API Reference

Class

AuditPolicyCollector

Edit on GitHub

Namespace ADPlayground.DomainControllers

Assembly ADPlayground

Source ADPlayground/DomainControllers/AuditPolicyCollector.cs:66

Modifiers static

Centralized reader for effective Advanced Audit Policy on domain controllers (local or remote).

Inheritance

Object
AuditPolicyCollector

Methods

public static IReadOnlyList<AuditSubcategoryLevel> Get(String host, Boolean adjustRegistryAcl = false, Boolean includeNativeLocal = true, AuditPolicySelectionMode mode = PriorityFirst, IReadOnlyList<AuditPolicySourceKind> priorityOrder = null, Boolean includeTransportDiagnostics = false)

ADPlayground/DomainControllers/AuditPolicyCollector.cs:66

Returns: IReadOnlyList<AuditSubcategoryLevel>

Returns effective audit subcategory levels for the specified host with layered fallbacks and diagnostics.

Parameters

host System.String requiredposition: 0
adjustRegistryAcl System.Boolean = false optionalposition: 1
includeNativeLocal System.Boolean = true optionalposition: 2
mode ADPlayground.DomainControllers.AuditPolicyCollector.AuditPolicySelectionMode = PriorityFirst optionalposition: 3
priorityOrder System.Collections.Generic.IReadOnlyList{ADPlayground.DomainControllers.AuditPolicyCollector.AuditPolicySourceKind} = null optionalposition: 4
includeTransportDiagnostics System.Boolean = false optionalposition: 5

public static List<AuditSubcategorySetting> GetViaAuditPol(String host, out String error) #

ADPlayground/DomainControllers/AuditPolicyCollector.cs:340

Returns: List<AuditSubcategorySetting>

Reads audit policy via auditpol.exe (local only) and parses the output.

Parameters

host System.String requiredposition: 0
error System.String@ requiredposition: 1

public static IReadOnlyList<AuditSubcategoryLevel> GetViaAuditPolLevels(String host) #

ADPlayground/DomainControllers/AuditPolicyCollector.cs:431

Returns: IReadOnlyList<AuditSubcategoryLevel>

auditpol.exe result projected to subcategory/level for convenience.

Parameters

host System.String requiredposition: 0

GetViaAuditPolRemote 2 overloads

public static List<AuditSubcategorySetting> GetViaAuditPolRemote(String host, out String error) #

ADPlayground/DomainControllers/AuditPolicyCollector.cs:470

Returns: List<AuditSubcategorySetting>

Uses PowerShell remoting to run auditpol on a remote host and parse the output.

Parameters

host System.String requiredposition: 0
error System.String@ requiredposition: 1

public static List<AuditSubcategorySetting> GetViaAuditPolRemote(String host, RemotePowerShellTransportOptions options, out String error)

ADPlayground/DomainControllers/AuditPolicyCollector.cs:481

Returns: List<AuditSubcategorySetting>

Uses PowerShell remoting to run auditpol on a remote host and parse the output.

Parameters

host System.String requiredposition: 0
options ComputerX.Remote.RemotePowerShellTransportOptions requiredposition: 1
error System.String@ requiredposition: 2

GetViaNativeRemote 2 overloads

public static List<AuditSubcategorySetting> GetViaNativeRemote(String host, out String error) #

ADPlayground/DomainControllers/AuditPolicyCollector.cs:293

Returns: List<AuditSubcategorySetting>

Reads audit policy through the native API on the remote host via the shared WinRM transport.

Parameters

host System.String requiredposition: 0
error System.String@ requiredposition: 1

public static List<AuditSubcategorySetting> GetViaNativeRemote(String host, RemotePowerShellTransportOptions options, out String error)

ADPlayground/DomainControllers/AuditPolicyCollector.cs:304

Returns: List<AuditSubcategorySetting>

Reads audit policy through the native API on the remote host via the shared WinRM transport.

Parameters

host System.String requiredposition: 0
options ComputerX.Remote.RemotePowerShellTransportOptions requiredposition: 1
error System.String@ requiredposition: 2

public static IReadOnlyList<AuditSubcategoryLevel> GetViaSource(String host, AuditPolicySource source) #

ADPlayground/DomainControllers/AuditPolicyCollector.cs:284

Returns: IReadOnlyList<AuditSubcategoryLevel>

Returns audit subcategories for a specific source without fallback.

Parameters

host System.String requiredposition: 0
source ComputerX.Audit.AuditPolicySource requiredposition: 1

SafeGetRegistry(System.String arg1, System.Collections.Generic.List{ADPlayground.DomainControllers.AuditSubcategoryLevel} arg2, System.Boolean arg3)

Registry read with structured diagnostics.

Parameters

arg1 System.String required
arg2 System.Collections.Generic.List{ADPlayground.DomainControllers.AuditSubcategoryLevel} required
arg3 System.Boolean required

Inheritance

Methods

Parameters

Parameters

Parameters

Parameters

Parameters

Parameters

Parameters

Parameters

Parameters

Inherited Methods

Parameters