AuditOptionsState

Edit on GitHub

Namespace ComputerX.Audit

Assembly ComputerX

Source ComputerX/Updates/WindowsUpdateTelemetry.cs:88

Modifiers sealed

Current values for key Advanced Audit Policy options. Null means “not queried / unchanged”.

Inheritance

Object
AuditOptionsState

Constructors

public AuditOptionsState() #

Inherited Methods

Properties

public Nullable<Boolean> ForceSubcategoryOverride { get; set; } #

ComputerX/Audit/AuditOptionsState.cs:14

Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings. Maps to HKLM\SYSTEM\CurrentControlSet\Control\Lsa\SCENoApplyLegacyAuditPolicy (1 = enabled).

public Nullable<Boolean> AuditBaseObjects { get; set; } #

ComputerX/Audit/AuditOptionsState.cs:20

Audit: Audit the access of global system objects. HKLM\SYSTEM\CurrentControlSet\Control\Lsa\AuditBaseObjects (1 = enabled).

public Nullable<Boolean> AuditBaseDirectories { get; set; } #

ComputerX/Audit/AuditOptionsState.cs:26

Audit: Audit the access of backup and restore privilege on directories. HKLM\SYSTEM\CurrentControlSet\Control\Lsa\AuditBaseDirectories (1 = enabled).

public Nullable<Int32> CrashOnAuditFail { get; set; } #

ComputerX/Audit/AuditOptionsState.cs:33

Audit: Shut down system immediately if unable to log security audits. HKLM\SYSTEM\CurrentControlSet\Control\Lsa\CrashOnAuditFail (0 disabled, 1 legacy, 2 enabled strict). We expose it as an integer to preserve nuance; set to 0 or 2 in most environments.

Inheritance

Constructors

Inherited Methods

Parameters

Properties