More than a month after my last update I come back with some news! I usually get bored about repetitive work and I decided to try to capture the UAC event in Windows Vista.
I started to search about the Windows Events that rose when some UAC is accepted. I found that I can activate a Local Security Policy that is a process auditing. This makes news events to appear in our Event Viewer. One of these is the 4688 event ID who contains information about the requisite of the process of elevating privileges. With C# and .Net I was able to capture these events and treat in the way I want. And this way is Twitter, where I created an account to post UACs events.
You can follow my UACs events at http://twitter.com/UAC or you can download the application source code to create your own UAC twitter account (don’t forget enable process auditing at Local Security Policy).
See you at Twitter!
