diff options
Diffstat (limited to 'private/ntos/seaudit')
-rw-r--r-- | private/ntos/seaudit/dirs | 29 | ||||
-rw-r--r-- | private/ntos/seaudit/msaudite/audit.rc | 14 | ||||
-rw-r--r-- | private/ntos/seaudit/msaudite/makefile | 6 | ||||
-rw-r--r-- | private/ntos/seaudit/msaudite/makefile.inc | 4 | ||||
-rw-r--r-- | private/ntos/seaudit/msaudite/msaudite.def | 3 | ||||
-rw-r--r-- | private/ntos/seaudit/msaudite/msaudite.mc | 2580 | ||||
-rw-r--r-- | private/ntos/seaudit/msaudite/sources | 41 | ||||
-rw-r--r-- | private/ntos/seaudit/msauditt/audit.rc | 13 | ||||
-rw-r--r-- | private/ntos/seaudit/msauditt/makefile | 6 | ||||
-rw-r--r-- | private/ntos/seaudit/msauditt/msauditt.def | 7 | ||||
-rw-r--r-- | private/ntos/seaudit/msauditt/msauditt.mc | 365 | ||||
-rw-r--r-- | private/ntos/seaudit/msauditt/mstmp.c | 55 | ||||
-rw-r--r-- | private/ntos/seaudit/msauditt/sources | 53 | ||||
-rw-r--r-- | private/ntos/seaudit/msobjs/audit.rc | 14 | ||||
-rw-r--r-- | private/ntos/seaudit/msobjs/makefile | 6 | ||||
-rw-r--r-- | private/ntos/seaudit/msobjs/makefile.inc | 4 | ||||
-rw-r--r-- | private/ntos/seaudit/msobjs/msobjs.def | 3 | ||||
-rw-r--r-- | private/ntos/seaudit/msobjs/msobjs.mc | 1908 | ||||
-rw-r--r-- | private/ntos/seaudit/msobjs/sources | 41 |
19 files changed, 5152 insertions, 0 deletions
diff --git a/private/ntos/seaudit/dirs b/private/ntos/seaudit/dirs new file mode 100644 index 000000000..622df6821 --- /dev/null +++ b/private/ntos/seaudit/dirs @@ -0,0 +1,29 @@ +!IF 0 + +Copyright (c) 1989 Microsoft Corporation + +Module Name: + + dirs. + +Abstract: + + This file specifies the subdirectories of the current directory that + contain component makefiles. + + +Author: + + Steve Wood (stevewo) 17-Apr-1990 + +NOTE: Commented description of this file is in \nt\bak\bin\dirs.tpl + +!ENDIF + + +DIRS=msaudite \ + msobjs + + + +OPTIONAL_DIRS= diff --git a/private/ntos/seaudit/msaudite/audit.rc b/private/ntos/seaudit/msaudite/audit.rc new file mode 100644 index 000000000..2d9993b96 --- /dev/null +++ b/private/ntos/seaudit/msaudite/audit.rc @@ -0,0 +1,14 @@ +#include <windows.h> + +1 11 MSG00001.bin + +#include <ntverp.h> + +#define VER_FILETYPE VFT_DLL +#define VER_FILESUBTYPE VFT2_UNKNOWN +#define VER_FILEDESCRIPTION_STR "Security Audit Events DLL" +#define VER_INTERNALNAME_STR "msaudite.dll" +#define VER_ORIGINALFILENAME_STR "msaudite.dll" + +#include "common.ver" + diff --git a/private/ntos/seaudit/msaudite/makefile b/private/ntos/seaudit/msaudite/makefile new file mode 100644 index 000000000..6ee4f43fa --- /dev/null +++ b/private/ntos/seaudit/msaudite/makefile @@ -0,0 +1,6 @@ +# +# DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source +# file to this component. This file merely indirects to the real make file +# that is shared by all the components of NT OS/2 +# +!INCLUDE $(NTMAKEENV)\makefile.def diff --git a/private/ntos/seaudit/msaudite/makefile.inc b/private/ntos/seaudit/msaudite/makefile.inc new file mode 100644 index 000000000..2fd6c3210 --- /dev/null +++ b/private/ntos/seaudit/msaudite/makefile.inc @@ -0,0 +1,4 @@ +$(NTTARGETFILE0): msaudite.rc msg00001.bin + +msaudite.rc msg00001.bin: msaudite.mc + mc -v -r . -h $(_NTROOT)\public\sdk\inc\ msaudite.mc diff --git a/private/ntos/seaudit/msaudite/msaudite.def b/private/ntos/seaudit/msaudite/msaudite.def new file mode 100644 index 000000000..1daa14c4d --- /dev/null +++ b/private/ntos/seaudit/msaudite/msaudite.def @@ -0,0 +1,3 @@ +LIBRARY msaudit + +DESCRIPTION 'Message File for Auditing' diff --git a/private/ntos/seaudit/msaudite/msaudite.mc b/private/ntos/seaudit/msaudite/msaudite.mc new file mode 100644 index 000000000..70691841c --- /dev/null +++ b/private/ntos/seaudit/msaudite/msaudite.mc @@ -0,0 +1,2580 @@ +;/*++ BUILD Version: 0001 // Increment this if a change has global effects +; +;Copyright (c) 1991 Microsoft Corporation +; +;Module Name: +; +; msaudite.mc +; +;Abstract: +; +; Constant definitions for the NT Audit Event Messages. +; +;Author: +; +; Jim Kelly (JimK) 30-Mar-1992 +; +;Revision History: +; +;Notes: +; +; The .h and .res forms of this file are generated from the .mc +; form of the file (private\ntos\seaudit\msaudite\msaudite.mc). +; Please make all changes to the .mc form of the file. +; +; +; +;--*/ +; +;#ifndef _MSAUDITE_ +;#define _MSAUDITE_ +; +;/*lint -e767 */ // Don't complain about different definitions // winnt + + +MessageIdTypedef=ULONG + +SeverityNames=(None=0x0) + +FacilityNames=(None=0x0) + + + +MessageId=0x0000 + Language=English +Unused message ID +. +;// Message ID 0 is unused - just used to flush out the diagram + + + + + + +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// + + + + +; +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// +;// // +;// WARNING - WARNING - WARNING - WARNING - WARNING // +;// // +;// // +;// Everything above this is currently in use in the running system. // +;// // +;// Everything below this is currently under development and is // +;// slated to replace everything above. // +;// // +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// + + + +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// +;// // +;// // +;// Audit Message ID Space: // +;// // +;// 0x0000 - 0x00FF : Reserved for future use. // +;// // +;// 0x0100 - 0x01FF : Categories // +;// // +;// 0x0200 - 0x05FF : Events // +;// // +;// 0x0600 - 0x063F : Standard access types and names for // +;// specific accesses when no specific names // +;// can be found. // +;// // +;// 0x0640 - 0x06FF : Well known privilege names (as we would // +;// like them displayed in the event viewer). // +;// // +;// 0x0700 - 0x0FFE : Reserved for future use. // +;// // +;// 0X0FFF : SE_ADT_LAST_SYSTEM_MESSAGE (the highest // +;// value audit message used by the system) // +;// // +;// // +;// 0x1000 and above: For use by Parameter Message Files // +;// // +;/////////////////////////////////////////////////////////////////////////// +;/////////////////////////////////////////////////////////////////////////// + + + + + +MessageId=0x0FFF + SymbolicName=SE_ADT_LAST_SYSTEM_MESSAGE + Language=English +Highest System-Defined Audit Message Value. +. + + + + + + + + +; +;///////////////////////////////////////////////////////////////////////////// +;// // +;// // +;// CATEGORIES // +;// // +;// Categories take up the range 0x1 - 0x400 // +;// // +;// Category IDs: // +;// // +;// SE_CATEGID_SYSTEM // +;// SE_CATEGID_LOGON // +;// SE_CATEGID_OBJECT_ACCESS // +;// SE_CATEGID_PRIVILEGE_USE // +;// SE_CATEGID_DETAILED_TRACKING // +;// SE_CATEGID_POLICY_CHANGE // +;// SE_CATEGID_ACCOUNT_MANAGEMENT // +;// // +;// // +;///////////////////////////////////////////////////////////////////////////// + +MessageId=0x0001 + SymbolicName=SE_CATEGID_SYSTEM + Language=English +System Event +. + +MessageId=0x0002 + SymbolicName=SE_CATEGID_LOGON + Language=English +Logon/Logoff +. + +MessageId=0x0003 + SymbolicName=SE_CATEGID_OBJECT_ACCESS + Language=English +Object Access +. + +MessageId=0x0004 + SymbolicName=SE_CATEGID_PRIVILEGE_USE + Language=English +Privilege Use +. + +MessageId=0x0005 + SymbolicName=SE_CATEGID_DETAILED_TRACKING + Language=English +Detailed Tracking +. + +MessageId=0x0006 + SymbolicName=SE_CATEGID_POLICY_CHANGE + Language=English +Policy Change +. + +MessageId=0x0007 + SymbolicName=SE_CATEGID_ACCOUNT_MANAGEMENT + Language=English +Account Management +. + + + + + + + + + + + + +; +;///////////////////////////////////////////////////////////////////////////// +;// // +;// // +;// Messages for Category: SE_CATEGID_SYSTEM // +;// // +;// Event IDs: // +;// SE_AUDITID_SYSTEM_RESTART // +;// SE_AUDITID_SYSTEM_SHUTDOWN // +;// SE_AUDITID_AUTH_PACKAGE_LOAD // +;// SE_AUDITID_LOGON_PROC_REGISTER // +;// SE_AUDITID_AUDITS_DISCARDED // +;// SE_AUDITID_NOTIFY_PACKAGE_LOAD // +;// // +;///////////////////////////////////////////////////////////////////////////// + + + +;// +;// +;// SE_AUDITID_SYSTEM_RESTART +;// +;// Category: SE_CATEGID_SYSTEM +;// +;// Parameter Strings - None +;// +;// +;// + +MessageId=0x0200 + SymbolicName=SE_AUDITID_SYSTEM_RESTART + Language=English +Windows NT is starting up. +. + + +;// +;// +;// SE_AUDITID_SYSTEM_SHUTDOWN +;// +;// Category: SE_CATEGID_SYSTEM +;// +;// Parameter Strings - None +;// +;// +;// + +MessageId=0x0201 + SymbolicName=SE_AUDITID_SYSTEM_SHUTDOWN + Language=English +Windows NT is shutting down. +All logon sessions will be terminated by this shutdown. +. + + +;// +;// +;// SE_AUDITID_SYSTEM_AUTH_PACKAGE_LOAD +;// +;// Category: SE_CATEGID_SYSTEM +;// +;// Parameter Strings - +;// +;// 1 - Authentication Package Name +;// +;// +;// + +MessageId=0x0202 + SymbolicName=SE_AUDITID_AUTH_PACKAGE_LOAD + Language=English +An authentication package has been loaded by the Local Security Authority. +This authentication package will be used to authenticate logon attempts. +%n +Authentication Package Name:%t%1 +. + + +;// +;// +;// SE_AUDITID_SYSTEM_LOGON_PROC_REGISTER +;// +;// Category: SE_CATEGID_SYSTEM +;// +;// Parameter Strings - +;// +;// 1 - Logon Process Name +;// +;// +;// + +MessageId=0x0203 + SymbolicName=SE_AUDITID_SYSTEM_LOGON_PROC_REGISTER + Language=English +A trusted logon process has registered with the Local Security Authority. +This logon process will be trusted to submit logon requests. +%n +%n +Logon Process Name:%t%1 +. + + +;// +;// +;// SE_AUDITID_AUDITS_DISCARDED +;// +;// Category: SE_CATEGID_SYSTEM +;// +;// Parameter Strings - +;// +;// 1 - Number of audits discarded +;// +;// +;// + +MessageId=0x0204 + SymbolicName=SE_AUDITID_AUDITS_DISCARDED + Language=English +Internal resources allocated for the queuing of audit messages have been exhausted, +leading to the loss of some audits. +%n +%tNumber of audit messages discarded:%t%1 +. + + +;// +;// +;// SE_AUDITID_AUDIT_LOG_CLEARED +;// +;// Category: SE_CATEGID_SYSTEM +;// +;// Parameter Strings - +;// +;// 1 - Primary user account name +;// +;// 2 - Primary authenticating domain name +;// +;// 3 - Primary logon ID string +;// +;// 4 - Client user account name ("-" if no client) +;// +;// 5 - Client authenticating domain name ("-" if no client) +;// +;// 6 - Client logon ID string ("-" if no client) +;// +;// +;// + +MessageId=0x0205 + SymbolicName=SE_AUDITID_AUDIT_LOG_CLEARED + Language=English +The audit log was cleared +%n +%tPrimary User Name:%t%1%n +%tPrimary Domain:%t%2%n +%tPrimary Logon ID:%t%3%n +%tClient User Name:%t%4%n +%tClient Domain:%t%5%n +%tClient Logon ID:%t%6%n +. + + + + + + + + + + + + + + + +;// +;// +;// SE_AUDITID_SYSTEM_NOTIFY_PACKAGE_LOAD +;// +;// Category: SE_CATEGID_SYSTEM +;// +;// Parameter Strings - +;// +;// 1 - Notification Package Name +;// +;// +;// + +MessageId=0x0206 + SymbolicName=SE_AUDITID_NOTIFY_PACKAGE_LOAD + Language=English +An notification package has been loaded by the Security Account Manager. +This package will be notified of any account or password changes. +%n +Notification Package Name:%t%1 +. + + +; +;///////////////////////////////////////////////////////////////////////////// +;// // +;// // +;// Messages for Category: SE_CATEGID_LOGON // +;// // +;// Event IDs: // +;// SE_AUDITID_SUCCESSFUL_LOGON // +;// SE_AUDITID_UNKNOWN_USER_OR_PWD // +;// SE_AUDITID_ACCOUNT_TIME_RESTR // +;// SE_AUDITID_ACCOUNT_DISABLED // +;// SE_AUDITID_ACCOUNT_EXPIRED // +;// SE_AUDITID_WORKSTATION_RESTR // +;// SE_AUDITID_LOGON_TYPE_RESTR // +;// SE_AUDITID_PASSWORD_EXPIRED // +;// SE_AUDITID_NO_AUTHOR_RESPONSE // +;// SE_AUDITID_NETLOGON_NOT_STARTED // +;// SE_AUDITID_UNSUCCESSFUL_LOGON // +;// SE_AUDITID_LOGOFF // +;// SE_AUDITID_ACCOUNT_LOCKED // +;// // +;// // +;// // +;///////////////////////////////////////////////////////////////////////////// + +;// +;// +;// SE_AUDITID_SUCCESSFUL_LOGON +;// +;// Category: SE_CATEGID_LOGON +;// +;// Parameter Strings - +;// +;// 1 - User account name +;// +;// 2 - Authenticating domain name +;// +;// 3 - Logon ID string +;// +;// 4 - Logon Type string +;// +;// 5 - Logon process name +;// +;// 6 - Authentication package name +;// +;// +;// + +MessageId=0x0210 + SymbolicName=SE_AUDITID_SUCCESSFUL_LOGON + Language=English +Successful Logon:%n +%tUser Name:%t%1%n +%tDomain:%t%t%2%n +%tLogon ID:%t%t%3%n +%tLogon Type:%t%4%n +%tLogon Process:%t%5%n +%tAuthentication Package:%t%6%n +%tWorkstation Name:%t%7 +. + +;// +;// +;// SE_AUDITID_UNKNOWN_USER_OR_PWD +;// +;// Category: SE_CATEGID_LOGON +;// +;// Parameter Strings - +;// +;// 1 - User account name +;// +;// 2 - Authenticating domain name +;// +;// 3 - Logon Type string +;// +;// 4 - Logon process name +;// +;// 5 - Authentication package name +;// +;// + +MessageId=0x0211 + SymbolicName=SE_AUDITID_UNKNOWN_USER_OR_PWD + Language=English +Logon Failure:%n +%tReason:%t%tUnknown user name or bad password%n +%tUser Name:%t%1%n +%tDomain:%t%t%2%n +%tLogon Type:%t%3%n +%tLogon Process:%t%4%n +%tAuthentication Package:%t%5%n +%tWorkstation Name:%t%6 +. + +;// +;// +;// SE_AUDITID_ACCOUNT_TIME_RESTR +;// +;// Category: SE_CATEGID_LOGON +;// +;// Parameter Strings - +;// +;// 1 - User account name +;// +;// 2 - Authenticating domain name +;// +;// 3 - Logon Type string +;// +;// 4 - Logon process name +;// +;// 5 - Authentication package name +;// +;// + +MessageId=0x0212 + SymbolicName=SE_AUDITID_ACCOUNT_TIME_RESTR + Language=English +Logon Failure:%n +%tReason:%t%tAccount logon time restriction violation%n +%tUser Name:%t%1%n +%tDomain:%t%2%n +%tLogon Type:%t%3%n +%tLogon Process:%t%4%n +%tAuthentication Package:%t%5%n +%tWorkstation Name:%t%6 +. + + +;// +;// +;// SE_AUDITID_ACCOUNT_DISABLED +;// +;// Category: SE_CATEGID_LOGON +;// +;// Parameter Strings - +;// +;// 1 - User account name +;// +;// 2 - Authenticating domain name +;// +;// 3 - Logon Type string +;// +;// 4 - Logon process name +;// +;// 5 - Authentication package name +;// +;// + +MessageId=0x0213 + SymbolicName=SE_AUDITID_ACCOUNT_DISABLED + Language=English +Logon Failure:%n +%tReason:%t%tAccount currently disabled%n +%tUser Name:%t%1%n +%tDomain:%t%t%2%n +%tLogon Type:%t%3%n +%tLogon Process:%t%4%n +%tAuthentication Package:%t%5%n +%tWorkstation Name:%t%6 +. + + +;// +;// +;// SE_AUDITID_ACCOUNT_EXPIRED +;// +;// Category: SE_CATEGID_LOGON +;// +;// Parameter Strings - +;// +;// 1 - User account name +;// +;// 2 - Authenticating domain name +;// +;// 3 - Logon Type string +;// +;// 4 - Logon process name +;// +;// 5 - Authentication package name +;// +;// + +MessageId=0x0214 + SymbolicName=SE_AUDITID_ACCOUNT_EXPIRED + Language=English +Logon Failure:%n +%tReason:%t%tThe specified user account has expired%n +%tUser Name:%t%1%n +%tDomain:%t%t%2%n +%tLogon Type:%t%3%n +%tLogon Process:%t%4%n +%tAuthentication Package:%t%5%n +%tWorkstation Name:%t%6 +. + + +;// +;// +;// SE_AUDITID_WORKSTATION_RESTR +;// +;// Category: SE_CATEGID_LOGON +;// +;// Parameter Strings - +;// +;// 1 - User account name +;// +;// 2 - Authenticating domain name +;// +;// 3 - Logon Type string +;// +;// 4 - Logon process name +;// +;// 5 - Authentication package name +;// +;// + +MessageId=0x0215 + SymbolicName=SE_AUDITID_WORKSTATION_RESTR + Language=English +Logon Failure:%n +%tReason:%t%tUser not allowed to logon at this computer%n +%tUser Name:%t%1%n +%tDomain:%t%2%n +%tLogon Type:%t%3%n +%tLogon Process:%t%4%n +%tAuthentication Package:%t%5%n +%tWorkstation Name:%t%6 +. + + +;// +;// +;// SE_AUDITID_LOGON_TYPE_RESTR +;// +;// Category: SE_CATEGID_LOGON +;// +;// Parameter Strings - +;// +;// 1 - User account name +;// +;// 2 - Authenticating domain name +;// +;// 3 - Logon Type string +;// +;// 4 - Logon process name +;// +;// 5 - Authentication package name +;// +;// + +MessageId=0x0216 + SymbolicName=SE_AUDITID_LOGON_TYPE_RESTR + Language=English +Logon Failure:%n +%tReason:%tThe user has not be granted the requested%n +%t%tlogon type at this machine%n +%tUser Name:%t%1%n +%tDomain:%t%t%2%n +%tLogon Type:%t%3%n +%tLogon Process:%t%4%n +%tAuthentication Package:%t%5%n +%tWorkstation Name:%t%6 +. + + +;// +;// +;// SE_AUDITID_PASSWORD_EXPIRED +;// +;// Category: SE_CATEGID_LOGON +;// +;// Parameter Strings - +;// +;// 1 - User account name +;// +;// 2 - Authenticating domain name +;// +;// 3 - Logon Type string +;// +;// 4 - Logon process name +;// +;// 5 - Authentication package name +;// +;// + +MessageId=0x0217 + SymbolicName=SE_AUDITID_PASSWORD_EXPIRED + Language=English +Logon Failure:%n +%tReason:%t%tThe specified account's password has expired%n +%tUser Name:%t%1%n +%tDomain:%t%t%2%n +%tLogon Type:%t%3%n +%tLogon Process:%t%4%n +%tAuthentication Package:%t%5%n +%tWorkstation Name:%t%6 +. + + +;// +;// +;// SE_AUDITID_NETLOGON_NOT_STARTED +;// +;// Category: SE_CATEGID_LOGON +;// +;// Parameter Strings - +;// +;// 1 - User account name +;// +;// 2 - Authenticating domain name +;// +;// 3 - Logon Type string +;// +;// 4 - Logon process name +;// +;// 5 - Authentication package name +;// +;// + +MessageId=0x0218 + SymbolicName=SE_AUDITID_NETLOGON_NOT_STARTED + Language=English +Logon Failure:%n +%tReason:%t%tThe NetLogon component is not active%n +%tUser Name:%t%1%n +%tDomain:%t%t%2%n +%tLogon Type:%t%3%n +%tLogon Process:%t%4%n +%tAuthentication Package:%t%5%n +%tWorkstation Name:%t%6 +. + + +;// +;// +;// SE_AUDITID_UNSUCCESSFUL_LOGON +;// +;// Category: SE_CATEGID_LOGON +;// +;// Parameter Strings - +;// +;// 1 - User account name +;// +;// 2 - Authenticating domain name +;// +;// 3 - Logon Type string +;// +;// 4 - Logon process name +;// +;// 5 - Authentication package name +;// +;// + +MessageId=0x0219 + SymbolicName=SE_AUDITID_UNSUCCESSFUL_LOGON + Language=English +Logon Failure:%n +%tReason:%t%tAn unexpected error occured during logon%n +%tUser Name:%t%1%n +%tDomain:%t%t%2%n +%tLogon Type:%t%3%n +%tLogon Process:%t%4%n +%tAuthentication Package:%t%5%n +%tWorkstation Name:%t%6 +. + + +;// +;// +;// SE_AUDITID_LOGOFF +;// +;// Category: SE_CATEGID_LOGON +;// +;// Parameter Strings - +;// +;// 1 - User account name +;// +;// 2 - Authenticating domain name +;// +;// 3 - Logon ID string +;// +;// 3 - Logon Type string +;// +;// +;// + +MessageId=0x021A + SymbolicName=SE_AUDITID_LOGOFF + Language=English +User Logoff:%n +%tUser Name:%t%1%n +%tDomain:%t%t%2%n +%tLogon ID:%t%t%3%n +%tLogon Type:%t%4%n +. + +;// +;// +;// SE_AUDITID_ACCOUNT_LOCKED +;// +;// Category: SE_CATEGID_LOGON +;// +;// Parameter Strings - +;// +;// 1 - User account name +;// +;// 2 - Authenticating domain name +;// +;// 3 - Logon Type string +;// +;// 4 - Logon process name +;// +;// 5 - Authentication package name +;// +;// + +MessageId=0x021B + SymbolicName=SE_AUDITID_ACCOUNT_LOCKED + Language=English +Logon Failure:%n +%tReason:%t%tAccount locked out%n +%tUser Name:%t%1%n +%tDomain:%t%2%n +%tLogon Type:%t%3%n +%tLogon Process:%t%4%n +%tAuthentication Package:%t%5%n +%tWorkstation Name:%t%6 +. + + + + + + + + + + + + + + + + +; +;///////////////////////////////////////////////////////////////////////////// +;// // +;// // +;// Messages for Category: SE_CATEGID_OBJECT_ACCESS // +;// // +;// Event IDs: // +;// SE_AUDITID_OPEN_HANDLE // +;// SE_AUDITID_CLOSE_HANDLE // +;// SE_AUDITID_OPEN_OBJECT_FOR_DELETE // +;// SE_AUDITID_DELETE_OBJECT // +;// // +;// // +;// // +;///////////////////////////////////////////////////////////////////////////// + + +;// +;// +;// SE_AUDITID_OPEN_HANDLE +;// +;// Category: SE_CATEGID_OBJECT_ACCESS +;// +;// Parameter Strings - +;// +;// 1 - Object Type string +;// +;// 2 - Object name +;// +;// 3 - New handle ID string +;// +;// 4 - Object server name +;// +;// 5 - Process ID string +;// +;// 6 - Primary user account name +;// +;// 7 - Primary authenticating domain name +;// +;// 8 - Primary logon ID string +;// +;// 9 - Client user account name ("-" if no client) +;// +;// 10 - Client authenticating domain name ("-" if no client) +;// +;// 11 - Client logon ID string ("-" if no client) +;// +;// 12 - Access names +;// +;// +;// +;// + +MessageId=0x0230 + SymbolicName=SE_AUDITID_OPEN_HANDLE + Language=English +Object Open:%n +%tObject Server:%t%1%n +%tObject Type:%t%2%n +%tObject Name:%t%3%n +%tNew Handle ID:%t%4%n +%tOperation ID:%t{%5,%6}%n +%tProcess ID:%t%7%n +%tPrimary User Name:%t%8%n +%tPrimary Domain:%t%9%n +%tPrimary Logon ID:%t%10%n +%tClient User Name:%t%11%n +%tClient Domain:%t%12%n +%tClient Logon ID:%t%13%n +%tAccesses%t%t%14%n +%tPrivileges%t%t%15%n +. + + +;// +;// +;// SE_AUDITID_CREATE_HANDLE +;// +;// Category: SE_CATEGID_OBJECT_ACCESS +;// +;// Parameter Strings - +;// +;// 1 - Handle ID string +;// +;// 2,3 - Operation ID +;// +;// 4 - Process ID string +;// +;// +;// +;// + +MessageId=0x0231 + SymbolicName=SE_AUDITID_CREATE_HANDLE + Language=English +Handle Allocated:%n +%tHandle ID:%t%1%n +%tOperation ID:%t{%2,%3}%n +%tProcess ID:%t%4%n +. + + +;// +;// +;// SE_AUDITID_CLOSE_HANDLE +;// +;// Category: SE_CATEGID_OBJECT_ACCESS +;// +;// Parameter Strings - +;// +;// 1 - Object server name +;// +;// 2 - Handle ID string +;// +;// 3 - Process ID string +;// +;// +;// +;// + +MessageId=0x0232 + SymbolicName=SE_AUDITID_CLOSE_HANDLE + Language=English +Handle Closed:%n +%tObject Server:%t%1%n +%tHandle ID:%t%2%n +%tProcess ID:%t%3%n +. + + + + + + + + + + + + + + + + + + + + + + + + + +;// +;// +;// SE_AUDITID_OPEN_OBJECT_FOR_DELETE +;// +;// Category: SE_CATEGID_OBJECT_ACCESS +;// +;// Parameter Strings - +;// +;// 1 - Object Type string +;// +;// 2 - Object name +;// +;// 3 - New handle ID string +;// +;// 4 - Object server name +;// +;// 5 - Process ID string +;// +;// 6 - Primary user account name +;// +;// 7 - Primary authenticating domain name +;// +;// 8 - Primary logon ID string +;// +;// 9 - Client user account name ("-" if no client) +;// +;// 10 - Client authenticating domain name ("-" if no client) +;// +;// 11 - Client logon ID string ("-" if no client) +;// +;// 12 - Access names +;// +;// +;// +;// + +MessageId=0x0233 + SymbolicName=SE_AUDITID_OPEN_OBJECT_FOR_DELETE + Language=English +Object Open for Delete:%n +%tObject Server:%t%1%n +%tObject Type:%t%2%n +%tObject Name:%t%3%n +%tNew Handle ID:%t%4%n +%tOperation ID:%t{%5,%6}%n +%tProcess ID:%t%7%n +%tPrimary User Name:%t%8%n +%tPrimary Domain:%t%9%n +%tPrimary Logon ID:%t%10%n +%tClient User Name:%t%11%n +%tClient Domain:%t%12%n +%tClient Logon ID:%t%13%n +%tAccesses%t%t%14%n +%tPrivileges%t%t%15%n +. + + +;// +;// +;// SE_AUDITID_DELETE_OBJECT +;// +;// Category: SE_CATEGID_OBJECT_ACCESS +;// +;// Parameter Strings - +;// +;// 1 - Object server name +;// +;// 2 - Handle ID string +;// +;// 3 - Process ID string +;// +;// +;// +;// + +MessageId=0x0234 + SymbolicName=SE_AUDITID_DELETE_OBJECT + Language=English +Object Deleted:%n +%tObject Server:%t%1%n +%tHandle ID:%t%2%n +%tProcess ID:%t%3%n +. + + + + + + + + + + + + + + + + + + + + + + + + + +; +;///////////////////////////////////////////////////////////////////////////// +;// // +;// // +;// Messages for Category: SE_CATEGID_PRIVILEGE_USE // +;// // +;// Event IDs: // +;// SE_AUDITID_ASSIGN_SPECIAL_PRIV // +;// SE_AUDITID_PRIVILEGED_SERVICE // +;// SE_AUDITID_PRIVILEGED_OBJECT // +;// // +;// // +;// // +;///////////////////////////////////////////////////////////////////////////// + + + +;// +;// +;// SE_AUDITID_ASSIGN_SPECIAL_PRIV +;// +;// Category: SE_CATEGID_PRIVILEGE_USE +;// +;// Parameter Strings - +;// +;// 1 - User name +;// +;// 2 - domain name +;// +;// 3 - Logon ID string +;// +;// 4 - Privilege names (as 1 string, with formatting) +;// +;// +;// +;// + +MessageId=0x0240 + SymbolicName=SE_AUDITID_ASSIGN_SPECIAL_PRIV + Language=English +Special privileges assigned to new logon:%n +%tUser Name:%t%1%n +%tDomain:%t%t%2%n +%tLogon ID:%t%t%3%n +%tAssigned:%t%t%4 +. + + + + + +;// +;// +;// SE_AUDITID_PRIVILEGED_SERVICE +;// +;// Category: SE_CATEGID_PRIVILEGE_USE +;// +;// Parameter Strings - +;// +;// 1 - server name +;// +;// 2 - service name +;// +;// 3 - Primary User name +;// +;// 4 - Primary domain name +;// +;// 5 - Primary Logon ID string +;// +;// 6 - Client User name (or "-" if not impersonating) +;// +;// 7 - Client domain name (or "-" if not impersonating) +;// +;// 8 - Client Logon ID string (or "-" if not impersonating) +;// +;// 9 - Privilege names (as 1 string, with formatting) +;// +;// +;// +;// + +MessageId=0x0241 + SymbolicName=SE_AUDITID_PRIVILEGED_SERVICE + Language=English +Privileged Service Called:%n +%tServer:%t%t%1%n +%tService:%t%t%2%n +%tPrimary User Name:%t%3%n +%tPrimary Domain:%t%4%n +%tPrimary Logon ID:%t%5%n +%tClient User Name:%t%6%n +%tClient Domain:%t%7%n +%tClient Logon ID:%t%8%n +%tPrivileges:%t%9 +. + + + + + + +;// +;// +;// SE_AUDITID_PRIVILEGED_OBJECT +;// +;// Category: SE_CATEGID_PRIVILEGE_USE +;// +;// Parameter Strings - +;// +;// 1 - Object type +;// +;// 2 - object name (if available) +;// +;// 3 - server name +;// +;// 4 - process ID string +;// +;// 5 - Primary User name +;// +;// 6 - Primary domain name +;// +;// 7 - Primary Logon ID string +;// +;// 8 - Client User name (or "-" if not impersonating) +;// +;// 9 - Client domain name (or "-" if not impersonating) +;// +;// 10 - Client Logon ID string (or "-" if not impersonating) +;// +;// 11 - Privilege names (as 1 string, with formatting) +;// +;// +;// +;// + +;// +;// Jimk Original +;// +;//MessageId=0x0242 +;// SymbolicName=SE_AUDITID_PRIVILEGED_OBJECT +;// Language=English +;//%tPrivileged object operation:%n +;//%t%tObject Type:%t%1%n +;//%t%tObject Name:%t%2%n +;//%t%tObject Server:%t%3%n +;//%t%tProcess ID:%t%4%n +;//%t%tPrimary User Name:%t%5%n +;//%t%tPrimary Domain:%t%6%n +;//%t%tPrimary Logon ID:%t%7%n +;//%t%tClient User Name:%t%8%n +;//%t%tClient Domain:%t%9%n +;//%t%tClient Logon ID:%t%10%n +;//%t%tPrivileges:%t%11 +;//. + + +MessageId=0x0242 + SymbolicName=SE_AUDITID_PRIVILEGED_OBJECT + Language=English +Privileged object operation:%n +%tObject Server:%t%1%n +%tObject Handle:%t%2%n +%tProcess ID:%t%3%n +%tPrimary User Name:%t%4%n +%tPrimary Domain:%t%5%n +%tPrimary Logon ID:%t%6%n +%tClient User Name:%t%7%n +%tClient Domain:%t%8%n +%tClient Logon ID:%t%9%n +%tPrivileges:%t%10 +. + + + + + + + + + +; +;///////////////////////////////////////////////////////////////////////////// +;// // +;// // +;// Messages for Category: SE_CATEGID_DETAILED_TRACKING // +;// // +;// Event IDs: // +;// SE_AUDITID_PROCESS_CREATED // +;// SE_AUDITID_PROCESS_EXIT // +;// SE_AUDITID_DUPLICATE_HANDLE // +;// SE_AUDITID_INDIRECT_REFERENCE // +;// // +;// // +;// // +;///////////////////////////////////////////////////////////////////////////// + + +;// +;// +;// SE_AUDITID_PROCESS_CREATED +;// +;// Category: SE_CATEGID_DETAILED_TRACKING +;// +;// Parameter Strings - +;// +;// 1 - process ID string +;// +;// 2 - Image file name (if available - otherwise "-") +;// +;// 3 - Creating process's ID +;// +;// 4 - User name (of new process) +;// +;// 5 - domain name (of new process) +;// +;// 6 - Logon ID string (of new process) +;// + +MessageId=0x0250 + SymbolicName=SE_AUDITID_PROCESS_CREATED + Language=English +A new process has been created:%n +%tNew Process ID:%t%1%n +%tImage File Name:%t%2%n +%tCreator Process ID:%t%3%n +%tUser Name:%t%4%n +%tDomain:%t%t%5%n +%tLogon ID:%t%t%6%n +. + + + + + +;// +;// +;// SE_AUDITID_PROCESS_EXIT +;// +;// Category: SE_CATEGID_DETAILED_TRACKING +;// +;// Parameter Strings - +;// +;// 1 - process ID string +;// +;// 2 - User name +;// +;// 3 - domain name +;// +;// 4 - Logon ID string +;// +;// +;// +;// + +MessageId=0x0251 + SymbolicName=SE_AUDITID_PROCESS_EXIT + Language=English +A process has exited:%n +%tProcess ID:%t%1%n +%tUser Name:%t%2%n +%tDomain:%t%t%3%n +%tLogon ID:%t%t%4%n +. + + + + + +;// +;// +;// SE_AUDITID_DUPLICATE_HANDLE +;// +;// Category: SE_CATEGID_DETAILED_TRACKING +;// +;// Parameter Strings - +;// +;// 1 - Origin (source) handle ID string +;// +;// 2 - Origin (source) process ID string +;// +;// 3 - New (Target) handle ID string +;// +;// 4 - Target process ID string +;// +;// +;// + +MessageId=0x0252 + SymbolicName=SE_AUDITID_DUPLICATE_HANDLE + Language=English +A handle to an object has been duplicated:%n +%tSource Handle ID:%t%1%n +%tSource Process ID:%t%2%n +%tTarget Handle ID:%t%3%n +%tTarget Process ID:%t%4%n +. + + + + + + + + +;// +;// +;// SE_AUDITID_INDIRECT_REFERENCE +;// +;// Category: SE_CATEGID_DETAILED_TRACKING +;// +;// Parameter Strings - +;// +;// 1 - Object type +;// +;// 2 - object name (if available - otherwise "-") +;// +;// 3 - ID string of handle used to gain access +;// +;// 3 - server name +;// +;// 4 - process ID string +;// +;// 5 - primary User name +;// +;// 6 - primary domain name +;// +;// 7 - primary logon ID +;// +;// 8 - client User name +;// +;// 9 - client domain name +;// +;// 10 - client logon ID +;// +;// 11 - granted access names (with formatting) +;// +;// + +MessageId=0x0253 + SymbolicName=SE_AUDITID_INDIRECT_REFERENCE + Language=English +Indirect access to an object has been obtained:%n +%tObject Type:%t%1%n +%tObject Name:%t%2%n +%tProcess ID:%t%3%n +%tPrimary User Name:%t%4%n +%tPrimary Domain:%t%5%n +%tPrimary Logon ID:%t%6%n +%tClient User Name:%t%7%n +%tClient Domain:%t%8%n +%tClient Logon ID:%t%9%n +%tAccesses:%t%10%n +. + + + + + + + + + + + + + + + + + + + + + + + + +; +;///////////////////////////////////////////////////////////////////////////// +;// // +;// // +;// Messages for Category: SE_CATEGID_POLICY_CHANGE // +;// // +;// Event IDs: // +;// SE_AUDITID_USER_RIGHT_ASSIGNED // +;// SE_AUDITID_USER_RIGHT_REMOVED // +;// SE_AUDITID_TRUSTED_DOMAIN_ADD // +;// SE_AUDITID_TRUSTED_DOMAIN_REM // +;// SE_AUDITID_POLICY_CHANGE // +;// // +;// // +;// // +;///////////////////////////////////////////////////////////////////////////// + + + +;// +;// +;// SE_AUDITID_USER_RIGHT_ASSIGNED +;// +;// Category: SE_CATEGID_POLICY_CHANGE +;// +;// Parameter Strings - +;// +;// 1 - User right name +;// +;// 2 - SID string of account assigned the user right +;// +;// 3 - User name of subject assigning the right +;// +;// 4 - Domain name of subject assigning the right +;// +;// 5 - Logon ID string of subject assigning the right +;// +;// +;// + +MessageId=0x0260 + SymbolicName=SE_AUDITID_USER_RIGHT_ASSIGNED + Language=English +User Right Assigned:%n +%tUser Right:%t%1%n +%tAssigned To:%t%2%n +%tAssigned By:%n +%tUser Name:%t%3%n +%tDomain:%t%t%4%n +%tLogon ID:%t%t%5%n +. + + + + +;// +;// +;// SE_AUDITID_USER_RIGHT_REMOVED +;// +;// Category: SE_CATEGID_POLICY_CHANGE +;// +;// Parameter Strings - +;// +;// 1 - User right name +;// +;// 2 - SID string of account from which the user +;// right was removed +;// +;// 3 - User name of subject removing the right +;// +;// 4 - Domain name of subject removing the right +;// +;// 5 - Logon ID string of subject removing the right +;// +;// + +MessageId=0x0261 + SymbolicName=SE_AUDITID_USER_RIGHT_REMOVED + Language=English +User Right Removed:%n +%tUser Right:%t%1%n +%tRemoved From:%t%2%n +%tRemoved By:%n +%tUser Name:%t%3%n +%tDomain:%t%t%4%n +%tLogon ID:%t%t%5%n +. + + + + + + +;// +;// +;// SE_AUDITID_TRUSTED_DOMAIN_ADD +;// +;// Category: SE_CATEGID_POLICY_CHANGE +;// +;// Parameter Strings - +;// +;// 1 - Name of new trusted domain +;// +;// 2 - SID string of new trusted domain +;// +;// 3 - User name of subject adding the trusted domain +;// +;// 4 - Domain name of subject adding the trusted domain +;// +;// 5 - Logon ID string of subject adding the trusted domain +;// + +MessageId=0x0262 + SymbolicName=SE_AUDITID_TRUSTED_DOMAIN_ADD + Language=English +New Trusted Domain:%n +%tDomain Name:%t%1%n +%tDomain ID:%t%2%n +%tEstablished By:%n +%tUser Name:%t%3%n +%tDomain:%t%t%4%n +%tLogon ID:%t%t%5%n +. + + + + + + +;// +;// +;// SE_AUDITID_TRUSTED_DOMAIN_REM +;// +;// Category: SE_CATEGID_POLICY_CHANGE +;// +;// Parameter Strings - +;// +;// 1 - Name of domain no longer trusted +;// +;// 2 - SID string of domain no longer trusted +;// +;// 3 - User name of subject removing the trusted domain +;// +;// 4 - Domain name of subject removing the trusted domain +;// +;// 5 - Logon ID string of subject removing the trusted domain +;// +;// +;// + +MessageId=0x0263 + SymbolicName=SE_AUDITID_TRUSTED_DOMAIN_REM + Language=English +Removing Trusted Domain:%n +%tDomain Name:%t%1%n +%tDomain ID:%t%2%n +%tRemoved By:%n +%tUser Name:%t%3%n +%tDomain:%t%t%4%n +%tLogon ID:%t%t%5%n +. + + + + + + +;// +;// +;// SE_AUDITID_POLICY_CHANGE +;// +;// Category: SE_CATEGID_POLICY_CHANGE +;// +;// Parameter Strings - +;// +;// 1 - System success audit status ("+" or "-") +;// 2 - System failure audit status ("+" or "-") +;// +;// 3 - Logon/Logoff success audit status ("+" or "-") +;// 4 - Logon/Logoff failure audit status ("+" or "-") +;// +;// 5 - Object Access success audit status ("+" or "-") +;// 6 - Object Access failure audit status ("+" or "-") +;// +;// 7 - Detailed Tracking success audit status ("+" or "-") +;// 8 - Detailed Tracking failure audit status ("+" or "-") +;// +;// 9 - Privilege Use success audit status ("+" or "-") +;// 10 - Privilege Use failure audit status ("+" or "-") +;// +;// 11 - Policy Change success audit status ("+" or "-") +;// 12 - Policy Change failure audit status ("+" or "-") +;// +;// 13 - Account Management success audit status ("+" or "-") +;// 14 - Account Management failure audit status ("+" or "-") +;// +;// 15 - Account Name of user that changed the policy +;// +;// 16 - Domain of user that changed the policy +;// +;// 17 - Logon ID of user that changed the policy +;// +;// + +MessageId=0x0264 + SymbolicName=SE_AUDITID_POLICY_CHANGE + Language=English +Audit Policy Change:%n +New Policy:%n +%tSuccess%tFailure%n +%t %1%t %2%tSystem%n +%t %3%t %4%tLogon/Logoff%n +%t %5%t %6%tObject Access%n +%t %7%t %8%tPrivilege Use%n +%t %9%t %10%tDetailed Tracking%n +%t %11%t %12%tPolicy Change%n +%t %13%t %14%tAccount Management%n%n +Changed By:%n +%tUser Name:%t%15%n +%tDomain Name:%t%16%n +%tLogon ID:%t%t%17 +. + + + + + + + + + + + + +; +;///////////////////////////////////////////////////////////////////////////// +;// // +;// // +;// Messages for Category: SE_CATEGID_ACCOUNT_MANAGEMENT // +;// // +;// Event IDs: // +;// SE_AUDITID_USER_CREATED // +;// SE_AUDITID_USER_CHANGE // +;// SE_AUDITID_ACCOUNT_TYPE_CHANGE // +;// SE_AUDITID_USER_ENABLED // +;// SE_AUDITID_USER_PWD_CHANGED // +;// SE_AUDITID_USER_PWD_SET // +;// SE_AUDITID_USER_DISABLED // +;// SE_AUDITID_USER_DELETED // +;// SE_AUDITID_GLOBAL_GROUP_CREATED // +;// SE_AUDITID_GLOBAL_GROUP_ADD // +;// SE_AUDITID_GLOBAL_GROUP_REM // +;// SE_AUDITID_GLOBAL_GROUP_DELETED // +;// SE_AUDITID_LOCAL_GROUP_CREATED // +;// SE_AUDITID_LOCAL_GROUP_ADD // +;// SE_AUDITID_LOCAL_GROUP_REM // +;// SE_AUDITID_LOCAL_GROUP_DELETED // +;// SE_AUDITID_OTHER_ACCT_CHANGE // +;// SE_AUDITID_DOMAIN_POLICY_CHANGE // +;// // +;// // +;///////////////////////////////////////////////////////////////////////////// + + +;// +;// +;// SE_AUDITID_USER_CREATED +;// +;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT +;// +;// Parameter Strings - +;// +;// 1 - name of new user account +;// +;// 2 - domain of new user account +;// +;// 3 - SID string of new user account +;// +;// 4 - User name of subject creating the user account +;// +;// 5 - Domain name of subject creating the user account +;// +;// 6 - Logon ID string of subject creating the user account +;// +;// 7 - Privileges used to create the user account +;// +;// + +MessageId=0x0270 + SymbolicName=SE_AUDITID_USER_CREATED + Language=English +User Account Created:%n +%tNew Account Name:%t%1%n +%tNew Domain:%t%2%n +%tNew Account ID:%t%3%n +%tCaller User Name:%t%4%n +%tCaller Domain:%t%5%n +%tCaller Logon ID:%t%6%n +%tPrivileges%t%t%7%n +. + + + + + + +;// +;// +;// SE_AUDITID_ACCOUNT_TYPE_CHANGE +;// +;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT +;// +;// Parameter Strings - +;// +;// 1 - name of target user account +;// +;// 2 - domain of target user account +;// +;// 3 - SID string of target user account +;// +;// 4 - new account type string +;// (sigh, this isn't going to be locallizable) +;// +;// 5 - User name of subject changing the user account +;// +;// 6 - Domain name of subject changing the user account +;// +;// 7 - Logon ID string of subject changing the user account +;// +;// + +MessageId=0x0271 + SymbolicName=SE_AUDITID_ACCOUNT_TYPE_CHANGE + Language=English +User Account Type Change:%n +%tTarget Account Name:%t%1%n +%tTarget Domain:%t%2%n +%tTarget Account ID:%t%3%n +%tNew Type:%t%4%n +%tCaller User Name:%t%5%n +%tCaller Domain:%t%6%n +%tCaller Logon ID:%t%7%n +. + + + + + + +;// +;// +;// SE_AUDITID_USER_ENABLED +;// +;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT +;// +;// Parameter Strings - +;// +;// 1 - name of target user account +;// +;// 2 - domain of target user account +;// +;// 3 - SID string of target user account +;// +;// 4 - User name of subject changing the user account +;// +;// 5 - Domain name of subject changing the user account +;// +;// 6 - Logon ID string of subject changing the user account +;// +;// + +MessageId=0x0272 + SymbolicName=SE_AUDITID_USER_ENABLED + Language=English +User Account Enabled:%n +%tTarget Account Name:%t%1%n +%tTarget Domain:%t%2%n +%tTarget Account ID:%t%3%n +%tCaller User Name:%t%4%n +%tCaller Domain:%t%5%n +%tCaller Logon ID:%t%6%n +. + + + + + + +;// +;// +;// SE_AUDITID_USER_PWD_CHANGED +;// +;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT +;// +;// Parameter Strings - +;// +;// 1 - name of target user account +;// +;// 2 - domain of target user account +;// +;// 3 - SID string of target user account +;// +;// 4 - User name of subject changing the user account +;// +;// 5 - Domain name of subject changing the user account +;// +;// 6 - Logon ID string of subject changing the user account +;// +;// + +MessageId=0x0273 + SymbolicName=SE_AUDITID_USER_PWD_CHANGED + Language=English +Change Password Attempt:%n +%tTarget Account Name:%t%1%n +%tTarget Domain:%t%2%n +%tTarget Account ID:%t%3%n +%tCaller User Name:%t%4%n +%tCaller Domain:%t%5%n +%tCaller Logon ID:%t%6%n +%tPrivileges:%t%7%n +. + + + + + + +;// +;// +;// SE_AUDITID_USER_PWD_SET +;// +;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT +;// +;// Parameter Strings - +;// +;// 1 - name of target user account +;// +;// 2 - domain of target user account +;// +;// 3 - SID string of target user account +;// +;// 4 - User name of subject changing the user account +;// +;// 5 - Domain name of subject changing the user account +;// +;// 6 - Logon ID string of subject changing the user account +;// +;// + +MessageId=0x0274 + SymbolicName=SE_AUDITID_USER_PWD_SET + Language=English +User Account password set:%n +%tTarget Account Name:%t%1%n +%tTarget Domain:%t%2%n +%tTarget Account ID:%t%3%n +%tCaller User Name:%t%4%n +%tCaller Domain:%t%5%n +%tCaller Logon ID:%t%6%n +. + + + + + + +;// +;// +;// SE_AUDITID_USER_DISABLED +;// +;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT +;// +;// Parameter Strings - +;// +;// 1 - name of target user account +;// +;// 2 - domain of target user account +;// +;// 3 - SID string of target user account +;// +;// 4 - User name of subject changing the user account +;// +;// 5 - Domain name of subject changing the user account +;// +;// 6 - Logon ID string of subject changing the user account +;// +;// + +MessageId=0x0275 + SymbolicName=SE_AUDITID_USER_DISABLED + Language=English +User Account Disabled:%n +%tTarget Account Name:%t%1%n +%tTarget Domain:%t%2%n +%tTarget Account ID:%t%3%n +%tCaller User Name:%t%4%n +%tCaller Domain:%t%5%n +%tCaller Logon ID:%t%6%n +. + + + + + + +;// +;// +;// SE_AUDITID_USER_DELETED +;// +;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT +;// +;// Parameter Strings - +;// +;// 1 - name of target account +;// +;// 2 - domain of target account +;// +;// 3 - SID string of target account +;// +;// 4 - User name of subject changing the account +;// +;// 5 - Domain name of subject changing the account +;// +;// 6 - Logon ID string of subject changing the account +;// +;// + +MessageId=0x0276 + SymbolicName=SE_AUDITID_USER_DELETED + Language=English +User Account Deleted:%n +%tTarget Account Name:%t%1%n +%tTarget Domain:%t%2%n +%tTarget Account ID:%t%3%n +%tCaller User Name:%t%4%n +%tCaller Domain:%t%5%n +%tCaller Logon ID:%t%6%n +%tPrivileges:%t%7%n +. + + + + + + +;// +;// +;// SE_AUDITID_GLOBAL_GROUP_CREATED +;// +;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT +;// +;// Parameter Strings - +;// +;// 1 - name of new group account +;// +;// 2 - domain of new group account +;// +;// 3 - SID string of new group account +;// +;// 4 - User name of subject creating the account +;// +;// 5 - Domain name of subject creating the account +;// +;// 6 - Logon ID string of subject creating the account +;// +;// + +MessageId=0x0277 + SymbolicName=SE_AUDITID_GLOBAL_GROUP_CREATED + Language=English +Global Group Created:%n +%tNew Account Name:%t%1%n +%tNew Domain:%t%2%n +%tNew Account ID:%t%3%n +%tCaller User Name:%t%4%n +%tCaller Domain:%t%5%n +%tCaller Logon ID:%t%6%n +%tPrivileges:%t%7%n +. + + + + + + +;// +;// +;// SE_AUDITID_GLOBAL_GROUP_ADD +;// +;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT +;// +;// Parameter Strings - +;// +;// 1 - SID string of new member +;// +;// 2 - name of target account +;// +;// 3 - domain of target account +;// +;// 4 - SID string of target account +;// +;// 5 - User name of subject changing the account +;// +;// 6 - Domain name of subject changing the account +;// +;// 7 - Logon ID string of subject changing the account +;// +;// + +MessageId=0x0278 + SymbolicName=SE_AUDITID_GLOBAL_GROUP_ADD + Language=English +Global Group Member Added:%n +%tMember:%t%1%n +%tTarget Account Name:%t%2%n +%tTarget Domain:%t%3%n +%tTarget Account ID:%t%4%n +%tCaller User Name:%t%5%n +%tCaller Domain:%t%6%n +%tCaller Logon ID:%t%7%n +%tPrivileges:%t%8%n +. + + + + + + +;// +;// +;// SE_AUDITID_GLOBAL_GROUP_REM +;// +;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT +;// +;// Parameter Strings - +;// +;// 1 - SID string of member being removed +;// +;// 2 - name of target account +;// +;// 3 - domain of target account +;// +;// 4 - SID string of target account +;// +;// 5 - User name of subject changing the account +;// +;// 6 - Domain name of subject changing the account +;// +;// 7 - Logon ID string of subject changing the account +;// +;// + +MessageId=0x0279 + SymbolicName=SE_AUDITID_GLOBAL_GROUP_REM + Language=English +Global Group Member Removed:%n +%tMember:%t%1%n +%tTarget Account Name:%t%2%n +%tTarget Domain:%t%3%n +%tTarget Account ID:%t%4%n +%tCaller User Name:%t%5%n +%tCaller Domain:%t%6%n +%tCaller Logon ID:%t%7%n +%tPrivileges:%t%8%n +. + + + + + + +;// +;// +;// SE_AUDITID_GLOBAL_GROUP_DELETED +;// +;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT +;// +;// Parameter Strings - +;// +;// 1 - name of target account +;// +;// 2 - domain of target account +;// +;// 3 - SID string of target account +;// +;// 4 - User name of subject changing the account +;// +;// 5 - Domain name of subject changing the account +;// +;// 6 - Logon ID string of subject changing the account +;// +;// + +MessageId=0x027A + SymbolicName=SE_AUDITID_GLOBAL_GROUP_DELETED + Language=English +Global Group Deleted:%n +%tTarget Account Name:%t%1%n +%tTarget Domain:%t%2%n +%tTarget Account ID:%t%3%n +%tCaller User Name:%t%4%n +%tCaller Domain:%t%5%n +%tCaller Logon ID:%t%6%n +%tPrivileges:%t%7%n +. + + + + + +;// +;// +;// SE_AUDITID_LOCAL_GROUP_CREATED +;// +;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT +;// +;// Parameter Strings - +;// +;// 1 - name of new group account +;// +;// 2 - domain of new group account +;// +;// 3 - SID string of new group account +;// +;// 4 - User name of subject creating the account +;// +;// 5 - Domain name of subject creating the account +;// +;// 6 - Logon ID string of subject creating the account +;// +;// + +MessageId=0x027B + SymbolicName=SE_AUDITID_LOCAL_GROUP_CREATED + Language=English +Local Group Created:%n +%tNew Account Name:%t%1%n +%tNew Domain:%t%2%n +%tNew Account ID:%t%3%n +%tCaller User Name:%t%4%n +%tCaller Domain:%t%5%n +%tCaller Logon ID:%t%6%n +%tPrivileges:%t%7%n +. + + + + + + +;// +;// +;// SE_AUDITID_LOCAL_GROUP_ADD +;// +;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT +;// +;// Parameter Strings - +;// +;// 1 - SID string of new member +;// +;// 2 - name of target account +;// +;// 3 - domain of target account +;// +;// 4 - SID string of target account +;// +;// 5 - User name of subject changing the account +;// +;// 6 - Domain name of subject changing the account +;// +;// 7 - Logon ID string of subject changing the account +;// +;// + +MessageId=0x027C + SymbolicName=SE_AUDITID_LOCAL_GROUP_ADD + Language=English +Local Group Member Added:%n +%tMember:%t%1%n +%tTarget Account Name:%t%2%n +%tTarget Domain:%t%t%3%n +%tTarget Account ID:%t%t%4%n +%tCaller User Name:%t%t%5%n +%tCaller Domain:%t%t%6%n +%tCaller Logon ID:%t%t%7%n +%tPrivileges:%t%8%n +. + + + + + + +;// +;// +;// SE_AUDITID_LOCAL_GROUP_REM +;// +;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT +;// +;// Parameter Strings - +;// +;// 1 - SID string of member being removed +;// +;// 2 - name of target account +;// +;// 3 - domain of target account +;// +;// 4 - SID string of target account +;// +;// 5 - User name of subject changing the account +;// +;// 6 - Domain name of subject changing the account +;// +;// 7 - Logon ID string of subject changing the account +;// +;// + +MessageId=0x027D + SymbolicName=SE_AUDITID_LOCAL_GROUP_REM + Language=English +Local Group Member Removed:%n +%tMember:%t%1%n +%tTarget Account Name:%t%2%n +%tTarget Domain:%t%t%3%n +%tTarget Account ID:%t%t%4%n +%tCaller User Name:%t%t%5%n +%tCaller Domain:%t%t%6%n +%tCaller Logon ID:%t%t%7%n +%tPrivileges:%t%t%8%n +. + + + + + + +;// +;// +;// SE_AUDITID_LOCAL_GROUP_DELETED +;// +;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT +;// +;// Parameter Strings - +;// +;// 1 - name of target account +;// +;// 2 - domain of target account +;// +;// 3 - SID string of target account +;// +;// 4 - User name of subject changing the account +;// +;// 5 - Domain name of subject changing the account +;// +;// 6 - Logon ID string of subject changing the account +;// +;// + +MessageId=0x027E + SymbolicName=SE_AUDITID_LOCAL_GROUP_DELETED + Language=English +Local Group Deleted:%n +%tTarget Account Name:%t%1%n +%tTarget Domain:%t%2%n +%tTarget Account ID:%t%3%n +%tCaller User Name:%t%4%n +%tCaller Domain:%t%5%n +%tCaller Logon ID:%t%6%n +%tPrivileges:%t%7%n +. + + +;// +;// +;// SE_AUDITID_LOCAL_GROUP_CHANGE +;// +;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT +;// +;// Parameter Strings - +;// +;// 1 - name of target account +;// +;// 2 - domain of target account +;// +;// 3 - SID string of target account +;// +;// 4 - User name of subject changing the account +;// +;// 5 - Domain name of subject changing the account +;// +;// 6 - Logon ID string of subject changing the account +;// +;// + +MessageId=0x027F + SymbolicName=SE_AUDITID_LOCAL_GROUP_CHANGE + Language=English +Local Group Changed:%n +%tTarget Account Name:%t%1%n +%tTarget Domain:%t%2%n +%tTarget Account ID:%t%3%n +%tCaller User Name:%t%4%n +%tCaller Domain:%t%5%n +%tCaller Logon ID:%t%6%n +%tPrivileges:%t%7%n +. + + + + + + + +;// +;// +;// SE_AUDITID_OTHER_ACCOUNT_CHANGE +;// +;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT +;// +;// Parameter Strings - +;// +;// 1 - Type of change (sigh, this isn't localizable) +;// +;// 2 - Type of changed object +;// +;// 3 - SID string (of changed object) +;// +;// 4 - User name of subject changing the account +;// +;// 5 - Domain name of subject changing the account +;// +;// 6 - Logon ID string of subject changing the account +;// +;// + +MessageId=0x0280 + SymbolicName=SE_AUDITID_OTHER_ACCOUNT_CHANGE + Language=English +General Account Database Change:%n +%tType of change:%t%1%n +%tObject Type:%t%2%n +%tObject Name:%t%3%n +%tObject ID:%t%4%n +%tCaller User Name:%t%5%n +%tCaller Domain:%t%6%n +%tCaller Logon ID:%t%7%n +. + + + + + + + +;// +;// +;// SE_AUDITID_GLOBAL_GROUP_CHANGE +;// +;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT +;// +;// Parameter Strings - +;// +;// 1 - name of target account +;// +;// 2 - domain of target account +;// +;// 3 - SID string of target account +;// +;// 4 - User name of subject changing the account +;// +;// 5 - Domain name of subject changing the account +;// +;// 6 - Logon ID string of subject changing the account +;// +;// + +MessageId=0x0281 + SymbolicName=SE_AUDITID_GLOBAL_GROUP_CHANGE + Language=English +Global Group Changed:%n +%tTarget Account Name:%t%1%n +%tTarget Domain:%t%2%n +%tTarget Account ID:%t%3%n +%tCaller User Name:%t%4%n +%tCaller Domain:%t%5%n +%tCaller Logon ID:%t%6%n +%tPrivileges:%t%7%n +. + + + + +;// +;// +;// SE_AUDITID_USER_CHANGE +;// +;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT +;// +;// Parameter Strings - +;// +;// 1 - name of target user account +;// +;// 2 - domain of target user account +;// +;// 3 - SID string of target user account +;// +;// 4 - User name of subject changing the user account +;// +;// 5 - Domain name of subject changing the user account +;// +;// 6 - Logon ID string of subject changing the user account +;// +;// + +MessageId=0x0282 + SymbolicName=SE_AUDITID_USER_CHANGE + Language=English +User Account Changed:%n +%tTarget Account Name:%t%1%n +%tTarget Domain:%t%2%n +%tTarget Account ID:%t%3%n +%tCaller User Name:%t%4%n +%tCaller Domain:%t%5%n +%tCaller Logon ID:%t%6%n +%tPrivileges:%t%7%n +. + + + +;// +;// +;// SE_AUDITID_DOMAIN_POLICY_CHANGE +;// +;// Category: SE_CATEGID_ACCOUNT_MANAGEMENT +;// +;// Parameter Strings - +;// +;// 1 - (unused) +;// +;// 2 - domain of target user account +;// +;// 3 - SID string of target user account +;// +;// 4 - User name of subject changing the user account +;// +;// 5 - Domain name of subject changing the user account +;// +;// 6 - Logon ID string of subject changing the user account +;// +;// + +MessageId=0x0283 + SymbolicName=SE_AUDITID_DOMAIN_POLICY_CHANGE + Language=English +Domain Policy Changed:%n +%tDomain:%t%t%1%n +%tDomain ID:%t%2%n +%tCaller User Name:%t%3%n +%tCaller Domain:%t%4%n +%tCaller Logon ID:%t%5%n +%tPrivileges:%t%6%n +. + + + + + + + + + + +;/*lint +e767 */ // Resume checking for different macro definitions // winnt +; +; +;#endif // _MSAUDITE_ diff --git a/private/ntos/seaudit/msaudite/sources b/private/ntos/seaudit/msaudite/sources new file mode 100644 index 000000000..462e1dc34 --- /dev/null +++ b/private/ntos/seaudit/msaudite/sources @@ -0,0 +1,41 @@ +!IF 0 + +Copyright (c) 1989 Microsoft Corporation + +Module Name: + + sources. + +Abstract: + + This file specifies the target component being built and the list of + sources files needed to build that component. Also specifies optional + compiler switches and libraries that are unique for the component being + built. + + +Author: + + Steve Wood (stevewo) 12-Apr-1990 + +NOTE: Commented description of this file is in \nt\bak\bin\sources.tpl + +!ENDIF + +MAJORCOMP=ntos +MINORCOMP=msaudite + +TARGETNAME=msaudite +TARGETPATH=\nt\public\sdk\lib + +TARGETLIBS= + +TARGETTYPE=DYNLINK + +INCLUDES=. + +SOURCES= audit.rc + +UMLIBS= + +NTTARGETFILE0=audit.rc diff --git a/private/ntos/seaudit/msauditt/audit.rc b/private/ntos/seaudit/msauditt/audit.rc new file mode 100644 index 000000000..f78b05af5 --- /dev/null +++ b/private/ntos/seaudit/msauditt/audit.rc @@ -0,0 +1,13 @@ +#include <windows.h> + +1 11 MSG00001.bin + +#include <ntverp.h> + +#define VER_FILETYPE VFT_DLL +#define VER_FILESUBTYPE VFT2_UNKNOWN +#define VER_FILEDESCRIPTION_STR "Security Audit Types DLL" +#define VER_INTERNALNAME_STR "msauditt.dll" + +#include "common.ver" + diff --git a/private/ntos/seaudit/msauditt/makefile b/private/ntos/seaudit/msauditt/makefile new file mode 100644 index 000000000..6ee4f43fa --- /dev/null +++ b/private/ntos/seaudit/msauditt/makefile @@ -0,0 +1,6 @@ +# +# DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source +# file to this component. This file merely indirects to the real make file +# that is shared by all the components of NT OS/2 +# +!INCLUDE $(NTMAKEENV)\makefile.def diff --git a/private/ntos/seaudit/msauditt/msauditt.def b/private/ntos/seaudit/msauditt/msauditt.def new file mode 100644 index 000000000..99f7f8806 --- /dev/null +++ b/private/ntos/seaudit/msauditt/msauditt.def @@ -0,0 +1,7 @@ +LIBRARY msaudit + +DESCRIPTION 'Message File for Auditing' + +EXPORTS + MsAuditTDummyEntry + diff --git a/private/ntos/seaudit/msauditt/msauditt.mc b/private/ntos/seaudit/msauditt/msauditt.mc new file mode 100644 index 000000000..185446c17 --- /dev/null +++ b/private/ntos/seaudit/msauditt/msauditt.mc @@ -0,0 +1,365 @@ +;/*++ BUILD Version: 0001 // Increment this if a change has global effects +; +;Copyright (c) 1991 Microsoft Corporation +; +;Module Name: +; +; msauditt.mc +; +;Abstract: +; +; Constant definitions for the NT Audit Event Messages. +; +;Author: +; +; Jim Kelly (JimK) 30-Mar-1992 +; +;Revision History: +; +;Notes: +; +; The .h and .res forms of this file are generated from the .mc +; form of the file (private\ntos\seaudit\msauditt\msauditt.mc). Please make +; all changes to the .mc form of the file. +; +; +; +;--*/ +; +;#ifndef _MSAUDITT_ +;#define _MSAUDITT_ +; +;/*lint -e767 */ // Don't complain about different definitions // winnt + + +MessageIdTypedef=ULONG + +SeverityNames=(None=0x0) + +FacilityNames=(None=0x0) + + + +MessageId=0x0000 + Language=English +Unused message ID +. +;// Message ID 0 is unused - just used to flush out the diagram + + +; +;///////////////////////////////////////////////////////////////////////// +;// // +;// Logon Messages Follow // +;// // +;// // +;///////////////////////////////////////////////////////////////////////// +; + +;//////////////////////////////////////////////// +;// +;// Type: SE_ADT_SUCCESSFUL_LOGON +;// +;// Parameter Strings: +;// +;// String1 - Description +;// + +MessageId=0x0001 + SymbolicName=SE_ADT_SUCCESSFUL_LOGON + Language=English +Successful Logon - + Successful Logon +. + + + +;//////////////////////////////////////////////// +;// +;// Type: SE_ADT_UNSUCCESSFUL_LOGON +;// +;// +;// Parameter Strings: +;// +;// String1 - Description +;// +;// +;// + +MessageId=0x0002 + SymbolicName=SE_ADT_UNSUCCESSFUL_LOGON + Language=English +Failed Logon - + Unsuccessful Logon +. + + +;//////////////////////////////////////////////// +;// +;// Type: SE_ADT_SUCCESSFUL_OBJECT_OPEN +;// +;// +;// Parameter Strings: +;// +;// String1 - Description +;// +;// +;// + +MessageId=0x0003 + SymbolicName=SE_ADT_SUCCESSFUL_OBJECT_OPEN + Language=English +Successful Object Open - + Successful Object Open +. + + + +;//////////////////////////////////////////////// +;// +;// Type: SE_ADT_UNSUCCESSFUL_OBJECT_OPEN +;// +;// +;// Parameter Strings: +;// +;// String1 - Description +;// +;// +;// + +MessageId=0x0004 + SymbolicName=SE_ADT_UNSUCCESSFUL_OBJECT_OPEN + Language=English +Unsuccessful Object Open - + Unsuccessful Object Open +. + + +;//////////////////////////////////////////////// +;// +;// Type: SE_ADT_SYSTEM_RESTART +;// +;// +;// Parameter Strings: +;// +;// String1 - Description +;// +;// + +MessageId=0x0005 + SymbolicName=SE_ADT_SYSTEM_RESTART + Language=English +System has been rebooted - + System has been rebooted +. + + + +;//////////////////////////////////////////////// +;// +;// Type: SE_ADT_HANDLE_ALLOCATION +;// +;// +;// Parameter Strings: +;// +;// String1 - Description +;// +;// + +MessageId=0x0006 + SymbolicName=SE_ADT_HANDLE_ALLOCATION + Language=English +A handle has been allocated + A handle has been allocated +. + + +;//////////////////////////////////////////////// +;// +;// Type: SE_ADT_SUCC_PRIV_SERVICE +;// +;// +;// Parameter Strings: +;// +;// String1 - Description +;// + +MessageId=0x0007 + SymbolicName=SE_ADT_SUCC_PRIV_SERVICE + Language=English +A privilege was successfully used in a system service + A privilege was successfully used in a system service + +. + + +;//////////////////////////////////////////////// +;// +;// Type: SE_ADT_FAILED_PRIV_SERVICE +;// +;// +;// Parameter Strings: +;// +;// +;// + +MessageId=0x0008 + SymbolicName=SE_ADT_FAILED_PRIV_SERVICE + Language=English +A privilege check in a system service failed + A privilege check in a system service failed + +. + + + +;//////////////////////////////////////////////// +;// +;// Type: SE_ADT_SUCC_PRIV_OBJECT +;// +;// +;// Parameter Strings: +;// +;// String1 - Description +;// +;// + +MessageId=0x0009 + SymbolicName=SE_ADT_SUCC_PRIV_OBJECT + Language=English +An attempt to access a privileged object succeeded + An attempt to access a privileged object succeeded + +. + + +;//////////////////////////////////////////////// +;// +;// Type: SE_ADT_FAILED_PRIV_OBJECT +;// +;// +;// Parameter Strings: +;// +;// String1 - Description +;// +;// + +MessageId=0x000A + SymbolicName=SE_ADT_FAILED_PRIV_OBJECT + Language=English +An attempt to access a privileged object failed + An attempt to access a privileged object failed + +. + + + +;//////////////////////////////////////////////// +;// +;// Type: SE_ADT_SUCC_PRIV_SERVICE +;// +;// +;// Parameter Strings: +;// +;// String1 - Description +;// +;// + +MessageId=0x000B + SymbolicName=SE_ADT_SUCC_PRIV_SERVICE + Language=English +An attempt to execute a privileged service succeeded. + An attempt to execute a privileged service succeeded. + +. + + + +;//////////////////////////////////////////////// +;// +;// Type: SE_ADT_OBJECT_CLOSE +;// +;// +;// Parameter Strings: +;// +;// String1 - Description +;// +;// + +MessageId=0x000C + SymbolicName=SE_ADT_OBJECT_CLOSE + Language=English +An object was closed + An object was closed + +. + + + + +;//////////////////////////////////////////////// +;// +;// Type: SE_ADT_SUCC_OBJECT_REFERENCE +;// +;// +;// Parameter Strings: +;// +;// String1 - Description +;// +;// + +MessageId=0x000D + SymbolicName=SE_ADT_SUCC_OBJECT_REFERENCE + Language=English +A named object was accessed but no handle was created + A named object was accessed but no handle was created + +. + + + +;//////////////////////////////////////////////// +;// +;// Type: SE_ADT_FAILED_OBJECT_REFERENCE +;// +;// +;// Parameter Strings: +;// +;// String1 - Description +;// +;// + +MessageId=0x000E + SymbolicName=SE_ADT_FAILED_OBJECT_REFERENCE + Language=English +An attempt to reference a named object was denied + An attempt to reference a named object was denied + +. + + + +;//////////////////////////////////////////////// +;// +;// Type: SE_ADT_SHUTDOWN +;// +;// +;// Parameter Strings: +;// +;// String1 - Description +;// +;// + +MessageId=0x000E + SymbolicName=SE_ADT_SHUTDOWN + Language=English +The system was shut down. + The system was shut down. + +. + + +;/*lint +e767 */ // Resume checking for different macro definitions // winnt +; +; +;#endif // _MSAUDITT_ diff --git a/private/ntos/seaudit/msauditt/mstmp.c b/private/ntos/seaudit/msauditt/mstmp.c new file mode 100644 index 000000000..e7771438e --- /dev/null +++ b/private/ntos/seaudit/msauditt/mstmp.c @@ -0,0 +1,55 @@ +/*++ + +Copyright (c) 1989 Microsoft Corporation + +Module Name: + + tmp.c + +Abstract: + + Temporary (unnecessary) DLL entry point routine. + + + The entry in this file is a bit of a hack. The code isn't + needed, but our linker doesn't know how to build a dll with data only. + When MikeOl gets this fixed, we can remove this obligatory source + file. + + +Author: + + Jim Kelly 24-Mar-1992 + +Revision History: + +--*/ + + +#include <nt.h> + +BOOLEAN +MsAuditTDummyEntry( VOID ) + +/*++ + +Routine Description: + + This routine gets called when this DLL is loaded by the loader. + It does nothing and wouldn't be needed if the linker worked + correctly. + +Arguments: + + None. + + +Return Value: + + None. + +--*/ +{ + + return TRUE; +} diff --git a/private/ntos/seaudit/msauditt/sources b/private/ntos/seaudit/msauditt/sources new file mode 100644 index 000000000..e51a4c07c --- /dev/null +++ b/private/ntos/seaudit/msauditt/sources @@ -0,0 +1,53 @@ +!IF 0 + +Copyright (c) 1989 Microsoft Corporation + +Module Name: + + sources. + +Abstract: + + This file specifies the target component being built and the list of + sources files needed to build that component. Also specifies optional + compiler switches and libraries that are unique for the component being + built. + + +Author: + + Steve Wood (stevewo) 12-Apr-1990 + +NOTE: Commented description of this file is in \nt\bak\bin\sources.tpl + +!ENDIF + +MAJORCOMP=ntos +MINORCOMP=msauditt + +TARGETNAME=msauditt +TARGETPATH=\nt\public\sdk\lib + +TARGETLIBS= + +TARGETTYPE=DYNLINK + +# +# The following entry information is a bit of a hack. The code isn't +# needed, but our linker doesn't know how to build a dll with data only. +# When MikeOl gets this fixed, we can remove the code and this obligatory +# entry and base information. By the way, the base choice is just one I +# know isn't used elsewhere in the system. +# + +DLLBASE=@\NT\PUBLIC\SDK\LIB\coffbase.txt,msauditt + +DLLENTRY=MsAuditTDummyEntry + + +INCLUDES=. + +SOURCES= audit.rc \ + mstmp.c + +UMLIBS= diff --git a/private/ntos/seaudit/msobjs/audit.rc b/private/ntos/seaudit/msobjs/audit.rc new file mode 100644 index 000000000..54937ffee --- /dev/null +++ b/private/ntos/seaudit/msobjs/audit.rc @@ -0,0 +1,14 @@ +#include <windows.h> + +1 11 MSG00001.bin + +#include <ntverp.h> + +#define VER_FILETYPE VFT_DLL +#define VER_FILESUBTYPE VFT2_UNKNOWN +#define VER_FILEDESCRIPTION_STR "System object audit names" +#define VER_INTERNALNAME_STR "msobjs.dll" +#define VER_ORIGINALFILENAME_STR "msobjs.dll" + +#include "common.ver" + diff --git a/private/ntos/seaudit/msobjs/makefile b/private/ntos/seaudit/msobjs/makefile new file mode 100644 index 000000000..6ee4f43fa --- /dev/null +++ b/private/ntos/seaudit/msobjs/makefile @@ -0,0 +1,6 @@ +# +# DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source +# file to this component. This file merely indirects to the real make file +# that is shared by all the components of NT OS/2 +# +!INCLUDE $(NTMAKEENV)\makefile.def diff --git a/private/ntos/seaudit/msobjs/makefile.inc b/private/ntos/seaudit/msobjs/makefile.inc new file mode 100644 index 000000000..aec6a9639 --- /dev/null +++ b/private/ntos/seaudit/msobjs/makefile.inc @@ -0,0 +1,4 @@ +$(NTTARGETFILE0): msobjs.rc msg00001.bin + +msobjs.rc msg00001.bin: msobjs.mc + mc -v -r . -h $(_NTROOT)\public\sdk\inc\ msobjs.mc diff --git a/private/ntos/seaudit/msobjs/msobjs.def b/private/ntos/seaudit/msobjs/msobjs.def new file mode 100644 index 000000000..2bdaca27c --- /dev/null +++ b/private/ntos/seaudit/msobjs/msobjs.def @@ -0,0 +1,3 @@ +LIBRARY msaudit + +DESCRIPTION 'Object access names for auditing' diff --git a/private/ntos/seaudit/msobjs/msobjs.mc b/private/ntos/seaudit/msobjs/msobjs.mc new file mode 100644 index 000000000..5ca7116e5 --- /dev/null +++ b/private/ntos/seaudit/msobjs/msobjs.mc @@ -0,0 +1,1908 @@ +;/*++ BUILD Version: 0001 // Increment this if a change has global effects +; +;Copyright (c) 1991 Microsoft Corporation +; +;Module Name: +; +; msobjs.mc +; +;Abstract: +; +; Constant definitions for the NT system-defined object access +; types as we want them displayed in the event viewer for Auditing. +; +; +; +; ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! +; ! ! +; ! Note that this is a PARAMETER MESSAGE FILE from the event viewer's ! +; ! perspective, and so no messages with an ID lower than 0x1000 should ! +; ! be defined here. ! +; ! ! +; ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! +; +; +; Please add new object-specific types at the end of this file... +; +; +;Author: +; +; Jim Kelly (JimK) 14-Oct-1992 +; +;Revision History: +; +;Notes: +; +; The .h and .res forms of this file are generated from the .mc +; form of the file (private\ntos\seaudit\msobjs\msobjs.mc). Please make +; all changes to the .mc form of the file. +; +; +; +;--*/ +; +;#ifndef _MSOBJS_ +;#define _MSOBJS_ +; +;/*lint -e767 */ // Don't complain about different definitions // winnt + + +MessageIdTypedef=ULONG + +SeverityNames=(None=0x0) + +FacilityNames=(None=0x0) + + + +MessageId=0x600 + Language=English +Unused message ID +. +;// Message ID 600 is unused - just used to flush out the diagram + + +; +;////////////////////////////////////////////////////////////////////////////// +;////////////////////////////////////////////////////////////////////////////// +;////////////////////////////////////////////////////////////////////////////// +;////////////////////////////////////////////////////////////////////////////// +;////////////////////////////////////////////////////////////////////////////// +;////////////////////////////////////////////////////////////////////////////// +;////////////////////////////////////////////////////////////////////////////// +;////////////////////////////////////////////////////////////////////////////// +;////////////////////////////////////////////////////////////////////////////// +;////////////////////////////////////////////////////////////////////////////// +;// // +;// // +;// WELL KNOWN ACCESS TYPE NAMES // +;// // +;// Must be below 0x1000 // +;// // +;// // +;////////////////////////////////////////////////////////////////////////////// +;////////////////////////////////////////////////////////////////////////////// +;////////////////////////////////////////////////////////////////////////////// +;////////////////////////////////////////////////////////////////////////////// +;////////////////////////////////////////////////////////////////////////////// +;////////////////////////////////////////////////////////////////////////////// +;////////////////////////////////////////////////////////////////////////////// +;////////////////////////////////////////////////////////////////////////////// +;////////////////////////////////////////////////////////////////////////////// +;////////////////////////////////////////////////////////////////////////////// + +;//////////////////////////////////////////////// +;// +;// Access Type = DELETE +;// + +MessageId=0x0601 + SymbolicName=SE_ACCESS_NAME_DELETE + Language=English +DELETE +. + + +;//////////////////////////////////////////////// +;// +;// Access Type = READ_CONTROL +;// + +MessageId=0x0602 + SymbolicName=SE_ACCESS_NAME_READ_CONTROL + Language=English +READ_CONTROL +. + + +;//////////////////////////////////////////////// +;// +;// Access Type = WRITE_DAC +;// + +MessageId=0x0603 + SymbolicName=SE_ACCESS_NAME_WRITE_DAC + Language=English +WRITE_DAC +. + + +;//////////////////////////////////////////////// +;// +;// Access Type = WRITE_OWNER +;// + +MessageId=0x0604 + SymbolicName=SE_ACCESS_NAME_WRITE_OWNER + Language=English +WRITE_OWNER +. + + +;//////////////////////////////////////////////// +;// +;// Access Type = SYNCHRONIZE +;// + +MessageId=0x0605 + SymbolicName=SE_ACCESS_NAME_SYNCHRONIZE + Language=English +SYNCHRONIZE +. + + +;//////////////////////////////////////////////// +;// +;// Access Type = ACCESS_SYSTEM_SECURITY +;// + +MessageId=0x0606 + SymbolicName=SE_ACCESS_NAME_ACCESS_SYS_SEC + Language=English +ACCESS_SYS_SEC +. + +;//////////////////////////////////////////////// +;// +;// Access Type = MAXIMUM_ALLOWED +;// + +MessageId=0x0607 + SymbolicName=SE_ACCESS_NAME_MAXIMUM_ALLOWED + Language=English +MAX_ALLOWED +. + + + +; +;////////////////////////////////////////////////////////////////////////////// +;// // +;// // +;// Names to use when specific access // +;// names can not be located // +;// // +;// Must be below 0x1000 // +;// // +;// // +;////////////////////////////////////////////////////////////////////////////// + +;//////////////////////////////////////////////// +;// +;// Access Type = Specific access, bits 0 - 15 +;// + +MessageId=0x0610 + SymbolicName=SE_ACCESS_NAME_SPECIFIC_0 + Language=English +Unknown specific access (bit 0) +. + + +MessageId=0x0611 + SymbolicName=SE_ACCESS_NAME_SPECIFIC_1 + Language=English +Unknown specific access (bit 1) +. + + +MessageId=0x0612 + SymbolicName=SE_ACCESS_NAME_SPECIFIC_2 + Language=English +Unknown specific access (bit 2) +. + + +MessageId=0x0613 + SymbolicName=SE_ACCESS_NAME_SPECIFIC_3 + Language=English +Unknown specific access (bit 3) +. + + +MessageId=0x0614 + SymbolicName=SE_ACCESS_NAME_SPECIFIC_4 + Language=English +Unknown specific access (bit 4) +. + + +MessageId=0x0615 + SymbolicName=SE_ACCESS_NAME_SPECIFIC_5 + Language=English +Unknown specific access (bit 5) +. + + +MessageId=0x0616 + SymbolicName=SE_ACCESS_NAME_SPECIFIC_6 + Language=English +Unknown specific access (bit 6) +. + + +MessageId=0x0617 + SymbolicName=SE_ACCESS_NAME_SPECIFIC_7 + Language=English +Unknown specific access (bit 7) +. + + +MessageId=0x0618 + SymbolicName=SE_ACCESS_NAME_SPECIFIC_8 + Language=English +Unknown specific access (bit 8) +. + + +MessageId=0x0619 + SymbolicName=SE_ACCESS_NAME_SPECIFIC_9 + Language=English +Unknown specific access (bit 9) +. + + +MessageId=0x061A + SymbolicName=SE_ACCESS_NAME_SPECIFIC_10 + Language=English +Unknown specific access (bit 10) +. + + +MessageId=0x061B + SymbolicName=SE_ACCESS_NAME_SPECIFIC_11 + Language=English +Unknown specific access (bit 11) +. + + +MessageId=0x061C + SymbolicName=SE_ACCESS_NAME_SPECIFIC_12 + Language=English +Unknown specific access (bit 12) +. + + +MessageId=0x061D + SymbolicName=SE_ACCESS_NAME_SPECIFIC_13 + Language=English +Unknown specific access (bit 13) +. + + +MessageId=0x061E + SymbolicName=SE_ACCESS_NAME_SPECIFIC_14 + Language=English +Unknown specific access (bit 14) +. + + +MessageId=0x061F + SymbolicName=SE_ACCESS_NAME_SPECIFIC_15 + Language=English +Unknown specific access (bit 15) +. + + + + + + + +; +;////////////////////////////////////////////////////////////////////////////// +;// // +;// // +;// Privilege names as we would like // +;// them displayed for auditing // +;// // +;// // +;// // +;// NOTE: Eventually we will need a way to extend this mechanism to allow // +;// for ISV and end-user defined privileges. One way would be to // +;// stick a mapping from source/privilege name to parameter message // +;// file offset in the registry. This is ugly and I don't like it, // +;// but it works. Something else would be prefereable. // +;// // +;// THIS IS A BIT OF A HACK RIGHT NOW. IT IS BASED UPON THE // +;// ASSUMPTION THAT ALL THE PRIVILEGES ARE WELL-KNOWN AND THAT // +;// THEIR VALUE ARE ALL CONTIGUOUS. // +;// // +;// // +;// // +;// // +;// // +;////////////////////////////////////////////////////////////////////////////// + + +MessageId=0x0641 + SymbolicName=SE_ADT_PRIV_BASE + Language=English +Not used +. + +MessageId=0x0643 + SymbolicName=SE_ADT_PRIV_3 + Language=English +Assign Primary Token Privilege +. +MessageId=0x0644 + SymbolicName=SE_ADT_PRIV_4 + Language=English +Lock Memory Privilege +. +MessageId=0x0645 + SymbolicName=SE_ADT_PRIV_5 + Language=English +Increase Memory Quota Privilege +. +MessageId=0x0646 + SymbolicName=SE_ADT_PRIV_6 + Language=English +Unsolicited Input Privilege +. +MessageId=0x0647 + SymbolicName=SE_ADT_PRIV_7 + Language=English +Trusted Computer Base Privilege +. +MessageId=0x0648 + SymbolicName=SE_ADT_PRIV_8 + Language=English +Security Privilege +. +MessageId=0x0649 + SymbolicName=SE_ADT_PRIV_9 + Language=English +Take Ownership Privilege +. +MessageId=0x064A + SymbolicName=SE_ADT_PRIV_10 + Language=English +Load/Unload Driver Privilege +. +MessageId=0x064B + SymbolicName=SE_ADT_PRIV_11 + Language=English +Profile System Privilege +. +MessageId=0x064C + SymbolicName=SE_ADT_PRIV_12 + Language=English +Set System Time Privilege +. +MessageId=0x064D + SymbolicName=SE_ADT_PRIV_13 + Language=English +Profile Single Process Privilege +. +MessageId=0x064E + SymbolicName=SE_ADT_PRIV_14 + Language=English +Increment Base Priority Privilege +. +MessageId=0x064F + SymbolicName=SE_ADT_PRIV_15 + Language=English +Create Pagefile Privilege +. +MessageId=0x0650 + SymbolicName=SE_ADT_PRIV_16 + Language=English +Create Permanent Object Privilege +. +MessageId=0x0651 + SymbolicName=SE_ADT_PRIV_17 + Language=English +Backup Privilege +. +MessageId=0x0652 + SymbolicName=SE_ADT_PRIV_18 + Language=English +Restore From Backup Privilege +. +MessageId=0x0653 + SymbolicName=SE_ADT_PRIV_19 + Language=English +Shutdown System Privilege +. +MessageId=0x0654 + SymbolicName=SE_ADT_PRIV_20 + Language=English +Debug Privilege +. +MessageId=0x0655 + SymbolicName=SE_ADT_PRIV_21 + Language=English +View or Change Audit Log Privilege +. +MessageId=0x0656 + SymbolicName=SE_ADT_PRIV_22 + Language=English +Change Hardware Environment Privilege +. +MessageId=0x0657 + SymbolicName=SE_ADT_PRIV_23 + Language=English +Change Notify (and Traverse) Privilege +. +MessageId=0x0658 + SymbolicName=SE_ADT_PRIV_24 + Language=English +Remotely Shut System Down Privilege +. + + + + + + + + + + + + + + + +; +;////////////////////////////////////////////////////////////////////////////// +;// // +;// // +;// Executive object access types as // +;// we would like them displayed // +;// for auditing // +;// // +;// Executive objects are: // +;// // +;// Channel // +;// Device // +;// Directory // +;// Event // +;// EventPair // +;// File // +;// IoCompletion // +;// Key // +;// Mutant // +;// Port // +;// Process // +;// Profile // +;// Section // +;// Semaphore // +;// SymbolicLink // +;// Thread // +;// Timer // +;// Token // +;// Type // +;// // +;// // +;// Note that there are other kernel objects, but they // +;// are not visible outside of the executive and are so // +;// not subject to auditing. These objects include // +;// // +;// Adaptor // +;// Controller // +;// Driver // +;// // +;// // +;// // +;////////////////////////////////////////////////////////////////////////////// + + + + + +;// +;// DEVICE object-specific access types +;// + +MessageId=0x1100 + SymbolicName=MS_DEVICE_ACCESS_BIT_0 + Language=English +Device Access Bit0 +. +MessageId=0x1101 + SymbolicName=MS_DEVICE_ACCESS_BIT_1 + Language=English +Device Access Bit 1 +. +MessageId=0x1102 + SymbolicName=MS_DEVICE_ACCESS_BIT_2 + Language=English +Device Access Bit 2 +. +MessageId=0x1103 + SymbolicName=MS_DEVICE_ACCESS_BIT_3 + Language=English +Device Access Bit 3 +. +MessageId=0x1104 + SymbolicName=MS_DEVICE_ACCESS_BIT_4 + Language=English +Device Access Bit 4 +. +MessageId=0x1105 + SymbolicName=MS_DEVICE_ACCESS_BIT_5 + Language=English +Device Access Bit 5 +. +MessageId=0x1106 + SymbolicName=MS_DEVICE_ACCESS_BIT_6 + Language=English +Device Access Bit 6 +. +MessageId=0x1107 + SymbolicName=MS_DEVICE_ACCESS_BIT_7 + Language=English +Device Access Bit 7 +. +MessageId=0x1108 + SymbolicName=MS_DEVICE_ACCESS_BIT_8 + Language=English +Device Access Bit 8 +. + + + +;// +;// object DIRECTORY object-specific access types +;// + +MessageId=0x1110 + SymbolicName=MS_OBJECT_DIR_ACCESS_BIT_0 + Language=English +Query directory +. +MessageId=0x1111 + SymbolicName=MS_OBJECT_DIR_ACCESS_BIT_1 + Language=English +Traverse +. +MessageId=0x1112 + SymbolicName=MS_OBJECT_DIR_ACCESS_BIT_2 + Language=English +Create object in directory +. +MessageId=0x1113 + SymbolicName=MS_OBJECT_DIR_ACCESS_BIT_3 + Language=English +Create sub-directory +. + + +;// +;// EVENT object-specific access types +;// + +MessageId=0x1120 + SymbolicName=MS_EVENT_ACCESS_BIT_0 + Language=English +Query event state +. +MessageId=0x1121 + SymbolicName=MS_EVENT_ACCESS_BIT_1 + Language=English +Modify event state +. + + + +;// +;// EVENT-PAIR object-specific access types +;// + +;// +;// Event pairs have no object-type-specific access bits. +;// they use synchronize. +;// +;// reserve 0x1130 for future use and continuity +;// + + +;// +;// File-specific access types +;// (these are funny because they sorta hafta take directories +;// and named pipes into account as well). +;// + +MessageId=0x1140 + SymbolicName=MS_FILE_ACCESS_BIT_0 + Language=English +ReadData (or ListDirectory) +. +MessageId=0x1141 + SymbolicName=MS_FILE_ACCESS_BIT_1 + Language=English +WriteData (or AddFile) +. +MessageId=0x1142 + SymbolicName=MS_FILE_ACCESS_BIT_2 + Language=English +AppendData (or AddSubdirectory or CreatePipeInstance) +. +MessageId=0x1143 + SymbolicName=MS_FILE_ACCESS_BIT_3 + Language=English +ReadEA +. +MessageId=0x1144 + SymbolicName=MS_FILE_ACCESS_BIT_4 + Language=English +WriteEA +. +MessageId=0x1145 + SymbolicName=MS_FILE_ACCESS_BIT_5 + Language=English +Execute/Traverse +. +MessageId=0x1146 + SymbolicName=MS_FILE_ACCESS_BIT_6 + Language=English +DeleteChild +. +MessageId=0x1147 + SymbolicName=MS_FILE_ACCESS_BIT_7 + Language=English +ReadAttributes +. +MessageId=0x1148 + SymbolicName=MS_FILE_ACCESS_BIT_8 + Language=English +WriteAttributes +. + + + +;// +;// KEY object-specific access types +;// + +MessageId=0x1150 + SymbolicName=MS_KEY_ACCESS_BIT_0 + Language=English +Query key value +. + +MessageId=0x1151 + SymbolicName=MS_KEY_ACCESS_BIT_1 + Language=English +Set key value +. + +MessageId=0x1152 + SymbolicName=MS_KEY_ACCESS_BIT_2 + Language=English +Create sub-key +. + +MessageId=0x1153 + SymbolicName=MS_KEY_ACCESS_BIT_3 + Language=English +Enumerate sub-keys +. + +MessageId=0x1154 + SymbolicName=MS_KEY_ACCESS_BIT_4 + Language=English +Notify about changes to keys +. + +MessageId=0x1155 + SymbolicName=MS_KEY_ACCESS_BIT_5 + Language=English +Create Link +. + + +;// +;// MUTANT object-specific access types +;// + +MessageId=0x1160 + SymbolicName=MS_MUTANT_ACCESS_BIT_0 + Language=English +Query mutant state +. + + + +;// +;// lpc PORT object-specific access types +;// + +MessageId=0x1170 + SymbolicName=MS_LPC_PORT_ACCESS_BIT_0 + Language=English +Communicate using port +. + + + +;// +;// Process object-specific access types +;// + +MessageId=0x1180 + SymbolicName=MS_PROCESS_ACCESS_BIT_0 + Language=English +Force process termination +. +MessageId=0x1181 + SymbolicName=MS_PROCESS_ACCESS_BIT_1 + Language=English +Create new thread in process +. +MessageId=0x1182 + SymbolicName=MS_PROCESS_ACCESS_BIT_2 + Language=English +Unused access bit +. +MessageId=0x1183 + SymbolicName=MS_PROCESS_ACCESS_BIT_3 + Language=English +Perform virtual memory operation +. +MessageId=0x1184 + SymbolicName=MS_PROCESS_ACCESS_BIT_4 + Language=English +Read from process memory +. +MessageId=0x1185 + SymbolicName=MS_PROCESS_ACCESS_BIT_5 + Language=English +Write to process memory +. +MessageId=0x1186 + SymbolicName=MS_PROCESS_ACCESS_BIT_6 + Language=English +Duplicate handle into or out of process +. +MessageId=0x1187 + SymbolicName=MS_PROCESS_ACCESS_BIT_7 + Language=English +Create a subprocess of process +. +MessageId=0x1188 + SymbolicName=MS_PROCESS_ACCESS_BIT_8 + Language=English +Set process quotas +. +MessageId=0x1189 + SymbolicName=MS_PROCESS_ACCESS_BIT_9 + Language=English +Set process information +. +MessageId=0x118A + SymbolicName=MS_PROCESS_ACCESS_BIT_A + Language=English +Query process information +. +MessageId=0x118B + SymbolicName=MS_PROCESS_ACCESS_BIT_B + Language=English +Set process termination port +. + + + +;// +;// PROFILE object-specific access types +;// + +MessageId=0x1190 + SymbolicName=MS_PROFILE_ACCESS_BIT_0 + Language=English +Control profile +. + + +;// +;// SECTION object-specific access types +;// + +MessageId=0x11A0 + SymbolicName=MS_SECTION_ACCESS_BIT_0 + Language=English +Query section state +. +MessageId=0x11A1 + SymbolicName=MS_SECTION_ACCESS_BIT_1 + Language=English +Map section for write +. +MessageId=0x11A2 + SymbolicName=MS_SECTION_ACCESS_BIT_2 + Language=English +Map section for read +. +MessageId=0x11A3 + SymbolicName=MS_SECTION_ACCESS_BIT_3 + Language=English +Map section for execute +. +MessageId=0x11A4 + SymbolicName=MS_SECTION_ACCESS_BIT_4 + Language=English +Extend size +. + + + +;// +;// SEMAPHORE object-specific access types +;// + +MessageId=0x11B0 + SymbolicName=MS_SEMAPHORE_ACCESS_BIT_0 + Language=English +Query semaphore state +. + +MessageId=0x11B1 + SymbolicName=MS_SEMAPHORE_ACCESS_BIT_1 + Language=English +Modify semaphore state +. + + +;// +;// SymbolicLink object-specific access types +;// + +MessageId=0x11C0 + SymbolicName=MS_SYMB_LINK_ACCESS_BIT_0 + Language=English +Use symbolic link +. + + + + + +;// +;// Thread object-specific access types +;// + +MessageId=0x11D0 + SymbolicName=MS_THREAD_ACCESS_BIT_0 + Language=English +Force thread termination +. +MessageId=0x11D1 + SymbolicName=MS_THREAD_ACCESS_BIT_1 + Language=English +Suspend or resume thread +. +MessageId=0x11D2 + SymbolicName=MS_THREAD_ACCESS_BIT_2 + Language=English +Send an alert to thread +. +MessageId=0x11D3 + SymbolicName=MS_THREAD_ACCESS_BIT_3 + Language=English +Get thread context +. +MessageId=0x11D4 + SymbolicName=MS_THREAD_ACCESS_BIT_4 + Language=English +Set thread context +. +MessageId=0x11D5 + SymbolicName=MS_THREAD_ACCESS_BIT_5 + Language=English +Set thread information +. +MessageId=0x11D6 + SymbolicName=MS_THREAD_ACCESS_BIT_6 + Language=English +Query thread information +. +MessageId=0x11D7 + SymbolicName=MS_THREAD_ACCESS_BIT_7 + Language=English +Assign a token to the thread +. +MessageId=0x11D8 + SymbolicName=MS_THREAD_ACCESS_BIT_8 + Language=English +Cause thread to directly impersonate another thread +. +MessageId=0x11D9 + SymbolicName=MS_THREAD_ACCESS_BIT_9 + Language=English +Directly impersonate this thread +. + + + + +;// +;// TIMER object-specific access types +;// + +MessageId=0x11E0 + SymbolicName=MS_TIMER_ACCESS_BIT_0 + Language=English +Query timer state +. +MessageId=0x11E1 + SymbolicName=MS_TIMER_ACCESS_BIT_1 + Language=English +Modify timer state +. + + +;// +;// Token-specific access types +;// + +MessageId=0x11F0 + SymbolicName=MS_TOKEN_ACCESS_BIT_0 + Language=English +AssignAsPrimary +. +MessageId=0x11F1 + SymbolicName=MS_TOKEN_ACCESS_BIT_1 + Language=English +Duplicate +. +MessageId=0x11F2 + SymbolicName=MS_TOKEN_ACCESS_BIT_2 + Language=English +Impersonate +. +MessageId=0x11F3 + SymbolicName=MS_TOKEN_ACCESS_BIT_3 + Language=English +Query +. +MessageId=0x11F4 + SymbolicName=MS_TOKEN_ACCESS_BIT_4 + Language=English +QuerySource +. +MessageId=0x11F5 + SymbolicName=MS_TOKEN_ACCESS_BIT_5 + Language=English +AdjustPrivileges +. +MessageId=0x11F6 + SymbolicName=MS_TOKEN_ACCESS_BIT_6 + Language=English +AdjustGroups +. +MessageId=0x11F7 + SymbolicName=MS_TOKEN_ACCESS_BIT_7 + Language=English +AdjustDefaultDacl +. + + + +;// +;// OBJECT_TYPE object-specific access types +;// + +MessageId=0x1200 + SymbolicName=MS_OBJECT_TYPE_ACCESS_BIT_0 + Language=English +Create instance of object type +. + + + +;// +;// IoCompletion object-specific access types +;// + +MessageId=0x1300 + SymbolicName=MS_IO_COMPLETION_ACCESS_BIT_0 + Language=English +Query State +. + +MessageId=0x1301 + SymbolicName=MS_IO_COMPLETION_ACCESS_BIT_1 + Language=English +Modify State +. + + + +;// +;// CHANNEL object-specific access types +;// + +MessageId=0x1400 + SymbolicName=MS_CHANNEL_ACCESS_BIT_0 + Language=English +Channel read message +. +MessageId=0x1401 + SymbolicName=MS_CHANNEL_ACCESS_BIT_1 + Language=English +Channel write message +. +MessageId=0x1402 + SymbolicName=MS_CHANNEL_ACCESS_BIT_2 + Language=English +Channel query information +. +MessageId=0x1403 + SymbolicName=MS_CHANNEL_ACCESS_BIT_3 + Language=English +Channel set information +. + + + +; +;////////////////////////////////////////////////////////////////////////////// +;// // +;// // +;// Security Acount Manager Object Access // +;// names as we would like them // +;// displayed for auditing // +;// // +;// SAM objects are: // +;// // +;// SAM_SERVER // +;// SAM_DOMAIN // +;// SAM_GROUP // +;// SAM_ALIAS // +;// SAM_USER // +;// // +;// // +;// // +;////////////////////////////////////////////////////////////////////////////// + + + + + + +;// +;// SAM_SERVER object-specific access types +;// + +MessageId=0x1500 + SymbolicName=MS_SAM_SERVER_ACCESS_BIT_0 + Language=English +ConnectToServer +. +MessageId=0x1501 + SymbolicName=MS_SAM_SERVER_ACCESS_BIT_1 + Language=English +ShutdownServer +. +MessageId=0x1502 + SymbolicName=MS_SAM_SERVER_ACCESS_BIT_2 + Language=English +InitializeServer +. +MessageId=0x1503 + SymbolicName=MS_SAM_SERVER_ACCESS_BIT_3 + Language=English +CreateDomain +. +MessageId=0x1504 + SymbolicName=MS_SAM_SERVER_ACCESS_BIT_4 + Language=English +EnumerateDomains +. +MessageId=0x1505 + SymbolicName=MS_SAM_SERVER_ACCESS_BIT_5 + Language=English +LookupDomain +. + + + + +;// +;// SAM_DOMAIN object-specific access types +;// + +MessageId=0x1510 + SymbolicName=MS_SAM_DOMAIN_ACCESS_BIT_0 + Language=English +ReadPasswordParameters +. +MessageId=0x1511 + SymbolicName=MS_SAM_DOMAIN_ACCESS_BIT_1 + Language=English +WritePasswordParameters +. +MessageId=0x1512 + SymbolicName=MS_SAM_DOMAIN_ACCESS_BIT_2 + Language=English +ReadOtherParameters +. +MessageId=0x1513 + SymbolicName=MS_SAM_DOMAIN_ACCESS_BIT_3 + Language=English +WriteOtherParameters +. +MessageId=0x1514 + SymbolicName=MS_SAM_DOMAIN_ACCESS_BIT_4 + Language=English +CreateUser +. +MessageId=0x1515 + SymbolicName=MS_SAM_DOMAIN_ACCESS_BIT_5 + Language=English +CreateGlobalGroup +. +MessageId=0x1516 + SymbolicName=MS_SAM_DOMAIN_ACCESS_BIT_6 + Language=English +CreateLocalGroup +. +MessageId=0x1517 + SymbolicName=MS_SAM_DOMAIN_ACCESS_BIT_7 + Language=English +GetLocalGroupMembership +. +MessageId=0x1518 + SymbolicName=MS_SAM_DOMAIN_ACCESS_BIT_8 + Language=English +ListAccounts +. +MessageId=0x1519 + SymbolicName=MS_SAM_DOMAIN_ACCESS_BIT_9 + Language=English +LookupIDs +. +MessageId=0x151A + SymbolicName=MS_SAM_DOMAIN_ACCESS_BIT_A + Language=English +AdministerServer +. + + + + +;// +;// SAM_GROUP (global) object-specific access types +;// + +MessageId=0x1520 + SymbolicName=MS_SAM_GLOBAL_GRP_ACCESS_BIT_0 + Language=English +ReadInformation +. +MessageId=0x1521 + SymbolicName=MS_SAM_GLOBAL_GRP_ACCESS_BIT_1 + Language=English +WriteAccount +. +MessageId=0x1522 + SymbolicName=MS_SAM_GLOBAL_GRP_ACCESS_BIT_2 + Language=English +AddMember +. +MessageId=0x1523 + SymbolicName=MS_SAM_GLOBAL_GRP_ACCESS_BIT_3 + Language=English +RemoveMember +. +MessageId=0x1524 + SymbolicName=MS_SAM_GLOBAL_GRP_ACCESS_BIT_4 + Language=English +ListMembers +. + + + + +;// +;// SAM_ALIAS (local group) object-specific access types +;// + +MessageId=0x1530 + SymbolicName=MS_SAM_LOCAL_GRP_ACCESS_BIT_0 + Language=English +AddMember +. +MessageId=0x1531 + SymbolicName=MS_SAM_LOCAL_GRP_ACCESS_BIT_1 + Language=English +RemoveMember +. +MessageId=0x1532 + SymbolicName=MS_SAM_LOCAL_GRP_ACCESS_BIT_2 + Language=English +ListMembers +. +MessageId=0x1533 + SymbolicName=MS_SAM_LOCAL_GRP_ACCESS_BIT_3 + Language=English +ReadInformation +. +MessageId=0x1534 + SymbolicName=MS_SAM_LOCAL_GRP_ACCESS_BIT_4 + Language=English +WriteAccount +. + + + + +;// +;// SAM_USER object-specific access types +;// + +MessageId=0x1540 + SymbolicName=MS_SAM_USER_ACCESS_BIT_0 + Language=English +ReadGeneralInformation +. +MessageId=0x1541 + SymbolicName=MS_SAM_USER_ACCESS_BIT_1 + Language=English +ReadPreferences +. +MessageId=0x1542 + SymbolicName=MS_SAM_USER_ACCESS_BIT_2 + Language=English +WritePreferences +. +MessageId=0x1543 + SymbolicName=MS_SAM_USER_ACCESS_BIT_3 + Language=English +ReadLogon +. +MessageId=0x1544 + SymbolicName=MS_SAM_USER_ACCESS_BIT_4 + Language=English +ReadAccount +. +MessageId=0x1545 + SymbolicName=MS_SAM_USER_ACCESS_BIT_5 + Language=English +WriteAccount +. +MessageId=0x1546 + SymbolicName=MS_SAM_USER_ACCESS_BIT_6 + Language=English +ChangePassword (with knowledge of old password) +. +MessageId=0x1547 + SymbolicName=MS_SAM_USER_ACCESS_BIT_7 + Language=English +SetPassword (without knowledge of old password) +. +MessageId=0x1548 + SymbolicName=MS_SAM_USER_ACCESS_BIT_8 + Language=English +ListGroups +. +MessageId=0x1549 + SymbolicName=MS_SAM_USER_ACCESS_BIT_9 + Language=English +ReadGroupMembership +. +MessageId=0x154A + SymbolicName=MS_SAM_USER_ACCESS_BIT_A + Language=English +ChangeGroupMembership +. + + + + + +; +;////////////////////////////////////////////////////////////////////////////// +;// // +;// // +;// Local Security Authority Object Access // +;// names as we would like them // +;// displayed for auditing // +;// // +;// LSA objects are: // +;// // +;// PolicyObject // +;// SecretObject // +;// TrustedDomainObject // +;// UserAccountObject // +;// // +;// // +;// // +;////////////////////////////////////////////////////////////////////////////// + + + +;// +;// lsa POLICY object-specific access types +;// + +MessageId=0x1600 + SymbolicName=MS_LSA_POLICY_ACCESS_BIT_0 + Language=English +View non-sensitive policy information +. +MessageId=0x1601 + SymbolicName=MS_LSA_POLICY_ACCESS_BIT_1 + Language=English +View system audit requirements +. +MessageId=0x1602 + SymbolicName=MS_LSA_POLICY_ACCESS_BIT_2 + Language=English +Get sensitive policy information +. +MessageId=0x1603 + SymbolicName=MS_LSA_POLICY_ACCESS_BIT_3 + Language=English +Modify domain trust relationships +. +MessageId=0x1604 + SymbolicName=MS_LSA_POLICY_ACCESS_BIT_4 + Language=English +Create special accounts (for assignment of user rights) +. +MessageId=0x1605 + SymbolicName=MS_LSA_POLICY_ACCESS_BIT_5 + Language=English +Create a secret object +. +MessageId=0x1606 + SymbolicName=MS_LSA_POLICY_ACCESS_BIT_6 + Language=English +Create a privilege +. +MessageId=0x1607 + SymbolicName=MS_LSA_POLICY_ACCESS_BIT_7 + Language=English +Set default quota limits +. +MessageId=0x1608 + SymbolicName=MS_LSA_POLICY_ACCESS_BIT_8 + Language=English +Change system audit requirements +. +MessageId=0x1609 + SymbolicName=MS_LSA_POLICY_ACCESS_BIT_9 + Language=English +Administer audit log attributes +. +MessageId=0x160A + SymbolicName=MS_LSA_POLICY_ACCESS_BIT_A + Language=English +Enable/Disable LSA +. +MessageId=0x160B + SymbolicName=MS_LSA_POLICY_ACCESS_BIT_B + Language=English +Lookup Names/SIDs +. + + +;// +;// lsa SecretObject object-specific access types +;// + +MessageId=0x1610 + SymbolicName=MS_LSA_SECRET_ACCESS_BIT_0 + Language=English +Change secret value +. +MessageId=0x1611 + SymbolicName=MS_LSA_SECRET_ACCESS_BIT_1 + Language=English +Query secret value +. + + + + +;// +;// lsa TrustedDomainObject object-specific access types +;// + +MessageId=0x1620 + SymbolicName=MS_LSA_TRUST_ACCESS_BIT_0 + Language=English +Query trusted domain name/SID +. +MessageId=0x1621 + SymbolicName=MS_LSA_TRUST_ACCESS_BIT_1 + Language=English +Retrieve the controllers in the trusted domain +. +MessageId=0x1622 + SymbolicName=MS_LSA_TRUST_ACCESS_BIT_2 + Language=English +Change the controllers in the trusted domain +. +MessageId=0x1623 + SymbolicName=MS_LSA_TRUST_ACCESS_BIT_3 + Language=English +Query the Posix ID offset assigned to the trusted domain +. +MessageId=0x1624 + SymbolicName=MS_LSA_TRUST_ACCESS_BIT_4 + Language=English +Change the Posix ID offset assigned to the trusted domain +. + + + + +;// +;// lsa UserAccount (privileged account) object-specific access types +;// + +MessageId=0x1630 + SymbolicName=MS_LSA_ACCOUNT_ACCESS_BIT_0 + Language=English +Query account information +. +MessageId=0x1631 + SymbolicName=MS_LSA_ACCOUNT_ACCESS_BIT_1 + Language=English +Change privileges assigned to account +. +MessageId=0x1632 + SymbolicName=MS_LSA_ACCOUNT_ACCESS_BIT_2 + Language=English +Change quotas assigned to account +. +MessageId=0x1633 + SymbolicName=MS_LSA_ACCOUNT_ACCESS_BIT_3 + Language=English +Change logon capabilities assigned to account +. + + + + +; +;////////////////////////////////////////////////////////////////////////////// +;// // +;// // +;// Window Station Object Access // +;// names as we would like them // +;// displayed for auditing // +;// // +;// Window Station objects are: // +;// // +;// WindowStation // +;// Desktop // +;// // +;// // +;// // +;////////////////////////////////////////////////////////////////////////////// + + + +;// +;// WINDOW_STATION object-specific access types +;// + +MessageId=0x1A00 + SymbolicName=MS_WIN_STA_ACCESS_BIT_0 + Language=English +Enumerate desktops +. + +MessageId=0x1A01 + SymbolicName=MS_WIN_STA_ACCESS_BIT_1 + Language=English +Read attributes +. + +MessageId=0x1A02 + SymbolicName=MS_WIN_STA_ACCESS_BIT_2 + Language=English +Access Clipboard +. + +MessageId=0x1A03 + SymbolicName=MS_WIN_STA_ACCESS_BIT_3 + Language=English +Create desktop +. + +MessageId=0x1A04 + SymbolicName=MS_WIN_STA_ACCESS_BIT_4 + Language=English +Write attributes +. + +MessageId=0x1A05 + SymbolicName=MS_WIN_STA_ACCESS_BIT_5 + Language=English +Access global atoms +. + +MessageId=0x1A06 + SymbolicName=MS_WIN_STA_ACCESS_BIT_6 + Language=English +Exit windows +. + +MessageId=0x1A07 + SymbolicName=MS_WIN_STA_ACCESS_BIT_7 + Language=English +Unused Access Flag +. + +MessageId=0x1A08 + SymbolicName=MS_WIN_STA_ACCESS_BIT_8 + Language=English +Include this windowstation in enumerations +. + +MessageId=0x1A09 + SymbolicName=MS_WIN_STA_ACCESS_BIT_9 + Language=English +Read screen +. + + + +;// +;// DESKTOP object-specific access types +;// + +MessageId=0x1A10 + SymbolicName=MS_DESKTOP_ACCESS_BIT_0 + Language=English +Read Objects +. + +MessageId=0x1A11 + SymbolicName=MS_DESKTOP_ACCESS_BIT_1 + Language=English +Create window +. + +MessageId=0x1A12 + SymbolicName=MS_DESKTOP_ACCESS_BIT_2 + Language=English +Create menu +. + +MessageId=0x1A13 + SymbolicName=MS_DESKTOP_ACCESS_BIT_3 + Language=English +Hook control +. + +MessageId=0x1A14 + SymbolicName=MS_DESKTOP_ACCESS_BIT_4 + Language=English +Journal (record) +. + +MessageId=0x1A15 + SymbolicName=MS_DESKTOP_ACCESS_BIT_5 + Language=English +Journal (playback) +. + +MessageId=0x1A16 + SymbolicName=MS_DESKTOP_ACCESS_BIT_6 + Language=English +Include this desktop in enumerations +. + +MessageId=0x1A17 + SymbolicName=MS_DESKTOP_ACCESS_BIT_7 + Language=English +Write objects +. + +MessageId=0x1A18 + SymbolicName=MS_DESKTOP_ACCESS_BIT_8 + Language=English +Switch to this desktop +. + + + +; +;////////////////////////////////////////////////////////////////////////////// +;// // +;// // +;// Print Server Object Access // +;// names as we would like them // +;// displayed for auditing // +;// // +;// Print Server objects are: // +;// // +;// Server // +;// Printer // +;// Document // +;// // +;// // +;////////////////////////////////////////////////////////////////////////////// + + + +;// +;// print-server SERVER object-specific access types +;// + +MessageId=0x1B00 + SymbolicName=MS_PRINT_SERVER_ACCESS_BIT_0 + Language=English +Administer print server +. + +MessageId=0x1B01 + SymbolicName=MS_PRINT_SERVER_ACCESS_BIT_1 + Language=English +Enumerate printers +. + +;// +;// print-server PRINTER object-specific access types +;// +;// Note that these are based at 0x1B10, but the first +;// two bits aren't defined. +;// + +MessageId=0x1B12 + SymbolicName=MS_PRINTER_ACCESS_BIT_0 + Language=English +Full Control +. + +MessageId=0x1B13 + SymbolicName=MS_PRINTER_ACCESS_BIT_1 + Language=English +Print +. + +;// +;// print-server DOCUMENT object-specific access types +;// +;// Note that these are based at 0x1B20, but the first +;// four bits aren't defined. + +MessageId=0x1B14 + SymbolicName=MS_PRINTER_DOC_ACCESS_BIT_0 + Language=English +Administer Document +. + + + +; +;////////////////////////////////////////////////////////////////////////////// +;// // +;// // +;// Service Controller Object Access // +;// names as we would like them // +;// displayed for auditing // +;// // +;// Service Controller objects are: // +;// // +;// SC_MANAGER Object // +;// SERVICE Object // +;// // +;// // +;////////////////////////////////////////////////////////////////////////////// + + + + +;// +;// SERVICE CONTROLLER "SC_MANAGER Object" object-specific access types +;// + +MessageId=0x1C00 + SymbolicName=MS_SC_MANAGER_ACCESS_BIT_0 + Language=English +Connect to service controller +. + +MessageId=0x1C01 + SymbolicName=MS_SC_MANAGER_ACCESS_BIT_1 + Language=English +Create a new service +. + +MessageId=0x1C02 + SymbolicName=MS_SC_MANAGER_ACCESS_BIT_2 + Language=English +Enumerate services +. + +MessageId=0x1C03 + SymbolicName=MS_SC_MANAGER_ACCESS_BIT_3 + Language=English +Lock service database for exclusive access +. + +MessageId=0x1C04 + SymbolicName=MS_SC_MANAGER_ACCESS_BIT_4 + Language=English +Query service database lock state +. + +MessageId=0x1C05 + SymbolicName=MS_SC_MANAGER_ACCESS_BIT_5 + Language=English +Set last-known-good state of service database +. + + +;// +;// SERVICE CONTROLLER "SERVICE Object" object-specific access types +;// + +MessageId=0x1C10 + SymbolicName=MS_SC_SERVICE_ACCESS_BIT_0 + Language=English +Query service configuration information +. + +MessageId=0x1C11 + SymbolicName=MS_SC_SERVICE_ACCESS_BIT_1 + Language=English +Set service configuration information +. + +MessageId=0x1C12 + SymbolicName=MS_SC_SERVICE_ACCESS_BIT_2 + Language=English +Query status of service +. + +MessageId=0x1C13 + SymbolicName=MS_SC_SERVICE_ACCESS_BIT_3 + Language=English +Enumerate dependencies of service +. + +MessageId=0x1C14 + SymbolicName=MS_SC_SERVICE_ACCESS_BIT_4 + Language=English +Start the service +. + +MessageId=0x1C15 + SymbolicName=MS_SC_SERVICE_ACCESS_BIT_5 + Language=English +Stop the service +. + +MessageId=0x1C16 + SymbolicName=MS_SC_SERVICE_ACCESS_BIT_6 + Language=English +Pause or continue the service +. + +MessageId=0x1C17 + SymbolicName=MS_SC_SERVICE_ACCESS_BIT_7 + Language=English +Query information from service +. + +MessageId=0x1C18 + SymbolicName=MS_SC_SERVICE_ACCESS_BIT_8 + Language=English +Issue service-specific control commands +. + + + + +; +;////////////////////////////////////////////////////////////////////////////// +;// // +;// // +;// NetDDE Object Access // +;// names as we would like them // +;// displayed for auditing // +;// // +;// NetDDE objects are: // +;// // +;// DDE Share // +;// // +;// // +;////////////////////////////////////////////////////////////////////////////// + + +;// +;// Net DDE object-specific access types +;// + + +;// +;// DDE Share object-specific access types +;// + +MessageId=0x1D00 + SymbolicName=MS_DDE_SHARE_ACCESS_BIT_0 + Language=English +DDE Share Read +. + +MessageId=0x1D01 + SymbolicName=MS_DDE_SHARE_ACCESS_BIT_1 + Language=English +DDE Share Write +. + +MessageId=0x1D02 + SymbolicName=MS_DDE_SHARE_ACCESS_BIT_2 + Language=English +DDE Share Initiate Static +. + +MessageId=0x1D03 + SymbolicName=MS_DDE_SHARE_ACCESS_BIT_3 + Language=English +DDE Share Initiate Link +. + +MessageId=0x1D04 + SymbolicName=MS_DDE_SHARE_ACCESS_BIT_4 + Language=English +DDE Share Request +. + +MessageId=0x1D05 + SymbolicName=MS_DDE_SHARE_ACCESS_BIT_5 + Language=English +DDE Share Advise +. + +MessageId=0x1D06 + SymbolicName=MS_DDE_SHARE_ACCESS_BIT_6 + Language=English +DDE Share Poke +. + +MessageId=0x1D07 + SymbolicName=MS_DDE_SHARE_ACCESS_BIT_7 + Language=English +DDE Share Execute +. + +MessageId=0x1D08 + SymbolicName=MS_DDE_SHARE_ACCESS_BIT_8 + Language=English +DDE Share Add Items +. + +MessageId=0x1D09 + SymbolicName=MS_DDE_SHARE_ACCESS_BIT_9 + Language=English +DDE Share List Items +. + + + + +;/*lint +e767 */ // Resume checking for different macro definitions // winnt +; +; +;#endif // _MSOBJS_ diff --git a/private/ntos/seaudit/msobjs/sources b/private/ntos/seaudit/msobjs/sources new file mode 100644 index 000000000..5e38a08d5 --- /dev/null +++ b/private/ntos/seaudit/msobjs/sources @@ -0,0 +1,41 @@ +!IF 0 + +Copyright (c) 1989 Microsoft Corporation + +Module Name: + + sources. + +Abstract: + + This file specifies the target component being built and the list of + sources files needed to build that component. Also specifies optional + compiler switches and libraries that are unique for the component being + built. + + +Author: + + Steve Wood (stevewo) 12-Apr-1990 + +NOTE: Commented description of this file is in \nt\bak\bin\sources.tpl + +!ENDIF + +MAJORCOMP=ntos +MINORCOMP=msobjs + +TARGETNAME=msobjs +TARGETPATH=\nt\public\sdk\lib + +TARGETLIBS= + +TARGETTYPE=DYNLINK + +INCLUDES=. + +SOURCES= audit.rc + +UMLIBS= + +NTTARGETFILE0=audit.rc |