tCreator Process ID:%t%3%n
+%tUser Name:%t%4%n
+%tDomain:%t%t%5%n
+%tLogon ID:%t%t%6%n
+.
+
+
+
+
+
+;//
+;//
+;// SE_AUDITID_PROCESS_EXIT
+;//
+;// Category: SE_CATEGID_DETAILED_TRACKING
+;//
+;// Parameter Strings -
+;//
+;// 1 - process ID string
+;//
+;// 2 - User name
+;//
+;// 3 - domain name
+;//
+;// 4 - Logon ID string
+;//
+;//
+;//
+;//
+
+MessageId=0x0251
+ SymbolicName=SE_AUDITID_PROCESS_EXIT
+ Language=English
+A process has exited:%n
+%tProcess ID:%t%1%n
+%tUser Name:%t%2%n
+%tDomain:%t%t%3%n
+%tLogon ID:%t%t%4%n
+.
+
+
+
+
+
+;//
+;//
+;// SE_AUDITID_DUPLICATE_HANDLE
+;//
+;// Category: SE_CATEGID_DETAILED_TRACKING
+;//
+;// Parameter Strings -
+;//
+;// 1 - Origin (source) handle ID string
+;//
+;// 2 - Origin (source) process ID string
+;//
+;// 3 - New (Target) handle ID string
+;//
+;// 4 - Target process ID string
+;//
+;//
+;//
+
+MessageId=0x0252
+ SymbolicName=SE_AUDITID_DUPLICATE_HANDLE
+ Language=English
+A handle to an object has been duplicated:%n
+%tSource Handle ID:%t%1%n
+%tSource Process ID:%t%2%n
+%tTarget Handle ID:%t%3%n
+%tTarget Process ID:%t%4%n
+.
+
+
+
+
+
+
+
+
+;//
+;//
+;// SE_AUDITID_INDIRECT_REFERENCE
+;//
+;// Category: SE_CATEGID_DETAILED_TRACKING
+;//
+;// Parameter Strings -
+;//
+;// 1 - Object type
+;//
+;// 2 - object name (if available - otherwise "-")
+;//
+;// 3 - ID string of handle used to gain access
+;//
+;// 3 - server name
+;//
+;// 4 - process ID string
+;//
+;// 5 - primary User name
+;//
+;// 6 - primary domain name
+;//
+;// 7 - primary logon ID
+;//
+;// 8 - client User name
+;//
+;// 9 - client domain name
+;//
+;// 10 - client logon ID
+;//
+;// 11 - granted access names (with formatting)
+;//
+;//
+
+MessageId=0x0253
+ SymbolicName=SE_AUDITID_INDIRECT_REFERENCE
+ Language=English
+Indirect access to an object has been obtained:%n
+%tObject Type:%t%1%n
+%tObject Name:%t%2%n
+%tProcess ID:%t%3%n
+%tPrimary User Name:%t%4%n
+%tPrimary Domain:%t%5%n
+%tPrimary Logon ID:%t%6%n
+%tClient User Name:%t%7%n
+%tClient Domain:%t%8%n
+%tClient Logon ID:%t%9%n
+%tAccesses:%t%10%n
+.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+;
+;/////////////////////////////////////////////////////////////////////////////
+;// //
+;// //
+;// Messages for Category: SE_CATEGID_POLICY_CHANGE //
+;// //
+;// Event IDs: //
+;// SE_AUDITID_USER_RIGHT_ASSIGNED //
+;// SE_AUDITID_USER_RIGHT_REMOVED //
+;// SE_AUDITID_TRUSTED_DOMAIN_ADD //
+;// SE_AUDITID_TRUSTED_DOMAIN_REM //
+;// SE_AUDITID_POLICY_CHANGE //
+;// //
+;// //
+;// //
+;/////////////////////////////////////////////////////////////////////////////
+
+
+
+;//
+;//
+;// SE_AUDITID_USER_RIGHT_ASSIGNED
+;//
+;// Category: SE_CATEGID_POLICY_CHANGE
+;//
+;// Parameter Strings -
+;//
+;// 1 - User right name
+;//
+;// 2 - SID string of account assigned the user right
+;//
+;// 3 - User name of subject assigning the right
+;//
+;// 4 - Domain name of subject assigning the right
+;//
+;// 5 - Logon ID string of subject assigning the right
+;//
+;//
+;//
+
+MessageId=0x0260
+ SymbolicName=SE_AUDITID_USER_RIGHT_ASSIGNED
+ Language=English
+User Right Assigned:%n
+%tUser Right:%t%1%n
+%tAssigned To:%t%2%n
+%tAssigned By:%n
+%tUser Name:%t%3%n
+%tDomain:%t%t%4%n
+%tLogon ID:%t%t%5%n
+.
+
+
+
+
+;//
+;//
+;// SE_AUDITID_USER_RIGHT_REMOVED
+;//
+;// Category: SE_CATEGID_POLICY_CHANGE
+;//
+;// Parameter Strings -
+;//
+;// 1 - User right name
+;//
+;// 2 - SID string of account from which the user
+;// right was removed
+;//
+;// 3 - User name of subject removing the right
+;//
+;// 4 - Domain name of subject removing the right
+;//
+;// 5 - Logon ID string of subject removing the right
+;//
+;//
+
+MessageId=0x0261
+ SymbolicName=SE_AUDITID_USER_RIGHT_REMOVED
+ Language=English
+User Right Removed:%n
+%tUser Right:%t%1%n
+%tRemoved From:%t%2%n
+%tRemoved By:%n
+%tUser Name:%t%3%n
+%tDomain:%t%t%4%n
+%tLogon ID:%t%t%5%n
+.
+
+
+
+
+
+
+;//
+;//
+;// SE_AUDITID_TRUSTED_DOMAIN_ADD
+;//
+;// Category: SE_CATEGID_POLICY_CHANGE
+;//
+;// Parameter Strings -
+;//
+;// 1 - Name of new trusted domain
+;//
+;// 2 - SID string of new trusted domain
+;//
+;// 3 - User name of subject adding the trusted domain
+;//
+;// 4 - Domain name of subject adding the trusted domain
+;//
+;// 5 - Logon ID string of subject adding the trusted domain
+;//
+
+MessageId=0x0262
+ SymbolicName=SE_AUDITID_TRUSTED_DOMAIN_ADD
+ Language=English
+New Trusted Domain:%n
+%tDomain Name:%t%1%n
+%tDomain ID:%t%2%n
+%tEstablished By:%n
+%tUser Name:%t%3%n
+%tDomain:%t%t%4%n
+%tLogon ID:%t%t%5%n
+.
+
+
+
+
+
+
+;//
+;//
+;// SE_AUDITID_TRUSTED_DOMAIN_REM
+;//
+;// Category: SE_CATEGID_POLICY_CHANGE
+;//
+;// Parameter Strings -
+;//
+;// 1 - Name of domain no longer trusted
+;//
+;// 2 - SID string of domain no longer trusted
+;//
+;// 3 - User name of subject removing the trusted domain
+;//
+;// 4 - Domain name of subject removing the trusted domain
+;//
+;// 5 - Logon ID string of subject removing the trusted domain
+;//
+;//
+;//
+
+MessageId=0x0263
+ SymbolicName=SE_AUDITID_TRUSTED_DOMAIN_REM
+ Language=English
+Removing Trusted Domain:%n
+%tDomain Name:%t%1%n
+%tDomain ID:%t%2%n
+%tRemoved By:%n
+%tUser Name:%t%3%n
+%tDomain:%t%t%4%n
+%tLogon ID:%t%t%5%n
+.
+
+
+
+
+
+
+;//
+;//
+;// SE_AUDITID_POLICY_CHANGE
+;//
+;// Category: SE_CATEGID_POLICY_CHANGE
+;//
+;// Parameter Strings -
+;//
+;// 1 - System success audit status ("+" or "-")
+;// 2 - System failure audit status ("+" or "-")
+;//
+;// 3 - Logon/Logoff success audit status ("+" or "-")
+;// 4 - Logon/Logoff failure audit status ("+" or "-")
+;//
+;// 5 - Object Access success audit status ("+" or "-")
+;// 6 - Object Access failure audit status ("+" or "-")
+;//
+;// 7 - Detailed Tracking success audit status ("+" or "-")
+;// 8 - Detailed Tracking failure audit status ("+" or "-")
+;//
+;// 9 - Privilege Use success audit status ("+" or "-")
+;// 10 - Privilege Use failure audit status ("+" or "-")
+;//
+;// 11 - Policy Change success audit status ("+" or "-")
+;// 12 - Policy Change failure audit status ("+" or "-")
+;//
+;// 13 - Account Management success audit status ("+" or "-")
+;// 14 - Account Management failure audit status ("+" or "-")
+;//
+;// 15 - Account Name of user that changed the policy
+;//
+;// 16 - Domain of user that changed the policy
+;//
+;// 17 - Logon ID of user that changed the policy
+;//
+;//
+
+MessageId=0x0264
+ SymbolicName=SE_AUDITID_POLICY_CHANGE
+ Language=English
+Audit Policy Change:%n
+New Policy:%n
+%tSuccess%tFailure%n
+%t %1%t %2%tSystem%n
+%t %3%t %4%tLogon/Logoff%n
+%t %5%t %6%tObject Access%n
+%t %7%t %8%tPrivilege Use%n
+%t %9%t %10%tDetailed Tracking%n
+%t %11%t %12%tPolicy Change%n
+%t %13%t %14%tAccount Management%n%n
+Changed By:%n
+%tUser Name:%t%15%n
+%tDomain Name:%t%16%n
+%tLogon ID:%t%t%17
+.
+
+
+
+
+
+
+
+
+
+
+
+
+;
+;/////////////////////////////////////////////////////////////////////////////
+;// //
+;// //
+;// Messages for Category: SE_CATEGID_ACCOUNT_MANAGEMENT //
+;// //
+;// Event IDs: //
+;// SE_AUDITID_USER_CREATED //
+;// SE_AUDITID_USER_CHANGE //
+;// SE_AUDITID_ACCOUNT_TYPE_CHANGE //
+;// SE_AUDITID_USER_ENABLED //
+;// SE_AUDITID_USER_PWD_CHANGED //
+;// SE_AUDITID_USER_PWD_SET //
+;// SE_AUDITID_USER_DISABLED //
+;// SE_AUDITID_USER_DELETED //
+;// SE_AUDITID_GLOBAL_GROUP_CREATED //
+;// SE_AUDITID_GLOBAL_GROUP_ADD //
+;// SE_AUDITID_GLOBAL_GROUP_REM //
+;// SE_AUDITID_GLOBAL_GROUP_DELETED //
+;// SE_AUDITID_LOCAL_GROUP_CREATED //
+;// SE_AUDITID_LOCAL_GROUP_ADD //
+;// SE_AUDITID_LOCAL_GROUP_REM //
+;// SE_AUDITID_LOCAL_GROUP_DELETED //
+;// SE_AUDITID_OTHER_ACCT_CHANGE //
+;// SE_AUDITID_DOMAIN_POLICY_CHANGE //
+;// //
+;// //
+;/////////////////////////////////////////////////////////////////////////////
+
+
+;//
+;//
+;// SE_AUDITID_USER_CREATED
+;//
+;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
+;//
+;// Parameter Strings -
+;//
+;// 1 - name of new user account
+;//
+;// 2 - domain of new user account
+;//
+;// 3 - SID string of new user account
+;//
+;// 4 - User name of subject creating the user account
+;//
+;// 5 - Domain name of subject creating the user account
+;//
+;// 6 - Logon ID string of subject creating the user account
+;//
+;// 7 - Privileges used to create the user account
+;//
+;//
+
+MessageId=0x0270
+ SymbolicName=SE_AUDITID_USER_CREATED
+ Language=English
+User Account Created:%n
+%tNew Account Name:%t%1%n
+%tNew Domain:%t%2%n
+%tNew Account ID:%t%3%n
+%tCaller User Name:%t%4%n
+%tCaller Domain:%t%5%n
+%tCaller Logon ID:%t%6%n
+%tPrivileges%t%t%7%n
+.
+
+
+
+
+
+
+;//
+;//
+;// SE_AUDITID_ACCOUNT_TYPE_CHANGE
+;//
+;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
+;//
+;// Parameter Strings -
+;//
+;// 1 - name of target user account
+;//
+;// 2 - domain of target user account
+;//
+;// 3 - SID string of target user account
+;//
+;// 4 - new account type string
+;// (sigh, this isn't going to be locallizable)
+;//
+;// 5 - User name of subject changing the user account
+;//
+;// 6 - Domain name of subject changing the user account
+;//
+;// 7 - Logon ID string of subject changing the user account
+;//
+;//
+
+MessageId=0x0271
+ SymbolicName=SE_AUDITID_ACCOUNT_TYPE_CHANGE
+ Language=English
+User Account Type Change:%n
+%tTarget Account Name:%t%1%n
+%tTarget Domain:%t%2%n
+%tTarget Account ID:%t%3%n
+%tNew Type:%t%4%n
+%tCaller User Name:%t%5%n
+%tCaller Domain:%t%6%n
+%tCaller Logon ID:%t%7%n
+.
+
+
+
+
+
+
+;//
+;//
+;// SE_AUDITID_USER_ENABLED
+;//
+;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
+;//
+;// Parameter Strings -
+;//
+;// 1 - name of target user account
+;//
+;// 2 - domain of target user account
+;//
+;// 3 - SID string of target user account
+;//
+;// 4 - User name of subject changing the user account
+;//
+;// 5 - Domain name of subject changing the user account
+;//
+;// 6 - Logon ID string of subject changing the user account
+;//
+;//
+
+MessageId=0x0272
+ SymbolicName=SE_AUDITID_USER_ENABLED
+ Language=English
+User Account Enabled:%n
+%tTarget Account Name:%t%1%n
+%tTarget Domain:%t%2%n
+%tTarget Account ID:%t%3%n
+%tCaller User Name:%t%4%n
+%tCaller Domain:%t%5%n
+%tCaller Logon ID:%t%6%n
+.
+
+
+
+
+
+
+;//
+;//
+;// SE_AUDITID_USER_PWD_CHANGED
+;//
+;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
+;//
+;// Parameter Strings -
+;//
+;// 1 - name of target user account
+;//
+;// 2 - domain of target user account
+;//
+;// 3 - SID string of target user account
+;//
+;// 4 - User name of subject changing the user account
+;//
+;// 5 - Domain name of subject changing the user account
+;//
+;// 6 - Logon ID string of subject changing the user account
+;//
+;//
+
+MessageId=0x0273
+ SymbolicName=SE_AUDITID_USER_PWD_CHANGED
+ Language=English
+Change Password Attempt:%n
+%tTarget Account Name:%t%1%n
+%tTarget Domain:%t%2%n
+%tTarget Account ID:%t%3%n
+%tCaller User Name:%t%4%n
+%tCaller Domain:%t%5%n
+%tCaller Logon ID:%t%6%n
+%tPrivileges:%t%7%n
+.
+
+
+
+
+
+
+;//
+;//
+;// SE_AUDITID_USER_PWD_SET
+;//
+;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
+;//
+;// Parameter Strings -
+;//
+;// 1 - name of target user account
+;//
+;// 2 - domain of target user account
+;//
+;// 3 - SID string of target user account
+;//
+;// 4 - User name of subject changing the user account
+;//
+;// 5 - Domain name of subject changing the user account
+;//
+;// 6 - Logon ID string of subject changing the user account
+;//
+;//
+
+MessageId=0x0274
+ SymbolicName=SE_AUDITID_USER_PWD_SET
+ Language=English
+User Account password set:%n
+%tTarget Account Name:%t%1%n
+%tTarget Domain:%t%2%n
+%tTarget Account ID:%t%3%n
+%tCaller User Name:%t%4%n
+%tCaller Domain:%t%5%n
+%tCaller Logon ID:%t%6%n
+.
+
+
+
+
+
+
+;//
+;//
+;// SE_AUDITID_USER_DISABLED
+;//
+;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
+;//
+;// Parameter Strings -
+;//
+;// 1 - name of target user account
+;//
+;// 2 - domain of target user account
+;//
+;// 3 - SID string of target user account
+;//
+;// 4 - User name of subject changing the user account
+;//
+;// 5 - Domain name of subject changing the user account
+;//
+;// 6 - Logon ID string of subject changing the user account
+;//
+;//
+
+MessageId=0x0275
+ SymbolicName=SE_AUDITID_USER_DISABLED
+ Language=English
+User Account Disabled:%n
+%tTarget Account Name:%t%1%n
+%tTarget Domain:%t%2%n
+%tTarget Account ID:%t%3%n
+%tCaller User Name:%t%4%n
+%tCaller Domain:%t%5%n
+%tCaller Logon ID:%t%6%n
+.
+
+
+
+
+
+
+;//
+;//
+;// SE_AUDITID_USER_DELETED
+;//
+;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
+;//
+;// Parameter Strings -
+;//
+;// 1 - name of target account
+;//
+;// 2 - domain of target account
+;//
+;// 3 - SID string of target account
+;//
+;// 4 - User name of subject changing the account
+;//
+;// 5 - Domain name of subject changing the account
+;//
+;// 6 - Logon ID string of subject changing the account
+;//
+;//
+
+MessageId=0x0276
+ SymbolicName=SE_AUDITID_USER_DELETED
+ Language=English
+User Account Deleted:%n
+%tTarget Account Name:%t%1%n
+%tTarget Domain:%t%2%n
+%tTarget Account ID:%t%3%n
+%tCaller User Name:%t%4%n
+%tCaller Domain:%t%5%n
+%tCaller Logon ID:%t%6%n
+%tPrivileges:%t%7%n
+.
+
+
+
+
+
+
+;//
+;//
+;// SE_AUDITID_GLOBAL_GROUP_CREATED
+;//
+;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
+;//
+;// Parameter Strings -
+;//
+;// 1 - name of new group account
+;//
+;// 2 - domain of new group account
+;//
+;// 3 - SID string of new group account
+;//
+;// 4 - User name of subject creating the account
+;//
+;// 5 - Domain name of subject creating the account
+;//
+;// 6 - Logon ID string of subject creating the account
+;//
+;//
+
+MessageId=0x0277
+ SymbolicName=SE_AUDITID_GLOBAL_GROUP_CREATED
+ Language=English
+Global Group Created:%n
+%tNew Account Name:%t%1%n
+%tNew Domain:%t%2%n
+%tNew Account ID:%t%3%n
+%tCaller User Name:%t%4%n
+%tCaller Domain:%t%5%n
+%tCaller Logon ID:%t%6%n
+%tPrivileges:%t%7%n
+.
+
+
+
+
+
+
+;//
+;//
+;// SE_AUDITID_GLOBAL_GROUP_ADD
+;//
+;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
+;//
+;// Parameter Strings -
+;//
+;// 1 - SID string of new member
+;//
+;// 2 - name of target account
+;//
+;// 3 - domain of target account
+;//
+;// 4 - SID string of target account
+;//
+;// 5 - User name of subject changing the account
+;//
+;// 6 - Domain name of subject changing the account
+;//
+;// 7 - Logon ID string of subject changing the account
+;//
+;//
+
+MessageId=0x0278
+ SymbolicName=SE_AUDITID_GLOBAL_GROUP_ADD
+ Language=English
+Global Group Member Added:%n
+%tMember:%t%1%n
+%tTarget Account Name:%t%2%n
+%tTarget Domain:%t%3%n
+%tTarget Account ID:%t%4%n
+%tCaller User Name:%t%5%n
+%tCaller Domain:%t%6%n
+%tCaller Logon ID:%t%7%n
+%tPrivileges:%t%8%n
+.
+
+
+
+
+
+
+;//
+;//
+;// SE_AUDITID_GLOBAL_GROUP_REM
+;//
+;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
+;//
+;// Parameter Strings -
+;//
+;// 1 - SID string of member being removed
+;//
+;// 2 - name of target account
+;//
+;// 3 - domain of target account
+;//
+;// 4 - SID string of target account
+;//
+;// 5 - User name of subject changing the account
+;//
+;// 6 - Domain name of subject changing the account
+;//
+;// 7 - Logon ID string of subject changing the account
+;//
+;//
+
+MessageId=0x0279
+ SymbolicName=SE_AUDITID_GLOBAL_GROUP_REM
+ Language=English
+Global Group Member Removed:%n
+%tMember:%t%1%n
+%tTarget Account Name:%t%2%n
+%tTarget Domain:%t%3%n
+%tTarget Account ID:%t%4%n
+%tCaller User Name:%t%5%n
+%tCaller Domain:%t%6%n
+%tCaller Logon ID:%t%7%n
+%tPrivileges:%t%8%n
+.
+
+
+
+
+
+
+;//
+;//
+;// SE_AUDITID_GLOBAL_GROUP_DELETED
+;//
+;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
+;//
+;// Parameter Strings -
+;//
+;// 1 - name of target account
+;//
+;// 2 - domain of target account
+;//
+;// 3 - SID string of target account
+;//
+;// 4 - User name of subject changing the account
+;//
+;// 5 - Domain name of subject changing the account
+;//
+;// 6 - Logon ID string of subject changing the account
+;//
+;//
+
+MessageId=0x027A
+ SymbolicName=SE_AUDITID_GLOBAL_GROUP_DELETED
+ Language=English
+Global Group Deleted:%n
+%tTarget Account Name:%t%1%n
+%tTarget Domain:%t%2%n
+%tTarget Account ID:%t%3%n
+%tCaller User Name:%t%4%n
+%tCaller Domain:%t%5%n
+%tCaller Logon ID:%t%6%n
+%tPrivileges:%t%7%n
+.
+
+
+
+
+
+;//
+;//
+;// SE_AUDITID_LOCAL_GROUP_CREATED
+;//
+;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
+;//
+;// Parameter Strings -
+;//
+;// 1 - name of new group account
+;//
+;// 2 - domain of new group account
+;//
+;// 3 - SID string of new group account
+;//
+;// 4 - User name of subject creating the account
+;//
+;// 5 - Domain name of subject creating the account
+;//
+;// 6 - Logon ID string of subject creating the account
+;//
+;//
+
+MessageId=0x027B
+ SymbolicName=SE_AUDITID_LOCAL_GROUP_CREATED
+ Language=English
+Local Group Created:%n
+%tNew Account Name:%t%1%n
+%tNew Domain:%t%2%n
+%tNew Account ID:%t%3%n
+%tCaller User Name:%t%4%n
+%tCaller Domain:%t%5%n
+%tCaller Logon ID:%t%6%n
+%tPrivileges:%t%7%n
+.
+
+
+
+
+
+
+;//
+;//
+;// SE_AUDITID_LOCAL_GROUP_ADD
+;//
+;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
+;//
+;// Parameter Strings -
+;//
+;// 1 - SID string of new member
+;//
+;// 2 - name of target account
+;//
+;// 3 - domain of target account
+;//
+;// 4 - SID string of target account
+;//
+;// 5 - User name of subject changing the account
+;//
+;// 6 - Domain name of subject changing the account
+;//
+;// 7 - Logon ID string of subject changing the account
+;//
+;//
+
+MessageId=0x027C
+ SymbolicName=SE_AUDITID_LOCAL_GROUP_ADD
+ Language=English
+Local Group Member Added:%n
+%tMember:%t%1%n
+%tTarget Account Name:%t%2%n
+%tTarget Domain:%t%t%3%n
+%tTarget Account ID:%t%t%4%n
+%tCaller User Name:%t%t%5%n
+%tCaller Domain:%t%t%6%n
+%tCaller Logon ID:%t%t%7%n
+%tPrivileges:%t%8%n
+.
+
+
+
+
+
+
+;//
+;//
+;// SE_AUDITID_LOCAL_GROUP_REM
+;//
+;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
+;//
+;// Parameter Strings -
+;//
+;// 1 - SID string of member being removed
+;//
+;// 2 - name of target account
+;//
+;// 3 - domain of target account
+;//
+;// 4 - SID string of target account
+;//
+;// 5 - User name of subject changing the account
+;//
+;// 6 - Domain name of subject changing the account
+;//
+;// 7 - Logon ID string of subject changing the account
+;//
+;//
+
+MessageId=0x027D
+ SymbolicName=SE_AUDITID_LOCAL_GROUP_REM
+ Language=English
+Local Group Member Removed:%n
+%tMember:%t%1%n
+%tTarget Account Name:%t%2%n
+%tTarget Domain:%t%t%3%n
+%tTarget Account ID:%t%t%4%n
+%tCaller User Name:%t%t%5%n
+%tCaller Domain:%t%t%6%n
+%tCaller Logon ID:%t%t%7%n
+%tPrivileges:%t%t%8%n
+.
+
+
+
+
+
+
+;//
+;//
+;// SE_AUDITID_LOCAL_GROUP_DELETED
+;//
+;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
+;//
+;// Parameter Strings -
+;//
+;// 1 - name of target account
+;//
+;// 2 - domain of target account
+;//
+;// 3 - SID string of target account
+;//
+;// 4 - User name of subject changing the account
+;//
+;// 5 - Domain name of subject changing the account
+;//
+;// 6 - Logon ID string of subject changing the account
+;//
+;//
+
+MessageId=0x027E
+ SymbolicName=SE_AUDITID_LOCAL_GROUP_DELETED
+ Language=English
+Local Group Deleted:%n
+%tTarget Account Name:%t%1%n
+%tTarget Domain:%t%2%n
+%tTarget Account ID:%t%3%n
+%tCaller User Name:%t%4%n
+%tCaller Domain:%t%5%n
+%tCaller Logon ID:%t%6%n
+%tPrivileges:%t%7%n
+.
+
+
+;//
+;//
+;// SE_AUDITID_LOCAL_GROUP_CHANGE
+;//
+;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
+;//
+;// Parameter Strings -
+;//
+;// 1 - name of target account
+;//
+;// 2 - domain of target account
+;//
+;// 3 - SID string of target account
+;//
+;// 4 - User name of subject changing the account
+;//
+;// 5 - Domain name of subject changing the account
+;//
+;// 6 - Logon ID string of subject changing the account
+;//
+;//
+
+MessageId=0x027F
+ SymbolicName=SE_AUDITID_LOCAL_GROUP_CHANGE
+ Language=English
+Local Group Changed:%n
+%tTarget Account Name:%t%1%n
+%tTarget Domain:%t%2%n
+%tTarget Account ID:%t%3%n
+%tCaller User Name:%t%4%n
+%tCaller Domain:%t%5%n
+%tCaller Logon ID:%t%6%n
+%tPrivileges:%t%7%n
+.
+
+
+
+
+
+
+
+;//
+;//
+;// SE_AUDITID_OTHER_ACCOUNT_CHANGE
+;//
+;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
+;//
+;// Parameter Strings -
+;//
+;// 1 - Type of change (sigh, this isn't localizable)
+;//
+;// 2 - Type of changed object
+;//
+;// 3 - SID string (of changed object)
+;//
+;// 4 - User name of subject changing the account
+;//
+;// 5 - Domain name of subject changing the account
+;//
+;// 6 - Logon ID string of subject changing the account
+;//
+;//
+
+MessageId=0x0280
+ SymbolicName=SE_AUDITID_OTHER_ACCOUNT_CHANGE
+ Language=English
+General Account Database Change:%n
+%tType of change:%t%1%n
+%tObject Type:%t%2%n
+%tObject Name:%t%3%n
+%tObject ID:%t%4%n
+%tCaller User Name:%t%5%n
+%tCaller Domain:%t%6%n
+%tCaller Logon ID:%t%7%n
+.
+
+
+
+
+
+
+
+;//
+;//
+;// SE_AUDITID_GLOBAL_GROUP_CHANGE
+;//
+;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
+;//
+;// Parameter Strings -
+;//
+;// 1 - name of target account
+;//
+;// 2 - domain of target account
+;//
+;// 3 - SID string of target account
+;//
+;// 4 - User name of subject changing the account
+;//
+;// 5 - Domain name of subject changing the account
+;//
+;// 6 - Logon ID string of subject changing the account
+;//
+;//
+
+MessageId=0x0281
+ SymbolicName=SE_AUDITID_GLOBAL_GROUP_CHANGE
+ Language=English
+Global Group Changed:%n
+%tTarget Account Name:%t%1%n
+%tTarget Domain:%t%2%n
+%tTarget Account ID:%t%3%n
+%tCaller User Name:%t%4%n
+%tCaller Domain:%t%5%n
+%tCaller Logon ID:%t%6%n
+%tPrivileges:%t%7%n
+.
+
+
+
+
+;//
+;//
+;// SE_AUDITID_USER_CHANGE
+;//
+;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
+;//
+;// Parameter Strings -
+;//
+;// 1 - name of target user account
+;//
+;// 2 - domain of target user account
+;//
+;// 3 - SID string of target user account
+;//
+;// 4 - User name of subject changing the user account
+;//
+;// 5 - Domain name of subject changing the user account
+;//
+;// 6 - Logon ID string of subject changing the user account
+;//
+;//
+
+MessageId=0x0282
+ SymbolicName=SE_AUDITID_USER_CHANGE
+ Language=English
+User Account Changed:%n
+%tTarget Account Name:%t%1%n
+%tTarget Domain:%t%2%n
+%tTarget Account ID:%t%3%n
+%tCaller User Name:%t%4%n
+%tCaller Domain:%t%5%n
+%tCaller Logon ID:%t%6%n
+%tPrivileges:%t%7%n
+.
+
+
+
+;//
+;//
+;// SE_AUDITID_DOMAIN_POLICY_CHANGE
+;//
+;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT
+;//
+;// Parameter Strings -
+;//
+;// 1 - (unused)
+;//
+;// 2 - domain of target user account
+;//
+;// 3 - SID string of target user account
+;//
+;// 4 - User name of subject changing the user account
+;//
+;// 5 - Domain name of subject changing the user account
+;//
+;// 6 - Logon ID string of subject changing the user account
+;//
+;//
+
+MessageId=0x0283
+ SymbolicName=SE_AUDITID_DOMAIN_POLICY_CHANGE
+ Language=English
+Domain Policy Changed:%n
+%tDomain:%t%t%1%n
+%tDomain ID:%t%2%n
+%tCaller User Name:%t%3%n
+%tCaller Domain:%t%4%n
+%tCaller Logon ID:%t%5%n
+%tPrivileges:%t%6%n
+.
+
+
+
+
+
+
+
+
+
+
+;/*lint +e767 */ // Resume checking for different macro definitions // winnt
+;
+;
+;#endif // _MSAUDITE_
diff --git a/private/ntos/seaudit/msaudite/sources b/private/ntos/seaudit/msaudite/sources
new file mode 100644
index 000000000..462e1dc34
--- /dev/null
+++ b/private/ntos/seaudit/msaudite/sources
@@ -0,0 +1,41 @@
+!IF 0
+
+Copyright (c) 1989 Microsoft Corporation
+
+Module Name:
+
+ sources.
+
+Abstract:
+
+ This file specifies the target component being built and the list of
+ sources files needed to build that component. Also specifies optional
+ compiler switches and libraries that are unique for the component being
+ built.
+
+
+Author:
+
+ Steve Wood (stevewo) 12-Apr-1990
+
+NOTE: Commented description of this file is in \nt\bak\bin\sources.tpl
+
+!ENDIF
+
+MAJORCOMP=ntos
+MINORCOMP=msaudite
+
+TARGETNAME=msaudite
+TARGETPATH=\nt\public\sdk\lib
+
+TARGETLIBS=
+
+TARGETTYPE=DYNLINK
+
+INCLUDES=.
+
+SOURCES= audit.rc
+
+UMLIBS=
+
+NTTARGETFILE0=audit.rc
diff --git a/private/ntos/seaudit/msauditt/audit.rc b/private/ntos/seaudit/msauditt/audit.rc
new file mode 100644
index 000000000..f78b05af5
--- /dev/null
+++ b/private/ntos/seaudit/msauditt/audit.rc
@@ -0,0 +1,13 @@
+#include <windows.h>
+
+1 11 MSG00001.bin
+
+#include <ntverp.h>
+
+#define VER_FILETYPE VFT_DLL
+#define VER_FILESUBTYPE VFT2_UNKNOWN
+#define VER_FILEDESCRIPTION_STR "Security Audit Types DLL"
+#define VER_INTERNALNAME_STR "msauditt.dll"
+
+#include "common.ver"
+
diff --git a/private/ntos/seaudit/msauditt/makefile b/private/ntos/seaudit/msauditt/makefile
new file mode 100644
index 000000000..6ee4f43fa
--- /dev/null
+++ b/private/ntos/seaudit/msauditt/makefile
@@ -0,0 +1,6 @@
+#
+# DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
+# file to this component. This file merely indirects to the real make file
+# that is shared by all the components of NT OS/2
+#
+!INCLUDE $(NTMAKEENV)\makefile.def
diff --git a/private/ntos/seaudit/msauditt/msauditt.def b/private/ntos/seaudit/msauditt/msauditt.def
new file mode 100644
index 000000000..99f7f8806
--- /dev/null
+++ b/private/ntos/seaudit/msauditt/msauditt.def
@@ -0,0 +1,7 @@
+LIBRARY msaudit
+
+DESCRIPTION 'Message File for Auditing'
+
+EXPORTS
+ MsAuditTDummyEntry
+
diff --git a/private/ntos/seaudit/msauditt/msauditt.mc b/private/ntos/seaudit/msauditt/msauditt.mc
new file mode 100644
index 000000000..185446c17
--- /dev/null
+++ b/private/ntos/seaudit/msauditt/msauditt.mc
@@ -0,0 +1,365 @@
+;/*++ BUILD Version: 0001 // Increment this if a change has global effects
+;
+;Copyright (c) 1991 Microsoft Corporation
+;
+;Module Name:
+;
+; msauditt.mc
+;
+;Abstract:
+;
+; Constant definitions for the NT Audit Event Messages.
+;
+;Author:
+;
+; Jim Kelly (JimK) 30-Mar-1992
+;
+;Revision History:
+;
+;Notes:
+;
+; The .h and .res forms of this file are generated from the .mc
+; form of the file (private\ntos\seaudit\msauditt\msauditt.mc). Please make
+; all changes to the .mc form of the file.
+;
+;
+;
+;--*/
+;
+;#ifndef _MSAUDITT_
+;#define _MSAUDITT_
+;
+;/*lint -e767 */ // Don't complain about different definitions // winnt
+
+
+MessageIdTypedef=ULONG
+
+SeverityNames=(None=0x0)
+
+FacilityNames=(None=0x0)
+
+
+
+MessageId=0x0000
+ Language=English
+Unused message ID
+.
+;// Message ID 0 is unused - just used to flush out the diagram
+
+
+;
+;/////////////////////////////////////////////////////////////////////////
+;// //
+;// Logon Messages Follow //
+;// //
+;// //
+;/////////////////////////////////////////////////////////////////////////
+;
+
+;////////////////////////////////////////////////
+;//
+;// Type: SE_ADT_SUCCESSFUL_LOGON
+;//
+;// Parameter Strings:
+;//
+;// String1 - Description
+;//
+
+MessageId=0x0001
+ SymbolicName=SE_ADT_SUCCESSFUL_LOGON
+ Language=English
+Successful Logon -
+ Successful Logon
+.
+
+
+
+;////////////////////////////////////////////////
+;//
+;// Type: SE_ADT_UNSUCCESSFUL_LOGON
+;//
+;//
+;// Parameter Strings:
+;//
+;// String1 - Description
+;//
+;//
+;//
+
+MessageId=0x0002
+ SymbolicName=SE_ADT_UNSUCCESSFUL_LOGON
+ Language=English
+Failed Logon -
+ Unsuccessful Logon
+.
+
+
+;////////////////////////////////////////////////
+;//
+;// Type: SE_ADT_SUCCESSFUL_OBJECT_OPEN
+;//
+;//
+;// Parameter Strings:
+;//
+;// String1 - Description
+;//
+;//
+;//
+
+MessageId=0x0003
+ SymbolicName=SE_ADT_SUCCESSFUL_OBJECT_OPEN
+ Language=English
+Successful Object Open -
+ Successful Object Open
+.
+
+
+
+;////////////////////////////////////////////////
+;//
+;// Type: SE_ADT_UNSUCCESSFUL_OBJECT_OPEN
+;//
+;//
+;// Parameter Strings:
+;//
+;// String1 - Description
+;//
+;//
+;//
+
+MessageId=0x0004
+ SymbolicName=SE_ADT_UNSUCCESSFUL_OBJECT_OPEN
+ Language=English
+Unsuccessful Object Open -
+ Unsuccessful Object Open
+.
+
+
+;////////////////////////////////////////////////
+;//
+;// Type: SE_ADT_SYSTEM_RESTART
+;//
+;//
+;// Parameter Strings:
+;//
+;// String1 - Description
+;//
+;//
+
+MessageId=0x0005
+ SymbolicName=SE_ADT_SYSTEM_RESTART
+ Language=English
+System has been rebooted -
+ System has been rebooted
+.
+
+
+
+;////////////////////////////////////////////////
+;//
+;// Type: SE_ADT_HANDLE_ALLOCATION
+;//
+;//
+;// Parameter Strings:
+;//
+;// String1 - Description
+;//
+;//
+
+MessageId=0x0006
+ SymbolicName=SE_ADT_HANDLE_ALLOCATION
+ Language=English
+A handle has been allocated
+ A handle has been allocated
+.
+
+
+;////////////////////////////////////////////////
+;//
+;// Type: SE_ADT_SUCC_PRIV_SERVICE
+;//
+;//
+;// Parameter Strings:
+;//
+;// String1 - Description
+;//
+
+MessageId=0x0007
+ SymbolicName=SE_ADT_SUCC_PRIV_SERVICE
+ Language=English
+A privilege was successfully used in a system service
+ A privilege was successfully used in a system service
+
+.
+
+
+;////////////////////////////////////////////////
+;//
+;// Type: SE_ADT_FAILED_PRIV_SERVICE
+;//
+;//
+;// Parameter Strings:
+;//
+;//
+;//
+
+MessageId=0x0008
+ SymbolicName=SE_ADT_FAILED_PRIV_SERVICE
+ Language=English
+A privilege check in a system service failed
+ A privilege check in a system service failed
+
+.
+
+
+
+;////////////////////////////////////////////////
+;//
+;// Type: SE_ADT_SUCC_PRIV_OBJECT
+;//
+;//
+;// Parameter Strings:
+;//
+;// String1 - Description
+;//
+;//
+
+MessageId=0x0009
+ SymbolicName=SE_ADT_SUCC_PRIV_OBJECT
+ Language=English
+An attempt to access a privileged object succeeded
+ An attempt to access a privileged object succeeded
+
+.
+
+
+;////////////////////////////////////////////////
+;//
+;// Type: SE_ADT_FAILED_PRIV_OBJECT
+;//
+;//
+;// Parameter Strings:
+;//
+;// String1 - Description
+;//
+;//
+
+MessageId=0x000A
+ SymbolicName=SE_ADT_FAILED_PRIV_OBJECT
+ Language=English
+An attempt to access a privileged object failed
+ An attempt to access a privileged object failed
+
+.
+
+
+
+;////////////////////////////////////////////////
+;//
+;// Type: SE_ADT_SUCC_PRIV_SERVICE
+;//
+;//
+;// Parameter Strings:
+;//
+;// String1 - Description
+;//
+;//
+
+MessageId=0x000B
+ SymbolicName=SE_ADT_SUCC_PRIV_SERVICE
+ Language=English
+An attempt to execute a privileged service succeeded.
+ An attempt to execute a privileged service succeeded.
+
+.
+
+
+
+;////////////////////////////////////////////////
+;//
+;// Type: SE_ADT_OBJECT_CLOSE
+;//
+;//
+;// Parameter Strings:
+;//
+;// String1 - Description
+;//
+;//
+
+MessageId=0x000C
+ SymbolicName=SE_ADT_OBJECT_CLOSE
+ Language=English
+An object was closed
+ An object was closed
+
+.
+
+
+
+
+;////////////////////////////////////////////////
+;//
+;// Type: SE_ADT_SUCC_OBJECT_REFERENCE
+;//
+;//
+;// Parameter Strings:
+;//
+;// String1 - Description
+;//
+;//
+
+MessageId=0x000D
+ SymbolicName=SE_ADT_SUCC_OBJECT_REFERENCE
+ Language=English
+A named object was accessed but no handle was created
+ A named object was accessed but no handle was created
+
+.
+
+
+
+;////////////////////////////////////////////////
+;//
+;// Type: SE_ADT_FAILED_OBJECT_REFERENCE
+;//
+;//
+;// Parameter Strings:
+;//
+;// String1 - Description
+;//
+;//
+
+MessageId=0x000E
+ SymbolicName=SE_ADT_FAILED_OBJECT_REFERENCE
+ Language=English
+An attempt to reference a named object was denied
+ An attempt to reference a named object was denied
+
+.
+
+
+
+;////////////////////////////////////////////////
+;//
+;// Type: SE_ADT_SHUTDOWN
+;//
+;//
+;// Parameter Strings:
+;//
+;// String1 - Description
+;//
+;//
+
+MessageId=0x000E
+ SymbolicName=SE_ADT_SHUTDOWN
+ Language=English
+The system was shut down.
+ The system was shut down.
+
+.
+
+
+;/*lint +e767 */ // Resume checking for different macro definitions // winnt
+;
+;
+;#endif // _MSAUDITT_
diff --git a/private/ntos/seaudit/msauditt/mstmp.c b/private/ntos/seaudit/msauditt/mstmp.c
new file mode 100644
index 000000000..e7771438e
--- /dev/null
+++ b/private/ntos/seaudit/msauditt/mstmp.c
@@ -0,0 +1,55 @@
+/*++
+
+Copyright (c) 1989 Microsoft Corporation
+
+Module Name:
+
+ tmp.c
+
+Abstract:
+
+ Temporary (unnecessary) DLL entry point routine.
+
+
+ The entry in this file is a bit of a hack. The code isn't
+ needed, but our linker doesn't know how to build a dll with data only.
+ When MikeOl gets this fixed, we can remove this obligatory source
+ file.
+
+
+Author:
+
+ Jim Kelly 24-Mar-1992
+
+Revision History:
+
+--*/
+
+
+#include <nt.h>
+
+BOOLEAN
+MsAuditTDummyEntry( VOID )
+
+/*++
+
+Routine Description:
+
+ This routine gets called when this DLL is loaded by the loader.
+ It does nothing and wouldn't be needed if the linker worked
+ correctly.
+
+Arguments:
+
+ None.
+
+
+Return Value:
+
+ None.
+
+--*/
+{
+
+ return TRUE;
+}
diff --git a/private/ntos/seaudit/msauditt/sources b/private/ntos/seaudit/msauditt/sources
new file mode 100644
index 000000000..e51a4c07c
--- /dev/null
+++ b/private/ntos/seaudit/msauditt/sources
@@ -0,0 +1,53 @@
+!IF 0
+
+Copyright (c) 1989 Microsoft Corporation
+
+Module Name:
+
+ sources.
+
+Abstract:
+
+ This file specifies the target component being built and the list of
+ sources files needed to build that component. Also specifies optional
+ compiler switches and libraries that are unique for the component being
+ built.
+
+
+Author:
+
+ Steve Wood (stevewo) 12-Apr-1990
+
+NOTE: Commented description of this file is in \nt\bak\bin\sources.tpl
+
+!ENDIF
+
+MAJORCOMP=ntos
+MINORCOMP=msauditt
+
+TARGETNAME=msauditt
+TARGETPATH=\nt\public\sdk\lib
+
+TARGETLIBS=
+
+TARGETTYPE=DYNLINK
+
+#
+# The following entry information is a bit of a hack. The code isn't
+# needed, but our linker doesn't know how to build a dll with data only.
+# When MikeOl gets this fixed, we can remove the code and this obligatory
+# entry and base information. By the way, the base choice is just one I
+# know isn't used elsewhere in the system.
+#
+
+DLLBASE=@\NT\PUBLIC\SDK\LIB\coffbase.txt,msauditt
+
+DLLENTRY=MsAuditTDummyEntry
+
+
+INCLUDES=.
+
+SOURCES= audit.rc \
+ mstmp.c
+
+UMLIBS=
diff --git a/private/ntos/seaudit/msobjs/audit.rc b/private/ntos/seaudit/msobjs/audit.rc
new file mode 100644
index 000000000..54937ffee
--- /dev/null
+++ b/private/ntos/seaudit/msobjs/audit.rc
@@ -0,0 +1,14 @@
+#include <windows.h>
+
+1 11 MSG00001.bin
+
+#include <ntverp.h>
+
+#define VER_FILETYPE VFT_DLL
+#define VER_FILESUBTYPE VFT2_UNKNOWN
+#define VER_FILEDESCRIPTION_STR "System object audit names"
+#define VER_INTERNALNAME_STR "msobjs.dll"
+#define VER_ORIGINALFILENAME_STR "msobjs.dll"
+
+#include "common.ver"
+
diff --git a/private/ntos/seaudit/msobjs/makefile b/private/ntos/seaudit/msobjs/makefile
new file mode 100644
index 000000000..6ee4f43fa
--- /dev/null
+++ b/private/ntos/seaudit/msobjs/makefile
@@ -0,0 +1,6 @@
+#
+# DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source
+# file to this component. This file merely indirects to the real make file
+# that is shared by all the components of NT OS/2
+#
+!INCLUDE $(NTMAKEENV)\makefile.def
diff --git a/private/ntos/seaudit/msobjs/makefile.inc b/private/ntos/seaudit/msobjs/makefile.inc
new file mode 100644
index 000000000..aec6a9639
--- /dev/null
+++ b/private/ntos/seaudit/msobjs/makefile.inc
@@ -0,0 +1,4 @@
+$(NTTARGETFILE0): msobjs.rc msg00001.bin
+
+msobjs.rc msg00001.bin: msobjs.mc
+ mc -v -r . -h $(_NTROOT)\public\sdk\inc\ msobjs.mc
diff --git a/private/ntos/seaudit/msobjs/msobjs.def b/private/ntos/seaudit/msobjs/msobjs.def
new file mode 100644
index 000000000..2bdaca27c
--- /dev/null
+++ b/private/ntos/seaudit/msobjs/msobjs.def
@@ -0,0 +1,3 @@
+LIBRARY msaudit
+
+DESCRIPTION 'Object access names for auditing'
diff --git a/private/ntos/seaudit/msobjs/msobjs.mc b/private/ntos/seaudit/msobjs/msobjs.mc
new file mode 100644
index 000000000..5ca7116e5
--- /dev/null
+++ b/private/ntos/seaudit/msobjs/msobjs.mc
@@ -0,0 +1,1908 @@
+;/*++ BUILD Version: 0001 // Increment this if a change has global effects
+;
+;Copyright (c) 1991 Microsoft Corporation
+;
+;Module Name:
+;
+; msobjs.mc
+;
+;Abstract:
+;
+; Constant definitions for the NT system-defined object access
+; types as we want them displayed in the event viewer for Auditing.
+;
+;
+;
+; ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !
+; ! !
+; ! Note that this is a PARAMETER MESSAGE FILE from the event viewer's !
+; ! perspective, and so no messages with an ID lower than 0x1000 should !
+; ! be defined here. !
+; ! !
+; ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !
+;
+;
+; Please add new object-specific types at the end of this file...
+;
+;
+;Author:
+;
+; Jim Kelly (JimK) 14-Oct-1992
+;
+;Revision History:
+;
+;Notes:
+;
+; The .h and .res forms of this file are generated from the .mc
+; form of the file (private\ntos\seaudit\msobjs\msobjs.mc). Please make
+; all changes to the .mc form of the file.
+;
+;
+;
+;--*/
+;
+;#ifndef _MSOBJS_
+;#define _MSOBJS_
+;
+;/*lint -e767 */ // Don't complain about different definitions // winnt
+
+
+MessageIdTypedef=ULONG
+
+SeverityNames=(None=0x0)
+
+FacilityNames=(None=0x0)
+
+
+
+MessageId=0x600
+ Language=English
+Unused message ID
+.
+;// Message ID 600 is unused - just used to flush out the diagram
+
+
+;
+;//////////////////////////////////////////////////////////////////////////////
+;//////////////////////////////////////////////////////////////////////////////
+;//////////////////////////////////////////////////////////////////////////////
+;//////////////////////////////////////////////////////////////////////////////
+;//////////////////////////////////////////////////////////////////////////////
+;//////////////////////////////////////////////////////////////////////////////
+;//////////////////////////////////////////////////////////////////////////////
+;//////////////////////////////////////////////////////////////////////////////
+;//////////////////////////////////////////////////////////////////////////////
+;//////////////////////////////////////////////////////////////////////////////
+;// //
+;// //
+;// WELL KNOWN ACCESS TYPE NAMES //
+;// //
+;// Must be below 0x1000 //
+;// //
+;// //
+;//////////////////////////////////////////////////////////////////////////////
+;//////////////////////////////////////////////////////////////////////////////
+;//////////////////////////////////////////////////////////////////////////////
+;//////////////////////////////////////////////////////////////////////////////
+;//////////////////////////////////////////////////////////////////////////////
+;//////////////////////////////////////////////////////////////////////////////
+;//////////////////////////////////////////////////////////////////////////////
+;//////////////////////////////////////////////////////////////////////////////
+;//////////////////////////////////////////////////////////////////////////////
+;//////////////////////////////////////////////////////////////////////////////
+
+;////////////////////////////////////////////////
+;//
+;// Access Type = DELETE
+;//
+
+MessageId=0x0601
+ SymbolicName=SE_ACCESS_NAME_DELETE
+ Language=English
+DELETE
+.
+
+
+;////////////////////////////////////////////////
+;//
+;// Access Type = READ_CONTROL
+;//
+
+MessageId=0x0602
+ SymbolicName=SE_ACCESS_NAME_READ_CONTROL
+ Language=English
+READ_CONTROL
+.
+
+
+;////////////////////////////////////////////////
+;//
+;// Access Type = WRITE_DAC
+;//
+
+MessageId=0x0603
+ SymbolicName=SE_ACCESS_NAME_WRITE_DAC
+ Language=English
+WRITE_DAC
+.
+
+
+;////////////////////////////////////////////////
+;//
+;// Access Type = WRITE_OWNER
+;//
+
+MessageId=0x0604
+ SymbolicName=SE_ACCESS_NAME_WRITE_OWNER
+ Language=English
+WRITE_OWNER
+.
+
+
+;////////////////////////////////////////////////
+;//
+;// Access Type = SYNCHRONIZE
+;//
+
+MessageId=0x0605
+ SymbolicName=SE_ACCESS_NAME_SYNCHRONIZE
+ Language=English
+SYNCHRONIZE
+.
+
+
+;////////////////////////////////////////////////
+;//
+;// Access Type = ACCESS_SYSTEM_SECURITY
+;//
+
+MessageId=0x0606
+ SymbolicName=SE_ACCESS_NAME_ACCESS_SYS_SEC
+ Language=English
+ACCESS_SYS_SEC
+.
+
+;////////////////////////////////////////////////
+;//
+;// Access Type = MAXIMUM_ALLOWED
+;//
+
+MessageId=0x0607
+ SymbolicName=SE_ACCESS_NAME_MAXIMUM_ALLOWED
+ Language=English
+MAX_ALLOWED
+.
+
+
+
+;
+;//////////////////////////////////////////////////////////////////////////////
+;// //
+;// //
+;// Names to use when specific access //
+;// names can not be located //
+;// //
+;// Must be below 0x1000 //
+;// //
+;// //
+;//////////////////////////////////////////////////////////////////////////////
+
+;////////////////////////////////////////////////
+;//
+;// Access Type = Specific access, bits 0 - 15
+;//
+
+MessageId=0x0610
+ SymbolicName=SE_ACCESS_NAME_SPECIFIC_0
+ Language=English
+Unknown specific access (bit 0)
+.
+
+
+MessageId=0x0611
+ SymbolicName=SE_ACCESS_NAME_SPECIFIC_1
+ Language=English
+Unknown specific access (bit 1)
+.
+
+
+MessageId=0x0612
+ SymbolicName=SE_ACCESS_NAME_SPECIFIC_2
+ Language=English
+Unknown specific access (bit 2)
+.
+
+
+MessageId=0x0613
+ SymbolicName=SE_ACCESS_NAME_SPECIFIC_3
+ Language=English
+Unknown specific access (bit 3)
+.
+
+
+MessageId=0x0614
+ SymbolicName=SE_ACCESS_NAME_SPECIFIC_4
+ Language=English
+Unknown specific access (bit 4)
+.
+
+
+MessageId=0x0615
+ SymbolicName=SE_ACCESS_NAME_SPECIFIC_5
+ Language=English
+Unknown specific access (bit 5)
+.
+
+
+MessageId=0x0616
+ SymbolicName=SE_ACCESS_NAME_SPECIFIC_6
+ Language=English
+Unknown specific access (bit 6)
+.
+
+
+MessageId=0x0617
+ SymbolicName=SE_ACCESS_NAME_SPECIFIC_7
+ Language=English
+Unknown specific access (bit 7)
+.
+
+
+MessageId=0x0618
+ SymbolicName=SE_ACCESS_NAME_SPECIFIC_8
+ Language=English
+Unknown specific access (bit 8)
+.
+
+
+MessageId=0x0619
+ SymbolicName=SE_ACCESS_NAME_SPECIFIC_9
+ Language=English
+Unknown specific access (bit 9)
+.
+
+
+MessageId=0x061A
+ SymbolicName=SE_ACCESS_NAME_SPECIFIC_10
+ Language=English
+Unknown specific access (bit 10)
+.
+
+
+MessageId=0x061B
+ SymbolicName=SE_ACCESS_NAME_SPECIFIC_11
+ Language=English
+Unknown specific access (bit 11)
+.
+
+
+MessageId=0x061C
+ SymbolicName=SE_ACCESS_NAME_SPECIFIC_12
+ Language=English
+Unknown specific access (bit 12)
+.
+
+
+MessageId=0x061D
+ SymbolicName=SE_ACCESS_NAME_SPECIFIC_13
+ Language=English
+Unknown specific access (bit 13)
+.
+
+
+MessageId=0x061E
+ SymbolicName=SE_ACCESS_NAME_SPECIFIC_14
+ Language=English
+Unknown specific access (bit 14)
+.
+
+
+MessageId=0x061F
+ SymbolicName=SE_ACCESS_NAME_SPECIFIC_15
+ Language=English
+Unknown specific access (bit 15)
+.
+
+
+
+
+
+
+
+;
+;//////////////////////////////////////////////////////////////////////////////
+;// //
+;// //
+;// Privilege names as we would like //
+;// them displayed for auditing //
+;// //
+;// //
+;// //
+;// NOTE: Eventually we will need a way to extend this mechanism to allow //
+;// for ISV and end-user defined privileges. One way would be to //
+;// stick a mapping from source/privilege name to parameter message //
+;// file offset in the registry. This is ugly and I don't like it, //
+;// but it works. Something else would be prefereable. //
+;// //
+;// THIS IS A BIT OF A HACK RIGHT NOW. IT IS BASED UPON THE //
+;// ASSUMPTION THAT ALL THE PRIVILEGES ARE WELL-KNOWN AND THAT //
+;// THEIR VALUE ARE ALL CONTIGUOUS. //
+;// //
+;// //
+;// //
+;// //
+;// //
+;//////////////////////////////////////////////////////////////////////////////
+
+
+MessageId=0x0641
+ SymbolicName=SE_ADT_PRIV_BASE
+ Language=English
+Not used
+.
+
+MessageId=0x0643
+ SymbolicName=SE_ADT_PRIV_3
+ Language=English
+Assign Primary Token Privilege
+.
+MessageId=0x0644
+ SymbolicName=SE_ADT_PRIV_4
+ Language=English
+Lock Memory Privilege
+.
+MessageId=0x0645
+ SymbolicName=SE_ADT_PRIV_5
+ Language=English
+Increase Memory Quota Privilege
+.
+MessageId=0x0646
+ SymbolicName=SE_ADT_PRIV_6
+ Language=English
+Unsolicited Input Privilege
+.
+MessageId=0x0647
+ SymbolicName=SE_ADT_PRIV_7
+ Language=English
+Trusted Computer Base Privilege
+.
+MessageId=0x0648
+ SymbolicName=SE_ADT_PRIV_8
+ Language=English
+Security Privilege
+.
+MessageId=0x0649
+ SymbolicName=SE_ADT_PRIV_9
+ Language=English
+Take Ownership Privilege
+.
+MessageId=0x064A
+ SymbolicName=SE_ADT_PRIV_10
+ Language=English
+Load/Unload Driver Privilege
+.
+MessageId=0x064B
+ SymbolicName=SE_ADT_PRIV_11
+ Language=English
+Profile System Privilege
+.
+MessageId=0x064C
+ SymbolicName=SE_ADT_PRIV_12
+ Language=English
+Set System Time Privilege
+.
+MessageId=0x064D
+ SymbolicName=SE_ADT_PRIV_13
+ Language=English
+Profile Single Process Privilege
+.
+MessageId=0x064E
+ SymbolicName=SE_ADT_PRIV_14
+ Language=English
+Increment Base Priority Privilege
+.
+MessageId=0x064F
+ SymbolicName=SE_ADT_PRIV_15
+ Language=English
+Create Pagefile Privilege
+.
+MessageId=0x0650
+ SymbolicName=SE_ADT_PRIV_16
+ Language=English
+Create Permanent Object Privilege
+.
+MessageId=0x0651
+ SymbolicName=SE_ADT_PRIV_17
+ Language=English
+Backup Privilege
+.
+MessageId=0x0652
+ SymbolicName=SE_ADT_PRIV_18
+ Language=English
+Restore From Backup Privilege
+.
+MessageId=0x0653
+ SymbolicName=SE_ADT_PRIV_19
+ Language=English
+Shutdown System Privilege
+.
+MessageId=0x0654
+ SymbolicName=SE_ADT_PRIV_20
+ Language=English
+Debug Privilege
+.
+MessageId=0x0655
+ SymbolicName=SE_ADT_PRIV_21
+ Language=English
+View or Change Audit Log Privilege
+.
+MessageId=0x0656
+ SymbolicName=SE_ADT_PRIV_22
+ Language=English
+Change Hardware Environment Privilege
+.
+MessageId=0x0657
+ SymbolicName=SE_ADT_PRIV_23
+ Language=English
+Change Notify (and Traverse) Privilege
+.
+MessageId=0x0658
+ SymbolicName=SE_ADT_PRIV_24
+ Language=English
+Remotely Shut System Down Privilege
+.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+;
+;//////////////////////////////////////////////////////////////////////////////
+;// //
+;// //
+;// Executive object access types as //
+;// we would like them displayed //
+;// for auditing //
+;// //
+;// Executive objects are: //
+;// //
+;// Channel //
+;// Device //
+;// Directory //
+;// Event //
+;// EventPair //
+;// File //
+;// IoCompletion //
+;// Key //
+;// Mutant //
+;// Port //
+;// Process //
+;// Profile //
+;// Section //
+;// Semaphore //
+;// SymbolicLink //
+;// Thread //
+;// Timer //
+;// Token //
+;// Type //
+;// //
+;// //
+;// Note that there are other kernel objects, but they //
+;// are not visible outside of the executive and are so //
+;// not subject to auditing. These objects include //
+;// //
+;// Adaptor //
+;// Controller //
+;// Driver //
+;// //
+;// //
+;// //
+;//////////////////////////////////////////////////////////////////////////////
+
+
+
+
+
+;//
+;// DEVICE object-specific access types
+;//
+
+MessageId=0x1100
+ SymbolicName=MS_DEVICE_ACCESS_BIT_0
+ Language=English
+Device Access Bit0
+.
+MessageId=0x1101
+ SymbolicName=MS_DEVICE_ACCESS_BIT_1
+ Language=English
+Device Access Bit 1
+.
+MessageId=0x1102
+ SymbolicName=MS_DEVICE_ACCESS_BIT_2
+ Language=English
+Device Access Bit 2
+.
+MessageId=0x1103
+ SymbolicName=MS_DEVICE_ACCESS_BIT_3
+ Language=English
+Device Access Bit 3
+.
+MessageId=0x1104
+ SymbolicName=MS_DEVICE_ACCESS_BIT_4
+ Language=English
+Device Access Bit 4
+.
+MessageId=0x1105
+ SymbolicName=MS_DEVICE_ACCESS_BIT_5
+ Language=English
+Device Access Bit 5
+.
+MessageId=0x1106
+ SymbolicName=MS_DEVICE_ACCESS_BIT_6
+ Language=English
+Device Access Bit 6
+.
+MessageId=0x1107
+ SymbolicName=MS_DEVICE_ACCESS_BIT_7
+ Language=English
+Device Access Bit 7
+.
+MessageId=0x1108
+ SymbolicName=MS_DEVICE_ACCESS_BIT_8
+ Language=English
+Device Access Bit 8
+.
+
+
+
+;//
+;// object DIRECTORY object-specific access types
+;//
+
+MessageId=0x1110
+ SymbolicName=MS_OBJECT_DIR_ACCESS_BIT_0
+ Language=English
+Query directory
+.
+MessageId=0x1111
+ SymbolicName=MS_OBJECT_DIR_ACCESS_BIT_1
+ Language=English
+Traverse
+.
+MessageId=0x1112
+ SymbolicName=MS_OBJECT_DIR_ACCESS_BIT_2
+ Language=English
+Create object in directory
+.
+MessageId=0x1113
+ SymbolicName=MS_OBJECT_DIR_ACCESS_BIT_3
+ Language=English
+Create sub-directory
+.
+
+
+;//
+;// EVENT object-specific access types
+;//
+
+MessageId=0x1120
+ SymbolicName=MS_EVENT_ACCESS_BIT_0
+ Language=English
+Query event state
+.
+MessageId=0x1121
+ SymbolicName=MS_EVENT_ACCESS_BIT_1
+ Language=English
+Modify event state
+.
+
+
+
+;//
+;// EVENT-PAIR object-specific access types
+;//
+
+;//
+;// Event pairs have no object-type-specific access bits.
+;// they use synchronize.
+;//
+;// reserve 0x1130 for future use and continuity
+;//
+
+
+;//
+;// File-specific access types
+;// (these are funny because they sorta hafta take directories
+;// and named pipes into account as well).
+;//
+
+MessageId=0x1140
+ SymbolicName=MS_FILE_ACCESS_BIT_0
+ Language=English
+ReadData (or ListDirectory)
+.
+MessageId=0x1141
+ SymbolicName=MS_FILE_ACCESS_BIT_1
+ Language=English
+WriteData (or AddFile)
+.
+MessageId=0x1142
+ SymbolicName=MS_FILE_ACCESS_BIT_2
+ Language=English
+AppendData (or AddSubdirectory or CreatePipeInstance)
+.
+MessageId=0x1143
+ SymbolicName=MS_FILE_ACCESS_BIT_3
+ Language=English
+ReadEA
+.
+MessageId=0x1144
+ SymbolicName=MS_FILE_ACCESS_BIT_4
+ Language=English
+WriteEA
+.
+MessageId=0x1145
+ SymbolicName=MS_FILE_ACCESS_BIT_5
+ Language=English
+Execute/Traverse
+.
+MessageId=0x1146
+ SymbolicName=MS_FILE_ACCESS_BIT_6
+ Language=English
+DeleteChild
+.
+MessageId=0x1147
+ SymbolicName=MS_FILE_ACCESS_BIT_7
+ Language=English
+ReadAttributes
+.
+MessageId=0x1148
+ SymbolicName=MS_FILE_ACCESS_BIT_8
+ Language=English
+WriteAttributes
+.
+
+
+
+;//
+;// KEY object-specific access types
+;//
+
+MessageId=0x1150
+ SymbolicName=MS_KEY_ACCESS_BIT_0
+ Language=English
+Query key value
+.
+
+MessageId=0x1151
+ SymbolicName=MS_KEY_ACCESS_BIT_1
+ Language=English
+Set key value
+.
+
+MessageId=0x1152
+ SymbolicName=MS_KEY_ACCESS_BIT_2
+ Language=English
+Create sub-key
+.
+
+MessageId=0x1153
+ SymbolicName=MS_KEY_ACCESS_BIT_3
+ Language=English
+Enumerate sub-keys
+.
+
+MessageId=0x1154
+ SymbolicName=MS_KEY_ACCESS_BIT_4
+ Language=English
+Notify about changes to keys
+.
+
+MessageId=0x1155
+ SymbolicName=MS_KEY_ACCESS_BIT_5
+ Language=English
+Create Link
+.
+
+
+;//
+;// MUTANT object-specific access types
+;//
+
+MessageId=0x1160
+ SymbolicName=MS_MUTANT_ACCESS_BIT_0
+ Language=English
+Query mutant state
+.
+
+
+
+;//
+;// lpc PORT object-specific access types
+;//
+
+MessageId=0x1170
+ SymbolicName=MS_LPC_PORT_ACCESS_BIT_0
+ Language=English
+Communicate using port
+.
+
+
+
+;//
+;// Process object-specific access types
+;//
+
+MessageId=0x1180
+ SymbolicName=MS_PROCESS_ACCESS_BIT_0
+ Language=English
+Force process termination
+.
+MessageId=0x1181
+ SymbolicName=MS_PROCESS_ACCESS_BIT_1
+ Language=English
+Create new thread in process
+.
+MessageId=0x1182
+ SymbolicName=MS_PROCESS_ACCESS_BIT_2
+ Language=English
+Unused access bit
+.
+MessageId=0x1183
+ SymbolicName=MS_PROCESS_ACCESS_BIT_3
+ Language=English
+Perform virtual memory operation
+.
+MessageId=0x1184
+ SymbolicName=MS_PROCESS_ACCESS_BIT_4
+ Language=English
+Read from process memory
+.
+MessageId=0x1185
+ SymbolicName=MS_PROCESS_ACCESS_BIT_5
+ Language=English
+Write to process memory
+.
+MessageId=0x1186
+ SymbolicName=MS_PROCESS_ACCESS_BIT_6
+ Language=English
+Duplicate handle into or out of process
+.
+MessageId=0x1187
+ SymbolicName=MS_PROCESS_ACCESS_BIT_7
+ Language=English
+Create a subprocess of process
+.
+MessageId=0x1188
+ SymbolicName=MS_PROCESS_ACCESS_BIT_8
+ Language=English
+Set process quotas
+.
+MessageId=0x1189
+ SymbolicName=MS_PROCESS_ACCESS_BIT_9
+ Language=English
+Set process information
+.
+MessageId=0x118A
+ SymbolicName=MS_PROCESS_ACCESS_BIT_A
+ Language=English
+Query process information
+.
+MessageId=0x118B
+ SymbolicName=MS_PROCESS_ACCESS_BIT_B
+ Language=English
+Set process termination port
+.
+
+
+
+;//
+;// PROFILE object-specific access types
+;//
+
+MessageId=0x1190
+ SymbolicName=MS_PROFILE_ACCESS_BIT_0
+ Language=English
+Control profile
+.
+
+
+;//
+;// SECTION object-specific access types
+;//
+
+MessageId=0x11A0
+ SymbolicName=MS_SECTION_ACCESS_BIT_0
+ Language=English
+Query section state
+.
+MessageId=0x11A1
+ SymbolicName=MS_SECTION_ACCESS_BIT_1
+ Language=English
+Map section for write
+.
+MessageId=0x11A2
+ SymbolicName=MS_SECTION_ACCESS_BIT_2
+ Language=English
+Map section for read
+.
+MessageId=0x11A3
+ SymbolicName=MS_SECTION_ACCESS_BIT_3
+ Language=English
+Map section for execute
+.
+MessageId=0x11A4
+ SymbolicName=MS_SECTION_ACCESS_BIT_4
+ Language=English
+Extend size
+.
+
+
+
+;//
+;// SEMAPHORE object-specific access types
+;//
+
+MessageId=0x11B0
+ SymbolicName=MS_SEMAPHORE_ACCESS_BIT_0
+ Language=English
+Query semaphore state
+.
+
+MessageId=0x11B1
+ SymbolicName=MS_SEMAPHORE_ACCESS_BIT_1
+ Language=English
+Modify semaphore state
+.
+
+
+;//
+;// SymbolicLink object-specific access types
+;//
+
+MessageId=0x11C0
+ SymbolicName=MS_SYMB_LINK_ACCESS_BIT_0
+ Language=English
+Use symbolic link
+.
+
+
+
+
+
+;//
+;// Thread object-specific access types
+;//
+
+MessageId=0x11D0
+ SymbolicName=MS_THREAD_ACCESS_BIT_0
+ Language=English
+Force thread termination
+.
+MessageId=0x11D1
+ SymbolicName=MS_THREAD_ACCESS_BIT_1
+ Language=English
+Suspend or resume thread
+.
+MessageId=0x11D2
+ SymbolicName=MS_THREAD_ACCESS_BIT_2
+ Language=English
+Send an alert to thread
+.
+MessageId=0x11D3
+ SymbolicName=MS_THREAD_ACCESS_BIT_3
+ Language=English
+Get thread context
+.
+MessageId=0x11D4
+ SymbolicName=MS_THREAD_ACCESS_BIT_4
+ Language=English
+Set thread context
+.
+MessageId=0x11D5
+ SymbolicName=MS_THREAD_ACCESS_BIT_5
+ Language=English
+Set thread information
+.
+MessageId=0x11D6
+ SymbolicName=MS_THREAD_ACCESS_BIT_6
+ Language=English
+Query thread information
+.
+MessageId=0x11D7
+ SymbolicName=MS_THREAD_ACCESS_BIT_7
+ Language=English
+Assign a token to the thread
+.
+MessageId=0x11D8
+ SymbolicName=MS_THREAD_ACCESS_BIT_8
+ Language=English
+Cause thread to directly impersonate another thread
+.
+MessageId=0x11D9
+ SymbolicName=MS_THREAD_ACCESS_BIT_9
+ Language=English
+Directly impersonate this thread
+.
+
+
+
+
+;//
+;// TIMER object-specific access types
+;//
+
+MessageId=0x11E0
+ SymbolicName=MS_TIMER_ACCESS_BIT_0
+ Language=English
+Query timer state
+.
+MessageId=0x11E1
+ SymbolicName=MS_TIMER_ACCESS_BIT_1
+ Language=English
+Modify timer state
+.
+
+
+;//
+;// Token-specific access types
+;//
+
+MessageId=0x11F0
+ SymbolicName=MS_TOKEN_ACCESS_BIT_0
+ Language=English
+AssignAsPrimary
+.
+MessageId=0x11F1
+ SymbolicName=MS_TOKEN_ACCESS_BIT_1
+ Language=English
+Duplicate
+.
+MessageId=0x11F2
+ SymbolicName=MS_TOKEN_ACCESS_BIT_2
+ Language=English
+Impersonate
+.
+MessageId=0x11F3
+ SymbolicName=MS_TOKEN_ACCESS_BIT_3
+ Language=English
+Query
+.
+MessageId=0x11F4
+ SymbolicName=MS_TOKEN_ACCESS_BIT_4
+ Language=English
+QuerySource
+.
+MessageId=0x11F5
+ SymbolicName=MS_TOKEN_ACCESS_BIT_5
+ Language=English
+AdjustPrivileges
+.
+MessageId=0x11F6
+ SymbolicName=MS_TOKEN_ACCESS_BIT_6
+ Language=English
+AdjustGroups
+.
+MessageId=0x11F7
+ SymbolicName=MS_TOKEN_ACCESS_BIT_7
+ Language=English
+AdjustDefaultDacl
+.
+
+
+
+;//
+;// OBJECT_TYPE object-specific access types
+;//
+
+MessageId=0x1200
+ SymbolicName=MS_OBJECT_TYPE_ACCESS_BIT_0
+ Language=English
+Create instance of object type
+.
+
+
+
+;//
+;// IoCompletion object-specific access types
+;//
+
+MessageId=0x1300
+ SymbolicName=MS_IO_COMPLETION_ACCESS_BIT_0
+ Language=English
+Query State
+.
+
+MessageId=0x1301
+ SymbolicName=MS_IO_COMPLETION_ACCESS_BIT_1
+ Language=English
+Modify State
+.
+
+
+
+;//
+;// CHANNEL object-specific access types
+;//
+
+MessageId=0x1400
+ SymbolicName=MS_CHANNEL_ACCESS_BIT_0
+ Language=English
+Channel read message
+.
+MessageId=0x1401
+ SymbolicName=MS_CHANNEL_ACCESS_BIT_1
+ Language=English
+Channel write message
+.
+MessageId=0x1402
+ SymbolicName=MS_CHANNEL_ACCESS_BIT_2
+ Language=English
+Channel query information
+.
+MessageId=0x1403
+ SymbolicName=MS_CHANNEL_ACCESS_BIT_3
+ Language=English
+Channel set information
+.
+
+
+
+;
+;//////////////////////////////////////////////////////////////////////////////
+;// //
+;// //
+;// Security Acount Manager Object Access //
+;// names as we would like them //
+;// displayed for auditing //
+;// //
+;// SAM objects are: //
+;// //
+;// SAM_SERVER //
+;// SAM_DOMAIN //
+;// SAM_GROUP //
+;// SAM_ALIAS //
+;// SAM_USER //
+;// //
+;// //
+;// //
+;//////////////////////////////////////////////////////////////////////////////
+
+
+
+
+
+
+;//
+;// SAM_SERVER object-specific access types
+;//
+
+MessageId=0x1500
+ SymbolicName=MS_SAM_SERVER_ACCESS_BIT_0
+ Language=English
+ConnectToServer
+.
+MessageId=0x1501
+ SymbolicName=MS_SAM_SERVER_ACCESS_BIT_1
+ Language=English
+ShutdownServer
+.
+MessageId=0x1502
+ SymbolicName=MS_SAM_SERVER_ACCESS_BIT_2
+ Language=English
+InitializeServer
+.
+MessageId=0x1503
+ SymbolicName=MS_SAM_SERVER_ACCESS_BIT_3
+ Language=English
+CreateDomain
+.
+MessageId=0x1504
+ SymbolicName=MS_SAM_SERVER_ACCESS_BIT_4
+ Language=English
+EnumerateDomains
+.
+MessageId=0x1505
+ SymbolicName=MS_SAM_SERVER_ACCESS_BIT_5
+ Language=English
+LookupDomain
+.
+
+
+
+
+;//
+;// SAM_DOMAIN object-specific access types
+;//
+
+MessageId=0x1510
+ SymbolicName=MS_SAM_DOMAIN_ACCESS_BIT_0
+ Language=English
+ReadPasswordParameters
+.
+MessageId=0x1511
+ SymbolicName=MS_SAM_DOMAIN_ACCESS_BIT_1
+ Language=English
+WritePasswordParameters
+.
+MessageId=0x1512
+ SymbolicName=MS_SAM_DOMAIN_ACCESS_BIT_2
+ Language=English
+ReadOtherParameters
+.
+MessageId=0x1513
+ SymbolicName=MS_SAM_DOMAIN_ACCESS_BIT_3
+ Language=English
+WriteOtherParameters
+.
+MessageId=0x1514
+ SymbolicName=MS_SAM_DOMAIN_ACCESS_BIT_4
+ Language=English
+CreateUser
+.
+MessageId=0x1515
+ SymbolicName=MS_SAM_DOMAIN_ACCESS_BIT_5
+ Language=English
+CreateGlobalGroup
+.
+MessageId=0x1516
+ SymbolicName=MS_SAM_DOMAIN_ACCESS_BIT_6
+ Language=English
+CreateLocalGroup
+.
+MessageId=0x1517
+ SymbolicName=MS_SAM_DOMAIN_ACCESS_BIT_7
+ Language=English
+GetLocalGroupMembership
+.
+MessageId=0x1518
+ SymbolicName=MS_SAM_DOMAIN_ACCESS_BIT_8
+ Language=English
+ListAccounts
+.
+MessageId=0x1519
+ SymbolicName=MS_SAM_DOMAIN_ACCESS_BIT_9
+ Language=English
+LookupIDs
+.
+MessageId=0x151A
+ SymbolicName=MS_SAM_DOMAIN_ACCESS_BIT_A
+ Language=English
+AdministerServer
+.
+
+
+
+
+;//
+;// SAM_GROUP (global) object-specific access types
+;//
+
+MessageId=0x1520
+ SymbolicName=MS_SAM_GLOBAL_GRP_ACCESS_BIT_0
+ Language=English
+ReadInformation
+.
+MessageId=0x1521
+ SymbolicName=MS_SAM_GLOBAL_GRP_ACCESS_BIT_1
+ Language=English
+WriteAccount
+.
+MessageId=0x1522
+ SymbolicName=MS_SAM_GLOBAL_GRP_ACCESS_BIT_2
+ Language=English
+AddMember
+.
+MessageId=0x1523
+ SymbolicName=MS_SAM_GLOBAL_GRP_ACCESS_BIT_3
+ Language=English
+RemoveMember
+.
+MessageId=0x1524
+ SymbolicName=MS_SAM_GLOBAL_GRP_ACCESS_BIT_4
+ Language=English
+ListMembers
+.
+
+
+
+
+;//
+;// SAM_ALIAS (local group) object-specific access types
+;//
+
+MessageId=0x1530
+ SymbolicName=MS_SAM_LOCAL_GRP_ACCESS_BIT_0
+ Language=English
+AddMember
+.
+MessageId=0x1531
+ SymbolicName=MS_SAM_LOCAL_GRP_ACCESS_BIT_1
+ Language=English
+RemoveMember
+.
+MessageId=0x1532
+ SymbolicName=MS_SAM_LOCAL_GRP_ACCESS_BIT_2
+ Language=English
+ListMembers
+.
+MessageId=0x1533
+ SymbolicName=MS_SAM_LOCAL_GRP_ACCESS_BIT_3
+ Language=English
+ReadInformation
+.
+MessageId=0x1534
+ SymbolicName=MS_SAM_LOCAL_GRP_ACCESS_BIT_4
+ Language=English
+WriteAccount
+.
+
+
+
+
+;//
+;// SAM_USER object-specific access types
+;//
+
+MessageId=0x1540
+ SymbolicName=MS_SAM_USER_ACCESS_BIT_0
+ Language=English
+ReadGeneralInformation
+.
+MessageId=0x1541
+ SymbolicName=MS_SAM_USER_ACCESS_BIT_1
+ Language=English
+ReadPreferences
+.
+MessageId=0x1542
+ SymbolicName=MS_SAM_USER_ACCESS_BIT_2
+ Language=English
+WritePreferences
+.
+MessageId=0x1543
+ SymbolicName=MS_SAM_USER_ACCESS_BIT_3
+ Language=English
+ReadLogon
+.
+MessageId=0x1544
+ SymbolicName=MS_SAM_USER_ACCESS_BIT_4
+ Language=English
+ReadAccount
+.
+MessageId=0x1545
+ SymbolicName=MS_SAM_USER_ACCESS_BIT_5
+ Language=English
+WriteAccount
+.
+MessageId=0x1546
+ SymbolicName=MS_SAM_USER_ACCESS_BIT_6
+ Language=English
+ChangePassword (with knowledge of old password)
+.
+MessageId=0x1547
+ SymbolicName=MS_SAM_USER_ACCESS_BIT_7
+ Language=English
+SetPassword (without knowledge of old password)
+.
+MessageId=0x1548
+ SymbolicName=MS_SAM_USER_ACCESS_BIT_8
+ Language=English
+ListGroups
+.
+MessageId=0x1549
+ SymbolicName=MS_SAM_USER_ACCESS_BIT_9
+ Language=English
+ReadGroupMembership
+.
+MessageId=0x154A
+ SymbolicName=MS_SAM_USER_ACCESS_BIT_A
+ Language=English
+ChangeGroupMembership
+.
+
+
+
+
+
+;
+;//////////////////////////////////////////////////////////////////////////////
+;// //
+;// //
+;// Local Security Authority Object Access //
+;// names as we would like them //
+;// displayed for auditing //
+;// //
+;// LSA objects are: //
+;// //
+;// PolicyObject //
+;// SecretObject //
+;// TrustedDomainObject //
+;// UserAccountObject //
+;// //
+;// //
+;// //
+;//////////////////////////////////////////////////////////////////////////////
+
+
+
+;//
+;// lsa POLICY object-specific access types
+;//
+
+MessageId=0x1600
+ SymbolicName=MS_LSA_POLICY_ACCESS_BIT_0
+ Language=English
+View non-sensitive policy information
+.
+MessageId=0x1601
+ SymbolicName=MS_LSA_POLICY_ACCESS_BIT_1
+ Language=English
+View system audit requirements
+.
+MessageId=0x1602
+ SymbolicName=MS_LSA_POLICY_ACCESS_BIT_2
+ Language=English
+Get sensitive policy information
+.
+MessageId=0x1603
+ SymbolicName=MS_LSA_POLICY_ACCESS_BIT_3
+ Language=English
+Modify domain trust relationships
+.
+MessageId=0x1604
+ SymbolicName=MS_LSA_POLICY_ACCESS_BIT_4
+ Language=English
+Create special accounts (for assignment of user rights)
+.
+MessageId=0x1605
+ SymbolicName=MS_LSA_POLICY_ACCESS_BIT_5
+ Language=English
+Create a secret object
+.
+MessageId=0x1606
+ SymbolicName=MS_LSA_POLICY_ACCESS_BIT_6
+ Language=English
+Create a privilege
+.
+MessageId=0x1607
+ SymbolicName=MS_LSA_POLICY_ACCESS_BIT_7
+ Language=English
+Set default quota limits
+.
+MessageId=0x1608
+ SymbolicName=MS_LSA_POLICY_ACCESS_BIT_8
+ Language=English
+Change system audit requirements
+.
+MessageId=0x1609
+ SymbolicName=MS_LSA_POLICY_ACCESS_BIT_9
+ Language=English
+Administer audit log attributes
+.
+MessageId=0x160A
+ SymbolicName=MS_LSA_POLICY_ACCESS_BIT_A
+ Language=English
+Enable/Disable LSA
+.
+MessageId=0x160B
+ SymbolicName=MS_LSA_POLICY_ACCESS_BIT_B
+ Language=English
+Lookup Names/SIDs
+.
+
+
+;//
+;// lsa SecretObject object-specific access types
+;//
+
+MessageId=0x1610
+ SymbolicName=MS_LSA_SECRET_ACCESS_BIT_0
+ Language=English
+Change secret value
+.
+MessageId=0x1611
+ SymbolicName=MS_LSA_SECRET_ACCESS_BIT_1
+ Language=English
+Query secret value
+.
+
+
+
+
+;//
+;// lsa TrustedDomainObject object-specific access types
+;//
+
+MessageId=0x1620
+ SymbolicName=MS_LSA_TRUST_ACCESS_BIT_0
+ Language=English
+Query trusted domain name/SID
+.
+MessageId=0x1621
+ SymbolicName=MS_LSA_TRUST_ACCESS_BIT_1
+ Language=English
+Retrieve the controllers in the trusted domain
+.
+MessageId=0x1622
+ SymbolicName=MS_LSA_TRUST_ACCESS_BIT_2
+ Language=English
+Change the controllers in the trusted domain
+.
+MessageId=0x1623
+ SymbolicName=MS_LSA_TRUST_ACCESS_BIT_3
+ Language=English
+Query the Posix ID offset assigned to the trusted domain
+.
+MessageId=0x1624
+ SymbolicName=MS_LSA_TRUST_ACCESS_BIT_4
+ Language=English
+Change the Posix ID offset assigned to the trusted domain
+.
+
+
+
+
+;//
+;// lsa UserAccount (privileged account) object-specific access types
+;//
+
+MessageId=0x1630
+ SymbolicName=MS_LSA_ACCOUNT_ACCESS_BIT_0
+ Language=English
+Query account information
+.
+MessageId=0x1631
+ SymbolicName=MS_LSA_ACCOUNT_ACCESS_BIT_1
+ Language=English
+Change privileges assigned to account
+.
+MessageId=0x1632
+ SymbolicName=MS_LSA_ACCOUNT_ACCESS_BIT_2
+ Language=English
+Change quotas assigned to account
+.
+MessageId=0x1633
+ SymbolicName=MS_LSA_ACCOUNT_ACCESS_BIT_3
+ Language=English
+Change logon capabilities assigned to account
+.
+
+
+
+
+;
+;//////////////////////////////////////////////////////////////////////////////
+;// //
+;// //
+;// Window Station Object Access //
+;// names as we would like them //
+;// displayed for auditing //
+;// //
+;// Window Station objects are: //
+;// //
+;// WindowStation //
+;// Desktop //
+;// //
+;// //
+;// //
+;//////////////////////////////////////////////////////////////////////////////
+
+
+
+;//
+;// WINDOW_STATION object-specific access types
+;//
+
+MessageId=0x1A00
+ SymbolicName=MS_WIN_STA_ACCESS_BIT_0
+ Language=English
+Enumerate desktops
+.
+
+MessageId=0x1A01
+ SymbolicName=MS_WIN_STA_ACCESS_BIT_1
+ Language=English
+Read attributes
+.
+
+MessageId=0x1A02
+ SymbolicName=MS_WIN_STA_ACCESS_BIT_2
+ Language=English
+Access Clipboard
+.
+
+MessageId=0x1A03
+ SymbolicName=MS_WIN_STA_ACCESS_BIT_3
+ Language=English
+Create desktop
+.
+
+MessageId=0x1A04
+ SymbolicName=MS_WIN_STA_ACCESS_BIT_4
+ Language=English
+Write attributes
+.
+
+MessageId=0x1A05
+ SymbolicName=MS_WIN_STA_ACCESS_BIT_5
+ Language=English
+Access global atoms
+.
+
+MessageId=0x1A06
+ SymbolicName=MS_WIN_STA_ACCESS_BIT_6
+ Language=English
+Exit windows
+.
+
+MessageId=0x1A07
+ SymbolicName=MS_WIN_STA_ACCESS_BIT_7
+ Language=English
+Unused Access Flag
+.
+
+MessageId=0x1A08
+ SymbolicName=MS_WIN_STA_ACCESS_BIT_8
+ Language=English
+Include this windowstation in enumerations
+.
+
+MessageId=0x1A09
+ SymbolicName=MS_WIN_STA_ACCESS_BIT_9
+ Language=English
+Read screen
+.
+
+
+
+;//
+;// DESKTOP object-specific access types
+;//
+
+MessageId=0x1A10
+ SymbolicName=MS_DESKTOP_ACCESS_BIT_0
+ Language=English
+Read Objects
+.
+
+MessageId=0x1A11
+ SymbolicName=MS_DESKTOP_ACCESS_BIT_1
+ Language=English
+Create window
+.
+
+MessageId=0x1A12
+ SymbolicName=MS_DESKTOP_ACCESS_BIT_2
+ Language=English
+Create menu
+.
+
+MessageId=0x1A13
+ SymbolicName=MS_DESKTOP_ACCESS_BIT_3
+ Language=English
+Hook control
+.
+
+MessageId=0x1A14
+ SymbolicName=MS_DESKTOP_ACCESS_BIT_4
+ Language=English
+Journal (record)
+.
+
+MessageId=0x1A15
+ SymbolicName=MS_DESKTOP_ACCESS_BIT_5
+ Language=English
+Journal (playback)
+.
+
+MessageId=0x1A16
+ SymbolicName=MS_DESKTOP_ACCESS_BIT_6
+ Language=English
+Include this desktop in enumerations
+.
+
+MessageId=0x1A17
+ SymbolicName=MS_DESKTOP_ACCESS_BIT_7
+ Language=English
+Write objects
+.
+
+MessageId=0x1A18
+ SymbolicName=MS_DESKTOP_ACCESS_BIT_8
+ Language=English
+Switch to this desktop
+.
+
+
+
+;
+;//////////////////////////////////////////////////////////////////////////////
+;// //
+;// //
+;// Print Server Object Access //
+;// names as we would like them //
+;// displayed for auditing //
+;// //
+;// Print Server objects are: //
+;// //
+;// Server //
+;// Printer //
+;// Document //
+;// //
+;// //
+;//////////////////////////////////////////////////////////////////////////////
+
+
+
+;//
+;// print-server SERVER object-specific access types
+;//
+
+MessageId=0x1B00
+ SymbolicName=MS_PRINT_SERVER_ACCESS_BIT_0
+ Language=English
+Administer print server
+.
+
+MessageId=0x1B01
+ SymbolicName=MS_PRINT_SERVER_ACCESS_BIT_1
+ Language=English
+Enumerate printers
+.
+
+;//
+;// print-server PRINTER object-specific access types
+;//
+;// Note that these are based at 0x1B10, but the first
+;// two bits aren't defined.
+;//
+
+MessageId=0x1B12
+ SymbolicName=MS_PRINTER_ACCESS_BIT_0
+ Language=English
+Full Control
+.
+
+MessageId=0x1B13
+ SymbolicName=MS_PRINTER_ACCESS_BIT_1
+ Language=English
+Print
+.
+
+;//
+;// print-server DOCUMENT object-specific access types
+;//
+;// Note that these are based at 0x1B20, but the first
+;// four bits aren't defined.
+
+MessageId=0x1B14
+ SymbolicName=MS_PRINTER_DOC_ACCESS_BIT_0
+ Language=English
+Administer Document
+.
+
+
+
+;
+;//////////////////////////////////////////////////////////////////////////////
+;// //
+;// //
+;// Service Controller Object Access //
+;// names as we would like them //
+;// displayed for auditing //
+;// //
+;// Service Controller objects are: //
+;// //
+;// SC_MANAGER Object //
+;// SERVICE Object //
+;// //
+;// //
+;//////////////////////////////////////////////////////////////////////////////
+
+
+
+
+;//
+;// SERVICE CONTROLLER "SC_MANAGER Object" object-specific access types
+;//
+
+MessageId=0x1C00
+ SymbolicName=MS_SC_MANAGER_ACCESS_BIT_0
+ Language=English
+Connect to service controller
+.
+
+MessageId=0x1C01
+ SymbolicName=MS_SC_MANAGER_ACCESS_BIT_1
+ Language=English
+Create a new service
+.
+
+MessageId=0x1C02
+ SymbolicName=MS_SC_MANAGER_ACCESS_BIT_2
+ Language=English
+Enumerate services
+.
+
+MessageId=0x1C03
+ SymbolicName=MS_SC_MANAGER_ACCESS_BIT_3
+ Language=English
+Lock service database for exclusive access
+.
+
+MessageId=0x1C04
+ SymbolicName=MS_SC_MANAGER_ACCESS_BIT_4
+ Language=English
+Query service database lock state
+.
+
+MessageId=0x1C05
+ SymbolicName=MS_SC_MANAGER_ACCESS_BIT_5
+ Language=English
+Set last-known-good state of service database
+.
+
+
+;//
+;// SERVICE CONTROLLER "SERVICE Object" object-specific access types
+;//
+
+MessageId=0x1C10
+ SymbolicName=MS_SC_SERVICE_ACCESS_BIT_0
+ Language=English
+Query service configuration information
+.
+
+MessageId=0x1C11
+ SymbolicName=MS_SC_SERVICE_ACCESS_BIT_1
+ Language=English
+Set service configuration information
+.
+
+MessageId=0x1C12
+ SymbolicName=MS_SC_SERVICE_ACCESS_BIT_2
+ Language=English
+Query status of service
+.
+
+MessageId=0x1C13
+ SymbolicName=MS_SC_SERVICE_ACCESS_BIT_3
+ Language=English
+Enumerate dependencies of service
+.
+
+MessageId=0x1C14
+ SymbolicName=MS_SC_SERVICE_ACCESS_BIT_4
+ Language=English
+Start the service
+.
+
+MessageId=0x1C15
+ SymbolicName=MS_SC_SERVICE_ACCESS_BIT_5
+ Language=English
+Stop the service
+.
+
+MessageId=0x1C16
+ SymbolicName=MS_SC_SERVICE_ACCESS_BIT_6
+ Language=English
+Pause or continue the service
+.
+
+MessageId=0x1C17
+ SymbolicName=MS_SC_SERVICE_ACCESS_BIT_7
+ Language=English
+Query information from service
+.
+
+MessageId=0x1C18
+ SymbolicName=MS_SC_SERVICE_ACCESS_BIT_8
+ Language=English
+Issue service-specific control commands
+.
+
+
+
+
+;
+;//////////////////////////////////////////////////////////////////////////////
+;// //
+;// //
+;// NetDDE Object Access //
+;// names as we would like them //
+;// displayed for auditing //
+;// //
+;// NetDDE objects are: //
+;// //
+;// DDE Share //
+;// //
+;// //
+;//////////////////////////////////////////////////////////////////////////////
+
+
+;//
+;// Net DDE object-specific access types
+;//
+
+
+;//
+;// DDE Share object-specific access types
+;//
+
+MessageId=0x1D00
+ SymbolicName=MS_DDE_SHARE_ACCESS_BIT_0
+ Language=English
+DDE Share Read
+.
+
+MessageId=0x1D01
+ SymbolicName=MS_DDE_SHARE_ACCESS_BIT_1
+ Language=English
+DDE Share Write
+.
+
+MessageId=0x1D02
+ SymbolicName=MS_DDE_SHARE_ACCESS_BIT_2
+ Language=English
+DDE Share Initiate Static
+.
+
+MessageId=0x1D03
+ SymbolicName=MS_DDE_SHARE_ACCESS_BIT_3
+ Language=English
+DDE Share Initiate Link
+.
+
+MessageId=0x1D04
+ SymbolicName=MS_DDE_SHARE_ACCESS_BIT_4
+ Language=English
+DDE Share Request
+.
+
+MessageId=0x1D05
+ SymbolicName=MS_DDE_SHARE_ACCESS_BIT_5
+ Language=English
+DDE Share Advise
+.
+
+MessageId=0x1D06
+ SymbolicName=MS_DDE_SHARE_ACCESS_BIT_6
+ Language=English
+DDE Share Poke
+.
+
+MessageId=0x1D07
+ SymbolicName=MS_DDE_SHARE_ACCESS_BIT_7
+ Language=English
+DDE Share Execute
+.
+
+MessageId=0x1D08
+ SymbolicName=MS_DDE_SHARE_ACCESS_BIT_8
+ Language=English
+DDE Share Add Items
+.
+
+MessageId=0x1D09
+ SymbolicName=MS_DDE_SHARE_ACCESS_BIT_9
+ Language=English
+DDE Share List Items
+.
+
+
+
+
+;/*lint +e767 */ // Resume checking for different macro definitions // winnt
+;
+;
+;#endif // _MSOBJS_
diff --git a/private/ntos/seaudit/msobjs/sources b/private/ntos/seaudit/msobjs/sources
new file mode 100644
index 000000000..5e38a08d5
--- /dev/null
+++ b/private/ntos/seaudit/msobjs/sources
@@ -0,0 +1,41 @@
+!IF 0
+
+Copyright (c) 1989 Microsoft Corporation
+
+Module Name:
+
+ sources.
+
+Abstract:
+
+ This file specifies the target component being built and the list of
+ sources files needed to build that component. Also specifies optional
+ compiler switches and libraries that are unique for the component being
+ built.
+
+
+Author:
+
+ Steve Wood (stevewo) 12-Apr-1990
+
+NOTE: Commented description of this file is in \nt\bak\bin\sources.tpl
+
+!ENDIF
+
+MAJORCOMP=ntos
+MINORCOMP=msobjs
+
+TARGETNAME=msobjs
+TARGETPATH=\nt\public\sdk\lib
+
+TARGETLIBS=
+
+TARGETTYPE=DYNLINK
+
+INCLUDES=.
+
+SOURCES= audit.rc
+
+UMLIBS=
+
+NTTARGETFILE0=audit.rc
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-04 11:02:40 +0200