127 lines
2.7 KiB
Plaintext
127 lines
2.7 KiB
Plaintext
//*********************************************
|
|
// *** Active Directory Service Provider: NetLogon
|
|
//*********************************************
|
|
#pragma classflags("forceupdate")
|
|
#pragma namespace ("\\\\.\\Root\\WMI")
|
|
|
|
[Dynamic,
|
|
Description("Active Directory: NetLogon") : amended,
|
|
Guid("{f33959b4-dbec-11d2-895b-00c04f79ab69}"),
|
|
locale("MS\\0x409")]
|
|
class MSNetLogonTrace:EventTrace
|
|
{
|
|
};
|
|
|
|
|
|
[Dynamic,
|
|
Description("NetLogon Server Authentication") : amended,
|
|
Guid("{393da8c0-dbed-11d2-895b-00c04f79ab69}"),
|
|
DisplayName("NlServerAuth"),
|
|
locale("MS\\0x409")
|
|
]
|
|
class NlServerAuth:MSNetLogonTrace
|
|
{
|
|
|
|
};
|
|
|
|
[Dynamic,
|
|
Description("NetLogon Server Authentication") : amended,
|
|
EventType(1),
|
|
EventTypeName("Start"),
|
|
locale("MS\\0x409")
|
|
]
|
|
class NlServerAuth_Start:NlServerAuth
|
|
{
|
|
[WmiDataId(1),
|
|
Description("Client") : amended,
|
|
StringTermination("NullTerminated"),
|
|
format("w"),
|
|
read]
|
|
string Client;
|
|
[WmiDataId(2),
|
|
Description("Account") : amended,
|
|
StringTermination("NullTerminated"),
|
|
format("w"),
|
|
read]
|
|
string Account;
|
|
[WmiDataId(3),
|
|
Description("Channel Type") : amended,
|
|
format("x"),
|
|
read]
|
|
uint32 ChannelType;
|
|
[WmiDataId(4),
|
|
Description("Negotiated Flags") : amended,
|
|
format("x"),
|
|
read]
|
|
uint32 NegotiatedFlags;
|
|
};
|
|
|
|
[Dynamic,
|
|
Description("NetLogon Server Authentication") : amended,
|
|
EventType(2),
|
|
EventTypeName("End"),
|
|
locale("MS\\0x409")
|
|
]
|
|
class NlServerAuth_End:NlServerAuth
|
|
{
|
|
[WmiDataId(1),
|
|
Description("Client") : amended,
|
|
StringTermination("NullTerminated"),
|
|
format("w"),
|
|
read]
|
|
string Client;
|
|
[WmiDataId(2),
|
|
Description("Account") : amended,
|
|
StringTermination("NullTerminated"),
|
|
format("w"),
|
|
read]
|
|
string Account;
|
|
[WmiDataId(3),
|
|
Description("Channel Type") : amended,
|
|
format("x"),
|
|
read]
|
|
uint32 ChannelType;
|
|
[WmiDataId(4),
|
|
Description("Negotiated Flags") : amended,
|
|
format("x"),
|
|
read]
|
|
uint32 NegotiatedFlags;
|
|
[WmiDataId(5),
|
|
Description("Status") : amended,
|
|
format("x"),
|
|
read]
|
|
uint32 Status;
|
|
};
|
|
|
|
[Dynamic,
|
|
Description("NetLogon Secure Channel Setup") : amended,
|
|
Guid("{63dbb180-dbed-11d2-895b-00c04f79ab69}"),
|
|
DisplayName("NlSecChanlSetup"),
|
|
locale("MS\\0x409")
|
|
]
|
|
class NlSecChanlSetup:MSNetLogonTrace
|
|
{
|
|
|
|
};
|
|
|
|
[Dynamic,
|
|
Description("NetLogon Secure Channel Setup") : amended,
|
|
EventType(1),
|
|
EventTypeName("Start"),
|
|
locale("MS\\0x409")
|
|
]
|
|
class NlSecChanlSetup_Start:NlSecChanlSetup
|
|
{
|
|
};
|
|
|
|
[Dynamic,
|
|
Description("NetLogon Secure Channel Setup") : amended,
|
|
EventType(2),
|
|
EventTypeName("End"),
|
|
locale("MS\\0x409")
|
|
]
|
|
class NlSecChanlSetup_End:NlSecChanlSetup
|
|
{
|
|
};
|
|
|