Hi
I have installed wmint4.exe on an NT4 box in another domain. I have tested the script that I want to run on the local machine and it works.
I have then added the WBemscripting information that I want so that I can access the information remotely but I keep on getting an access denied. I know that the credentials are correct because it is the account that I login to the PC as. The account is a member of the local admin group on the PC that I want the script to run.
I then tried to run the script from another PC on the same domain as the PC taht I want to extract the information from and it gives me the same error.
Here is the code
<job>
<script language="VBScript" src="globalVariables.vbs"/>
<script>
'**************************************************************
'*
'* Backup even logs, write to database and clear them
'*
'**************************************************************
Option Explicit
' Declare variables
Dim objDB, objConn, objRS, fso, c, i, strComputer, objWMIService, colRetrievedEvents, objEvent, colLogFiles, errBackupLog, objLogfile, le, errStr
Dim dtmStartDate, dtmEndDate, DateToCheck
'vars for testing connectivity with auth
Dim objSWbemLocator, objSWbemServices, colSWbemObjectSet, strDomain, strUser, strPassword
strUser = InputBox("Please enter the username of the acoount you wish to use:")
strDomain = InputBox("Please enter the domain name for the account:")
strPassword = InputBox("Please enter the password:")
' Create connection to the database
Set objDB = CreateObject("ADODB.connection")
objDB.open driver
Set objRS = CreateObject("ADODB.Recordset")
objRS.cursorLocation = 3
objRS.open "DELETE * FROM eventInfo", objDB
objRS.Open "SELECT * FROM eventInfo", objDB, 3, 3
'***************************************************************
'*
'*Array of the type of logs we want
'*
'***************************************************************
Dim arrLogFile(1)
arrLogFile(0) = "system"
arrLogFile(1) = "application"
'***************************************************************
'*
'*Create date string to apply to backup files to differentiate
'*between files
'*
'***************************************************************
Dim dtmThisDay, dtmThisMonth, dtmThisYear, strDate
dtmThisDay = Day(Now)
dtmThisMonth = Month(Now)
dtmThisYear = Year(Now)
strDate = dtmThisDay & "_" & dtmThisMonth & "_" & dtmThisYear & "_"
'***************************************************************
'*
'*setup start and finish dates to enter into the SQL query so
'*we only get the previous days logs
'*
'***************************************************************
Set dtmStartDate = CreateObject("WbemScripting.SWbemDateTime")
Set dtmEndDate = CreateObject("WbemScripting.SWbemDateTime")
DateToCheck = Date
dtmEndDate.SetVarDate Date, True
dtmStartDate.SetVarDate DateToCheck, True
strComputer = InputBox("Please enter the computer you would like to check the event logs on:")
For each i in arrLogFile
WScript.echo "Now checking the " & i & " log on " & strComputer & "."
Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set objSWbemServices = objSWbemLocator.ConnectServer(strComputer & "\root\cimv2", strUser, strPassword,,strDomain)
Set colSWbemObjectSet = objSWbemServices.ExecQuery("Select * from Win32_NTLogEvent WHERE Logfile = '" & i & "' AND Type <> 'information' AND TimeWritten >= '" & dtmStartDate & "'")
For Each objEvent in colSWbemObjectSet
objRS.AddNew
objRS("logFile") = objEvent.Logfile
objRS("category") = objEvent.Category
objRS("computerName") = objEvent.ComputerName
objRS("eventCode") = objEvent.EventCode
objRS("message") = objEvent.Message
objRS("recordNumber") = objEvent.RecordNumber
objRS("sourceName") = objEvent.SourceName
objRS("timeWritten") = objEvent.TimeWritten
objRS("type") = objEvent.Type
objRS("userName") = objEvent.User
objRS.Update
Next
Call backupEventLog(strComputer, i) 'call the sub that backs up and clears the log
Next
Call moveFiles(strComputer) 'call the sub that moves the backed up evt files to a central location
'Next
WScript.Echo "Event logs logged!"
objRS.Close
objConn.Close
' This is a sub routine that backs the log up to a .evt file
' The file has the date, computer name and log type as the file name
' If successful then the log is cleared
Sub backupEventLog(xComp, xLog)
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate,(Backup)}!\\" & xComp & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery("Select * from Win32_NTEventLogFile where LogFileName='" & xLog & "'")
For Each objLogfile in colLogFiles
errBackupLog = objLogFile.BackupEventLog("C:\" & xComp & "_" & strDate & "_" & xLog & ".evt")
If errBackupLog <> 0 Then
Call logEvent(errBackupLog, xLog)
End If
Next
End Sub
' This is the sub that copies the files from the server to the central location
Sub moveFiles(pcName)
Set fso = CreateObject("Scripting.FileSystemObject")
fso.MoveFile "\\" & pcName & "\c$\*.evt", excelSaveLoc & "\eventLogBackups\"
End Sub
' This sub will write an event to the local machines event log
Sub logEvent(errBackupLog, logErr)
errStr = "There has been a problem creating the " & logErr & " backup. Error code: " & errBackupLog & ". Additional information is available from Set le = WScript.CreateObject("WScript.Shell")
le.LogEvent 1, errStr
End Sub
</script>
</job>
I have changed this
Set objSWbemServices = objSWbemLocator.ConnectServer(strComputer & "\root\cimv2", strUser, strPassword,,strDomain)
to
Set objSWbemServices = objSWbemLocator.ConnectServer(strComputer & "\root\cimv2", strDomain & "\" & strUser, strPassword)
And still get the same result.
I don't know if there is another way to do this - if there is please let me know, or, if you can see an issue wih the code please tell me where I am going wrong
Colin
I have installed wmint4.exe on an NT4 box in another domain. I have tested the script that I want to run on the local machine and it works.
I have then added the WBemscripting information that I want so that I can access the information remotely but I keep on getting an access denied. I know that the credentials are correct because it is the account that I login to the PC as. The account is a member of the local admin group on the PC that I want the script to run.
I then tried to run the script from another PC on the same domain as the PC taht I want to extract the information from and it gives me the same error.
Here is the code
<job>
<script language="VBScript" src="globalVariables.vbs"/>
<script>
'**************************************************************
'*
'* Backup even logs, write to database and clear them
'*
'**************************************************************
Option Explicit
' Declare variables
Dim objDB, objConn, objRS, fso, c, i, strComputer, objWMIService, colRetrievedEvents, objEvent, colLogFiles, errBackupLog, objLogfile, le, errStr
Dim dtmStartDate, dtmEndDate, DateToCheck
'vars for testing connectivity with auth
Dim objSWbemLocator, objSWbemServices, colSWbemObjectSet, strDomain, strUser, strPassword
strUser = InputBox("Please enter the username of the acoount you wish to use:")
strDomain = InputBox("Please enter the domain name for the account:")
strPassword = InputBox("Please enter the password:")
' Create connection to the database
Set objDB = CreateObject("ADODB.connection")
objDB.open driver
Set objRS = CreateObject("ADODB.Recordset")
objRS.cursorLocation = 3
objRS.open "DELETE * FROM eventInfo", objDB
objRS.Open "SELECT * FROM eventInfo", objDB, 3, 3
'***************************************************************
'*
'*Array of the type of logs we want
'*
'***************************************************************
Dim arrLogFile(1)
arrLogFile(0) = "system"
arrLogFile(1) = "application"
'***************************************************************
'*
'*Create date string to apply to backup files to differentiate
'*between files
'*
'***************************************************************
Dim dtmThisDay, dtmThisMonth, dtmThisYear, strDate
dtmThisDay = Day(Now)
dtmThisMonth = Month(Now)
dtmThisYear = Year(Now)
strDate = dtmThisDay & "_" & dtmThisMonth & "_" & dtmThisYear & "_"
'***************************************************************
'*
'*setup start and finish dates to enter into the SQL query so
'*we only get the previous days logs
'*
'***************************************************************
Set dtmStartDate = CreateObject("WbemScripting.SWbemDateTime")
Set dtmEndDate = CreateObject("WbemScripting.SWbemDateTime")
DateToCheck = Date
dtmEndDate.SetVarDate Date, True
dtmStartDate.SetVarDate DateToCheck, True
strComputer = InputBox("Please enter the computer you would like to check the event logs on:")
For each i in arrLogFile
WScript.echo "Now checking the " & i & " log on " & strComputer & "."
Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set objSWbemServices = objSWbemLocator.ConnectServer(strComputer & "\root\cimv2", strUser, strPassword,,strDomain)
Set colSWbemObjectSet = objSWbemServices.ExecQuery("Select * from Win32_NTLogEvent WHERE Logfile = '" & i & "' AND Type <> 'information' AND TimeWritten >= '" & dtmStartDate & "'")
For Each objEvent in colSWbemObjectSet
objRS.AddNew
objRS("logFile") = objEvent.Logfile
objRS("category") = objEvent.Category
objRS("computerName") = objEvent.ComputerName
objRS("eventCode") = objEvent.EventCode
objRS("message") = objEvent.Message
objRS("recordNumber") = objEvent.RecordNumber
objRS("sourceName") = objEvent.SourceName
objRS("timeWritten") = objEvent.TimeWritten
objRS("type") = objEvent.Type
objRS("userName") = objEvent.User
objRS.Update
Next
Call backupEventLog(strComputer, i) 'call the sub that backs up and clears the log
Next
Call moveFiles(strComputer) 'call the sub that moves the backed up evt files to a central location
'Next
WScript.Echo "Event logs logged!"
objRS.Close
objConn.Close
' This is a sub routine that backs the log up to a .evt file
' The file has the date, computer name and log type as the file name
' If successful then the log is cleared
Sub backupEventLog(xComp, xLog)
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate,(Backup)}!\\" & xComp & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery("Select * from Win32_NTEventLogFile where LogFileName='" & xLog & "'")
For Each objLogfile in colLogFiles
errBackupLog = objLogFile.BackupEventLog("C:\" & xComp & "_" & strDate & "_" & xLog & ".evt")
If errBackupLog <> 0 Then
Call logEvent(errBackupLog, xLog)
End If
Next
End Sub
' This is the sub that copies the files from the server to the central location
Sub moveFiles(pcName)
Set fso = CreateObject("Scripting.FileSystemObject")
fso.MoveFile "\\" & pcName & "\c$\*.evt", excelSaveLoc & "\eventLogBackups\"
End Sub
' This sub will write an event to the local machines event log
Sub logEvent(errBackupLog, logErr)
errStr = "There has been a problem creating the " & logErr & " backup. Error code: " & errBackupLog & ". Additional information is available from Set le = WScript.CreateObject("WScript.Shell")
le.LogEvent 1, errStr
End Sub
</script>
</job>
I have changed this
Set objSWbemServices = objSWbemLocator.ConnectServer(strComputer & "\root\cimv2", strUser, strPassword,,strDomain)
to
Set objSWbemServices = objSWbemLocator.ConnectServer(strComputer & "\root\cimv2", strDomain & "\" & strUser, strPassword)
And still get the same result.
I don't know if there is another way to do this - if there is please let me know, or, if you can see an issue wih the code please tell me where I am going wrong
Colin