LSA_AUDIT_LOGON callback function (ntsecpkg.h)
The AuditLogon function is used to audit a logon attempt.
Syntax
LSA_AUDIT_LOGON LsaAuditLogon;
void LsaAuditLogon(
[in] NTSTATUS Status,
[in] NTSTATUS SubStatus,
[in] PUNICODE_STRING AccountName,
[in] PUNICODE_STRING AuthenticatingAuthority,
[in] PUNICODE_STRING WorkstationName,
[in, optional] PSID UserSid,
[in] SECURITY_LOGON_TYPE LogonType,
[in] PTOKEN_SOURCE TokenSource,
[in] PLUID LogonId
)
{...}
Parameters
[in] Status
Status of the logon attempt.
[in] SubStatus
Additional status information for the logon attempt.
[in] AccountName
Pointer to a UNICODE_STRING that contains the account name used in the logon attempt.
[in] AuthenticatingAuthority
Pointer to a UNICODE_STRING that contains the name of the authority that authenticated the logon, normally the operating system domain name.
[in] WorkstationName
Pointer to a UNICODE_STRING that contains the name of the workstation used to attempt the logon.
[in, optional] UserSid
Pointer to the SID of the security principal attempting to logon.
[in] LogonType
A SECURITY_LOGON_TYPE value indicating the type of logon.
[in] TokenSource
Pointer to a TOKEN_SOURCE structure that specifies the source for the user token. This value must include the package name.
[in] LogonId
Pointer to the logon session identifier. LogonId is valid only if the logon attempt was successful.
Return value
None
Remarks
A pointer to the AuditLogon function is available in the LSA_SECPKG_FUNCTION_TABLE structure received by the SpInitialize function.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows XP [desktop apps only] |
| Minimum supported server | Windows Server 2003 [desktop apps only] |
| Target Platform | Windows |
| Header | ntsecpkg.h |