Database Search
If you can't find the information using the categories below, post a question over in our WinBatch Tech Support Forum.
TechHome
WMI
 | |
|
- !Microsofts WMI Object Browser!
- !WMI Reference!
- !WMI Security!
- Add Key Qualifier
- Backup Event Log
- Best Way to Read Event Log via WMI
- Check if WMI is Installed
- Clear Event Log via WMI
- Close All but One Instance
- Detect If monitor is in Standby Mode
- Detect Resume From Standby
- Detect Standby or Hibernation Event
- Detecting Local Network Connectivity and Speed
- Determine Laptop or Destop System Enclosure
- Determine Machine Type
- Determining If a Machine is a Domain Controller
- Directory Watcher
- Display Refresh Rate
- Error 1261 on ConnectServer line
- Extract SN from Bios using WMI
- fileSizeEX returns 0 for the Pagefile.sys file
- Get Asset Tag From Dell Computers
- Get Daylight Savings Time
- Get Default Printer
- Get ipv6 IP Address via Host Name
- Get Owner of a Process
- Get Physical Memory
- Get Process List via WMI
- Get Remote Logged in User
- Get Specific Events
- Get Status of Network Adapter
- Get Win32_DiskDrive Data with DeviceID
- Install MSI apps
- Is Computer WMI Enabled UDF
- Last Reboot Time
- List Active Network Adapters
- List All Monitors
- List Available Screen Resolutions
- List Installed Modems
- List Namespaces
- List Processes on a Remote Computer
- List Scheduled Tasks
- Manufacturer Model and Serial from WMI
- Modify DNS Entries
- Monitor Events
- Obtain the Name of the Domain to which the Computer Belongs
- PCMCIA Card Detection
- Physical Memory Inspection
- Ping Status
- Remote Number of Drives
- Remote Process UDFs
- Run an Application on a Remote Computer
- Search Eventlog Example
- Set Adapter Speed Duplex
- SetDNSSuffixSearchOrder MisMatched Type Error
- System Restore Point
- Total CPU Usage
- Using WMI List Applications
- Win32_EncryptableVolume
- Win32_SerialPort Information via WMI
- Windows NT Schedule Service - AT
- WMI - Processor Info
- WMI and Arrays
- WMI and Get IPAddress Property
- WMI and Remote Interactive Desktop Scripts
- WMI and WinPE
- WMI causing LLSMGR to start
- WMI ExecQuery
- WMI Get Fan Speed
- WMI Get MAC Address and NIC info
- WMI hangs
- WMI ObjectOpen Problem on Windows 95
- WMI Query Paths Need Double Backslashes
- WMI Related Resources
- WMI Scriptomatic
- wntGetCon using WMI
- WQL LIKE Operator
Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
Monitor Events
Keywords: monitor event system security application
Question:
I can't seem to get the ExecNotificationQuery() method of an SWbemServices object to do anything but cause a WinBatch OLE Exception 1261. Meanwhile, the ExecQuery() method works great to return a collection from a WQL query. The difference is that the ExecNotificationQuery() returns an SWbemEventSource object (read more at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/swbemeventsource.asp?frame=true), while ExecQuery() returns an SWbemObjectSet collection object (read more at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/swbemobjectset.asp?frame=true). Here is the WinBatch code I'm trying to use:
Locator = ObjectOpen("WbemScripting.SWbemLocator")
Service = Locator.ConnectServer()
Security = Service.Security_
Security.ImpersonationLevel = 3
EventSource = Service.ExecNotificationQuery("select * from __InstanceCreationEvent where TargetInstance isa 'Win32_NTLogEvent'")
And here is a link to a working VBScript that does what I eventually intend to do:
http://cwashington.netreach.net/depo/default.asp?topic=wmifaq
It's the one on the list that reads, "Listen For Windows NT Event Log Events on The Local System". Help!!
Answer:
It seems to have something to do with the sercurity/impersonation levels seen at the top of a WMI script.I found an interesting thread at groups.google.com that indicated when you try to read from all existing eventlogs, this includes the security log. To read that, you have additionally to specify:
objService.Security .Privileges.AddAsString("SeSecurityPrivilege")
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&frame=right&th=e6856c49d51fae90&seekm=%23bks5W5NAHA.282%40cppssbbsa02.microsoft.com#s
So maybe try the following code:
Locator = ObjectOpen("WbemScripting.SWbemLocator")
Service = Locator.ConnectServer()
Security = Service.Security_
Security.ImpersonationLevel = 3
Privs = Security.Privileges
Privs.AddAsString("SeSecurityPrivilege");<<<<< Sets security privilege
EventSource = Service.ExecNotificationQuery("SELECT * FROM __InstanceCreationEvent WHERE TargetInstance ISA 'Win32_NTLogEvent'")
;Wait for an event by executing the NextEvent method on the
;SWbemEventSource object.
num = 0
while (num < 5)
inst = EventSource.NextEvent(-1)
targ = inst.TargetInstance
message("logfile",targ.Logfile)
message("Message",targ.Message)
num = num + 1
ObjectClose(inst)
EndWhile
ObjectClose(Security)
ObjectClose(Service)
ObjectClose(Locator)
Exit
Article ID: W15788
File Created: 2003:05:13:11:30:06
Last Updated: 2003:05:13:11:30:06