Using panel.exe to control ACP tracking

The panel.exe utility allows you to query and control the tracking of ACP usage.

Note that usage tracking only indicates if a verb made a query to an ACP, it does not indicate if that query succeeded or failed. The notion of success or failure varies greatly depending on the perspective, and for some ACPs, a value of 1 (setting is ON, that is, enabled) implies a restriction, while for other ACPs, a value of 0 (setting is OFF, that is, disabled) also implies a restriction. Generally, users should compare the tracking information to their role configuration to determine what setting the verbs encountered when the ACPs were accessed during application run-time (if tracking was enabled).

The panel.exe utility allows a basic level of control and query functions for ACP tracking. You can also perform ACP tracking through the CSUAACT verb, if the ACP at offset 0x01CC is enabled through a TKE (see Access Control Tracking (CSUAACT)). This 0x01CC ACP is usually disabled by default. A typical user will access ACP tracking information through the Trusted Key Entry workstation (TKE). The panel.exe functionality is added as a convenience. If requested, the tracking data is returned in a data structure that matches the role data structure and ACP structure described in Access control data structures.