{@Name function generates an audit message in the security event log.
        For a detailed information see MSDN : [url]http://msdn2.microsoft.com/en-gb/library/aa379305.aspx[/url]

        If you want to enable audit functions the calling process (not thread token!) needs the SeAuditPrivilege privilege.
        Per default only services have this privilege. However it can be enabled in group policy editor : "gpedit.msc" manager (under xp)
          Computer configuration -> Windows settings -> security settings -> local policies -> audit policy
            enable (success/failure) policy : audit privilege
          The parameter AccessGranted is linked with the type of policy - success or failiure.
          ([url]http://www.nemesisblue.info/images%5Cgpedit1.gif[/url])

        The audit event can be seen in the event viewer in security leaf.

        @param(ClientToken is the token to be used in audit log. )

        @raises(ESMPrivilegeNotFoundException will be raised if the process token does not have the privilege : SE_AUDIT_NAME)
        @raises(ESMWinCallFailedException will be raised if the winapi call to PrivilegedServiceAuditAlarm failed.)
        @raises(ESMInvalidTokenHandle will be raised if the parameter ClientToken is nil)
         }
class procedure TSecurityToken.PrivilegedServiceAuditAlarm(SubsystemName, ServiceName : TString; ClientToken : TSecurityToken;
                                        Privileges : TPrivilegeSet; AccessGranted :Boolean);


var pPriv : JwaWinNT.PPRIVILEGE_SET;
    privs : TPrivilegeSet;

    primToken : TSecurityToken;
    bOldAuditPriv : Boolean;
begin
  if not Assigned(ClientToken) then
    raise ESMInvalidTokenHandle.CreateFmtEx('ClientToken must not be nil.', 'PrivilegedServiceAuditAlarm',ClassName,'USM_Token.pas', 0,true,[]);


  {PrivilegedServiceAuditAlarm checks the process token for the needed privilege SE_AUDIT_NAME.
  So we open it here.
  The thread that calls this function does not need that privilege.

  We open the token with minimal access.

  }
  primToken := TSecurityToken.CreateTokenByProcess(0,
                TOKEN_READ or
                TOKEN_QUERY or
                TOKEN_ADJUST_PRIVILEGES or
                TOKEN_AUDIT_SUCCESS_INCLUDE or TOKEN_AUDIT_SUCCESS_EXCLUDE or
                TOKEN_AUDIT_FAILURE_INCLUDE or TOKEN_AUDIT_FAILURE_EXCLUDE);

  {first we try to get status of SE_AUDIT_NAME privilege.
  Maybe the process has not the privilege?

  We save the privilege status for later resetting.
  }
  try
    bOldAuditPriv := primToken.PrivilegeEnabled[SE_AUDIT_NAME];
  except
    on E1 : ESMPrivilegeNotFoundException do
    begin
      //do special things here - for future
      primToken.Free;
      raise; //notify caller
    end;

    On E2 : Exception do
    begin
      //free in every case
      primToken.Free;
      raise; //but re-raise
    end;
  end;

  //not enable privilege
  primToken.PrivilegeEnabled[SE_AUDIT_NAME] := true;

  //now we set all privileges of the client token, so they will be shown in the audit log message
  privs := ClientToken.GetTokenPrivileges;
  pPriv := privs.Create_PPRIVILEGE_SET;

  if not {$IFDEF SM_UNICODE}PrivilegedServiceAuditAlarmW{$ELSE}PrivilegedServiceAuditAlarmA{$ENDIF}
        (TPChar(SubsystemName), TPChar(ServiceName), ClientToken.TokenHandle,pPriv^, AccessGranted) then
  begin
    //reset privilege to old status
    //free everything before raise exception
    primToken.PrivilegeEnabled[SE_AUDIT_NAME] := bOldAuditPriv;
    privs.Free_PPRIVILEGE_SET(pPriv);
    privs.Free;
    //free token
    primToken.Free;
    raise ESMWinCallFailedException.CreateFmtEx('Call to PrivilegeCheck failed.', 'PrivilegedServiceAuditAlarm',ClassName,'USM_Token.pas', 0,true,[]);
  end;

  //reset privilege to old status
  primToken.PrivilegeEnabled[SE_AUDIT_NAME] := bOldAuditPriv;
  privs.Free_PPRIVILEGE_SET(pPriv);
  privs.Free;
  //free token
  primToken.Free;
end;