Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
EventAccessControl function (evntcons.h)
Adds or modifies the permissions of the specified provider or session.
Syntax
ULONG EVNTAPI EventAccessControl(
[in] LPGUID Guid,
[in] ULONG Operation,
[in] PSID Sid,
[in] ULONG Rights,
[in] BOOLEAN AllowOrDeny
);
Parameters
[in] Guid
GUID that uniquely identifies the provider or session whose permissions you want to add or modify.
[in] Operation
Type of operation to perform, for example, add a DACL to the session's GUID or provider's GUID. For possible values, see the EVENTSECURITYOPERATION enumeration.
[in] Sid
The security identifier (SID) of the user or group to whom you want to grant or deny permissions.
[in] Rights
You can specify one or more of the following permissions:
| Value | Meaning |
|---|---|
|
Allows the user to query information about the trace session. Set this permission on the session's GUID. |
|
Allows the user to start or update a real-time session. Set this permission on the session's GUID. |
|
Allows the user to start or update a session that writes events to a log file. Set this permission on the session's GUID. |
|
Allows the user to enable the provider. Set this permission on the provider's GUID. |
|
Not used. |
|
Allows the user to log events to a trace session if session is running in SECURE mode (the session set the EVENT_TRACE_SECURE_MODE flag in the LogFileMode member of EVENT_TRACE_PROPERTIES). |
|
Allows a user to consume events in real-time. Set this permission on the session's GUID. |
|
Allows the user to register the provider. Set this permission on the provider's GUID. |
[in] AllowOrDeny
If TRUE, grant the user permissions to the session or provider; otherwise, deny permissions. This value is ignored if the value of Operation is EventSecuritySetSACL or EventSecurityAddSACL.
Return value
Returns ERROR_SUCCESS if successful.
Remarks
By default, only the administrator of the computer, users in the Performance Log Users group, and services running as LocalSystem, LocalService, NetworkService can control trace sessions and provide and consume event data. Only users with administrative privileges and services running as LocalSystem can start and control an NT Kernel Logger session.
Windows Server 2003: Only users with administrator privileges can control trace sessions and consume event data; any user can provide event data.
Windows XP and Windows 2000: Any user can control trace sessions and provide and consume event data.
Users with administrator privileges can control trace sessions if the tool that they use to control the session is started from a Command Prompt window that is opened with Run as administrator....
To grant a restricted user the ability to control trace sessions, you can add them to the Performance Log Users group or call this function to grant them permission. For example, you can grant user A permission to start and stop a trace session and grant user B permission to only query the session.
To restrict who can log events to the session, see the TRACELOG_LOG_EVENT permission.
The ACL on the log file determines who can consume event data from the log file. To consume events from a session in real-time, you must grant the user TRACELOG_ACCESS_REALTIME permission or the user must be a member of the Performance Log Users group.
You can also specify the provider's GUID to restrict who can register the provider and who can enable the provider.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Vista [desktop apps only] |
| Minimum supported server | Windows Server 2008 [desktop apps only] |
| Target Platform | Windows |
| Header | evntcons.h |
| Library | Sechost.lib on Windows 8.1 and Windows Server 2012; Sechost.lib on Windows 8.1 and Windows Server 2012 R2; Advapi32.lib on Windows 8, Windows Server 2012, Windows 7, Windows Server 2008 R2, Windows Server 2008 and Windows Vista |
| DLL | Sechost.dll on Windows 8.1 and Windows Server 2012; Advapi32.dll on Windows 8, Windows Server 2012, Windows 7, Windows Server 2008 R2, Windows Server 2008 and Windows Vista |
See also
Feedback
Was this page helpful?