接收政策更動事件

LSA 提供函式，當本地系統上的政策發生變更時，您可以用來接收通知。

若要接收通知，請呼叫 CreateEvent 函式來建立新的事件對象，然後呼叫 LsaRegisterPolicyChangeNotification 函式。 然後，您的應用程式可以呼叫 wait 函式，例如 WaitForSingleObject、WaitForSingleObjectEx，或 RegisterWaitForSingleObject 等候事件發生。 等候函式會在事件發生時或逾時期間到期時傳回。 一般而言，通知事件會用於多線程應用程式中，其中一個線程會等候事件，而其他線程則會繼續處理。

當應用程式不再需要接收通知時，它應該呼叫 LsaUnregisterPolicyChangeNotification，然後呼叫 CloseHandle 釋放事件物件句柄。

下列範例示範當系統稽核原則變更時，單個線程應用程式如何接收通知事件。

#include <windows.h>
#include <stdio.h>

void WaitForPolicyChanges()
{
  HANDLE hEvent;
  NTSTATUS ntsResult;
  DWORD dwResult;

  // Create an event object.
  hEvent = CreateEvent( 
    NULL,  // child processes cannot inherit 
    FALSE, // automatically reset event
    FALSE, // start as a nonsignaled event
    NULL   // do not need a name
  );

  // Check that the event was created.
  if (hEvent == NULL) 
  {
    wprintf(L"Event object creation failed: %d\n",GetLastError());
    return;
  }
  // Register to receive auditing policy change notifications.
  ntsResult = LsaRegisterPolicyChangeNotification(
    PolicyNotifyAuditEventsInformation,
    hEvent
  );
  if (STATUS_SUCCESS != ntsResult)
  {
    wprintf(L"LsaRegisterPolicyChangeNotification failed.\n");
    CloseHandle(hEvent);
    return;
  }

  // Wait for the event to be triggered.
  dwResult = WaitForSingleObject( 
    hEvent, // handle to the event object
    300000  // time-out interval, in milliseconds
  );

  // The wait function returned.
  if (dwResult == WAIT_OBJECT_0)
  {  // received the notification signal
    wprintf(L"Notification received.\n");
  } 
  else 
  {  // received a time-out or error
    wprintf(L"Notification was not received.\n");
  }
  // Unregister for notification.
  LsaUnregisterPolicyChangeNotification(
    PolicyNotifyAuditEventsInformation,
    hEvent
  );

  // Free the event handle.
  CloseHandle(hEvent);
}

如需事件物件、等候函式和同步處理的詳細資訊，請參閱使用事件物件 。