Getting File Audit Rules List
Earlier today a friend was trying to invoke GetAuditRules API on a file using c# code, but it was always returning a count of 0 inspite of having set a specific audit rule on the file via windows explorer. The surprising part was that GetAccessRules API was working and the code was running locally so it had full security rights as well.
Debugging didn't help and could not get specific pointers with the API documentation as well. Finally, the problem turned out to with the File.GetAccessControl API. The single parameter override of this API, sets the value for the AccessControlSections parameter to Access + Group + Owner and ignores on Audit from this and this caused the Audit fields to not return any value. Unfortunately, this isn't documented properly and hence anyone can easily miss out this point. You can however verify this using Reflector and see the internal implementation, which is as below
public static FileSecurity GetAccessControl(string path)
{
return GetAccessControl(path, AccessControlSections.Group | AccessControlSections.Owner | AccessControlSections.Access);
}
Modifying the call as below eventually got the GetAuditRules API working and got the required results.
FileSecurity fSecurity = File.GetAccessControl(str, AccessControlSections.All);
where str is the file whose audit rules are being queries. If you need only audit rules, you can use AccessControlSections.Audit as well. Hope this will help others also facing similar issues.
