我试图改变一个文件夹的审计设置。当我在不同的机器上testing我的代码时,我发现SetNamedSecurityInfo调用重新启动系统。这发生在一些机器上。一个popup窗口产生“ Windows遇到安全问题,将在一分钟后重启 “。我无法弄清楚原因。任何帮助将不胜感激!
HANDLE hProcess = GetCurrentProcess(); HANDLE hToken; DWORD val; BOOL result; result = OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES, &hToken); if (result == 0) { printf("\nBreak After open process"); return 0; } else{ printf("\ncontinue after open process"); } // Used for reading SACL's result = SetPrivilege(hToken, SE_SECURITY_NAME, TRUE); if (result == 0) { printf("\nBreak After setprivilege"); return 0; } else{ printf("\ncontinue after open process"); } CloseHandle(hToken); retval = GetNamedSecurityInfo(file, SE_FILE_OBJECT, SACL_SECURITY_INFORMATION, &owner, NULL, NULL, &sacl, &psd); if(retval != 0) { wcout << "GetNamedSecurityInfo failed with error: " << retval << endl; return -1; } printf("\nBuilt trust successfully before"); BuildTrusteeWithSid(ptrust,psd); printf("\nBuilt trust successfully"); printf("\ntrying to modify ..."); EXPLICIT_ACCESS ea; PACL pNewSACL = NULL; ACCESS_MODE AccessMode = SET_AUDIT_SUCCESS; //SET_AUDIT_SUCCESS, SET_AUDIT_FAILURE DWORD dwAccessRights = 0X410D0060; DWORD dwInheritance = CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE; ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS)); ea.grfAccessPermissions = dwAccessRights; ea.grfAccessMode = SET_AUDIT_SUCCESS; ea.grfInheritance = dwInheritance; ea.Trustee = *(ptrust); DWORD dwRes = SetEntriesInAcl(1, &ea, sacl, &pNewSACL); if(dwRes != ERROR_SUCCESS) { printf("SetEntriesInAcl() error %u\n", dwRes); } else { printf("SetEntriesInAcl() is OK\n"); } dwRes = SetNamedSecurityInfo(file, SE_FILE_OBJECT, SACL_SECURITY_INFORMATION, NULL, NULL, NULL, pNewSACL); if(dwRes != ERROR_SUCCESS) { printf("SetNamedSecurityInfo() error %u\n", dwRes); } else printf("SetNamedSecurityInfo() is OK\n\n"); LocalFree(psd); 如果系统无法记录安全审计,则有一个全局策略条目来控制关闭。
请参阅:“计算机配置\ Windows设置\本地策略\安全选项”“审核:如果无法记录安全审核立即关闭系统”
这可能与以下情况相结合发生:
“计算机配置\ Windows设置\本地策略\安全选项”“审计:审计全局系统对象的访问”