Win32_LogicalFileAuditing class

The Win32_LogicalFileAuditing association WMI class relates the security settings of a file or directory and one member of its system access control list (SACL). You cannot enumerate this class.

The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties.

Syntax

[Dynamic, Provider("SECRCW32"), UUID("{FCC86599-DB20-11d2-85FC-0000F8102E5F}"), AMENDMENT]
class Win32_LogicalFileAuditing : Win32_SecuritySettingAuditing
{
  uint32                               AuditedAccessMask;
  string                               GuidInheritedObjectType;
  string                               GuidObjectType;
  uint32                               Inheritance;
  uint32                               Type;
  Win32_LogicalFileSecuritySetting REF SecuritySetting;
  Win32_SID                        REF Trustee;
};

Members

The Win32_LogicalFileAuditing class has these types of members:

Properties

The Win32_LogicalFileAuditing class has these properties.

AuditedAccessMask

Data type: uint32

Access type: Read-only

Bit flags specifying what activities are audited.

This property is inherited from Win32_SecuritySettingAuditing.

FILE_LIST_DIRECTORY (0)

Grants the right to read data from the file. For a directory, this value grants the right to list the contents of the directory.

FILE_ADD_FILE (1)

Grants the right to write data to the file. For a directory, this value grants the right to create a file in the directory.

FILE_ADD_SUBDIRECTORY (2)

Grants the right to append data to the file. For a directory, this value grants the right to create a subdirectory.

FILE_READ_EA (3)

Grants the right to read extended attributes.

FILE_WRITE_EA (4)

Grants the right to write extended attributes.

FILE_TRAVERSE (5)

Grants the right to execute a file. For a directory, the directory can be traversed.

FILE_DELETE_CHILD (6)

Grants the right to delete a directory and all of the files it contains (its children), even if the files are read-only.

FILE_READ_ATTRIBUTES (7)

Grants the right to read file attributes.

FILE_WRITE_ATTRIBUTES (8)

Grants the right to change file attributes.

DELETE (16)

Grants delete access.

READ_CONTROL (17)

Grants read access to the security descriptor and owner.

WRITE_DAC (18)

Grants write access to the discretionary access control list (DACL).

WRITE_OWNER (19)

Assigns the write owner.

SYNCHRONIZE (20)

Synchronizes access and allows a process to wait for an object to enter the signaled state.

GuidInheritedObjectType

Data type: string

Access type: Read-only

GUID of the type of object from which this object inherits.

This property is inherited from Win32_SecuritySettingAuditing.

GuidObjectType

Data type: string

Access type: Read-only

GUID of the type of object to which the security settings are applied.

This property is inherited from Win32_SecuritySettingAuditing.

Inheritance

Data type: uint32

Access type: Read-only

Bit flags specifying how the audit policies are inherited.

This property is inherited from Win32_SecuritySettingAuditing.

SecuritySetting

Data type: Win32_LogicalFileSecuritySetting

Access type: Read-only

Qualifiers: Override ("SecuritySetting")

Reference to the instance representing the security settings of the file or directory object. This property cannot be enumerated.

Trustee

Data type: Win32_SID

Access type: Read-only

Qualifiers: Override ("Trustee")

Reference to the instance representing the entry on the object's SACL.

Type

Data type: uint32

Access type: Read-only

Type of access specified for the trustee.

This property is inherited from Win32_SecuritySettingAuditing.

Audit success (0)

Audit failure (1)

Remarks

The Win32_LogicalFileAuditing class is derived from Win32_SecuritySettingAuditing.

Requirements

Minimum supported client
Windows Vista
Minimum supported server
Windows Server 2008
Namespace
Root\CIMV2
MOF
Secrcw32.mof
DLL
CIMWin32.dll

See also

Win32_SecuritySettingAuditing

Operating System Classes

WMI Security Descriptor Objects