TestimoX

API Reference

Class

AuditPolicyReader

Edit on GitHub
Namespace ADPlayground.Gpo
Assembly ADPlayground
Source ADPlayground/Gpo/AuditPolicy/AuditPolicyReader.cs:21
Modifiers static

Parses audit policy settings from GPO artifacts.

Inheritance

  • Object
  • AuditPolicyReader

Methods

public static IReadOnlyList<AuditPolicyEntry> FromInf(String gpoSysvolPath) #
ADPlayground/Gpo/AuditPolicy/AuditPolicyReader.cs:21
Returns: IReadOnlyList<AuditPolicyEntry>

Reads legacy (basic) audit policy from the GptTmpl.inf file under a GPO SYSVOL path.

Parameters

gpoSysvolPath System.String requiredposition: 0
Path to the GPO root inside SYSVOL.

Returns

List of basic AuditPolicyEntry rows; empty when policy not set.

public static IReadOnlyList<AuditPolicyEntry> FromPol(PolFile pol) #
ADPlayground/Gpo/AuditPolicy/AuditPolicyReader.cs:51
Returns: IReadOnlyList<AuditPolicyEntry>

Reads advanced audit policy from a parsed registry.pol (PolFile) under Software\Policies\Microsoft\Windows\Audit.

Parameters

pol ADPlayground.Gpo.GpoLocal.PolFile requiredposition: 0
Parsed registry.pol model for the GPO.

Returns

List of advanced AuditPolicyEntry rows; empty when none found.