Re: LsaRegisterPolicyChangeNotification() only fires at 5 minute intervals?
From: Chuck Chopp (ChuckChopp_at_rtfmcsi.com)
Date: 09/29/05
- Previous message: Rhett Gong [MSFT]: "RE: AcquireCredentialsHandle returns with SEC_E_INTERNAL_ERROR"
- In reply to: Rhett Gong [MSFT]: "Re: LsaRegisterPolicyChangeNotification() only fires at 5 minute intervals?"
- Next in thread: Rhett Gong [MSFT]: "Re: LsaRegisterPolicyChangeNotification() only fires at 5 minute intervals?"
- Reply: Rhett Gong [MSFT]: "Re: LsaRegisterPolicyChangeNotification() only fires at 5 minute intervals?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 Sep 2005 21:42:38 -0400
Rhett Gong [MSFT] wrote:
> Thanks for your update.
>
> If you could reproduce the problem in a non-DC machine, please post a simple repro code and steps so that I can test and
> debug to see what happens.
I set up a non-DC Win2K3 SP1 system as a workgroup server today and tested
my code on it. It responds immediately to auditing policy changes in terms
of when the notifications are delivered. However, as soon as I promote the
server to be a DC in an AD tree, changes to the domain controller's auditing
policy result in notifications only being delivered at 5 minute intervals.
Something is broken on Win2K3 in term of policy change notifications when
the server is a DC.
Here's the code that I'm using, and it is compiled as UNICODE in Visual
C/C++ v7 [VStudio .NET 2003].
DWORD dwResult;
BOOL bDone = FALSE;
HANDLE hAuditChangeEvent = NULL;
NTSTATUS ntsResult = 0;
DWORD dwRetVal = 0;
OutputDebugString(TEXT("AuditPolicyMonitor() thread starting.\n"));
// Enable event-based notification of audit policy changes.
hAuditChangeEvent = CreateEvent(NULL,FALSE,FALSE,NULL);
if (!hAuditChangeEvent)
{
OutputDebugString(TEXT("AuditPolicyMonitor() - Failed to create the
audit change event. Thread exiting.\n"));
return -1;
}
ntsResult =
LsaRegisterPolicyChangeNotification(PolicyNotifyAuditEventsInformation,hAuditChangeEvent);
if (STATUS_SUCCESS != ntsResult)
{
OutputDebugString(TEXT("AuditPolicyMonitor() - Failed to register the
audit change event with the LSA. Thread exiting.\n"));
CloseHandle(hAuditChangeEvent);
return -1;
}
while(!bDone)
{
dwResult = WaitForSingleObject(hAuditChangeEvent,INFINITE);
switch (dwResult)
{
case WAIT_OBJECT_0:
OutputDebugString(TEXT("AuditPolicyMonitor() - Audit policy change
detected.\n"));
break;
default:
OutputDebugString(TEXT("AuditPolicyMonitor() - Error waiting for
event\n"));
bDone = TRUE;
break;
}
}
ntsResult =
LsaUnregisterPolicyChangeNotification(PolicyNotifyAuditEventsInformation,hAuditChangeEvent);
CloseHandle(hAuditChangeEvent);
OutputDebugString(TEXT("AuditPolicyMonitor() thread exiting.\n"));
return dwRetVal;
-- Chuck Chopp ChuckChopp (at) rtfmcsi (dot) com http://www.rtfmcsi.com RTFM Consulting Services Inc. 864 801 2795 voice & voicemail 103 Autumn Hill Road 864 801 2774 fax Greer, SC 29651 "Racing to save lives" The Leukemia & Lymphoma Society - Team in Training http://www.active.com/donate/tntsc/tntscCChopp Do not send me unsolicited commercial email.
- Previous message: Rhett Gong [MSFT]: "RE: AcquireCredentialsHandle returns with SEC_E_INTERNAL_ERROR"
- In reply to: Rhett Gong [MSFT]: "Re: LsaRegisterPolicyChangeNotification() only fires at 5 minute intervals?"
- Next in thread: Rhett Gong [MSFT]: "Re: LsaRegisterPolicyChangeNotification() only fires at 5 minute intervals?"
- Reply: Rhett Gong [MSFT]: "Re: LsaRegisterPolicyChangeNotification() only fires at 5 minute intervals?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
