×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

WBemscripting problems

WBemscripting problems

WBemscripting problems

(OP)
Hi

I have installed wmint4.exe on an NT4 box in another domain. I have tested the script that I want to run on the local machine and it works.

I have then added the WBemscripting information that I want so that I can access the information remotely but I keep on getting an access denied. I know that the credentials are correct because it is the account that I login to the PC as. The account is a member of the local admin group on the PC that I want the script to run.

I then tried to run the script from another PC on the same domain as the PC taht I want to extract the information from and it gives me the same error.

Here is the code

<job>
<script language="VBScript" src="globalVariables.vbs"/>

<script>
'**************************************************************
'*
'* Backup even logs, write to database and clear them
'*
'**************************************************************
Option Explicit

' Declare variables
Dim objDB, objConn, objRS, fso, c, i, strComputer, objWMIService, colRetrievedEvents, objEvent, colLogFiles, errBackupLog, objLogfile, le, errStr
Dim dtmStartDate, dtmEndDate, DateToCheck
'vars for testing connectivity with auth
Dim objSWbemLocator, objSWbemServices, colSWbemObjectSet, strDomain, strUser, strPassword

strUser = InputBox("Please enter the username of the acoount you wish to use:")
strDomain = InputBox("Please enter the domain name for the account:")
strPassword = InputBox("Please enter the password:")

' Create connection to the database
Set objDB = CreateObject("ADODB.connection")
objDB.open driver
Set objRS = CreateObject("ADODB.Recordset")

objRS.cursorLocation = 3
objRS.open "DELETE * FROM eventInfo", objDB
objRS.Open "SELECT * FROM eventInfo", objDB, 3, 3


'***************************************************************
'*
'*Array of the type of logs we want
'*
'***************************************************************

Dim arrLogFile(1)
arrLogFile(0) = "system"
arrLogFile(1) = "application"


'***************************************************************
'*
'*Create date string to apply to backup files to differentiate
'*between files
'*
'***************************************************************

Dim dtmThisDay, dtmThisMonth, dtmThisYear, strDate

dtmThisDay = Day(Now)
dtmThisMonth = Month(Now)
dtmThisYear = Year(Now)

strDate = dtmThisDay & "_" & dtmThisMonth & "_" & dtmThisYear & "_"


'***************************************************************
'*
'*setup start and finish dates to enter into the SQL query so
'*we only get the previous days logs
'*
'***************************************************************

Set dtmStartDate = CreateObject("WbemScripting.SWbemDateTime")
Set dtmEndDate = CreateObject("WbemScripting.SWbemDateTime")
DateToCheck = Date
dtmEndDate.SetVarDate Date, True
dtmStartDate.SetVarDate DateToCheck, True

strComputer = InputBox("Please enter the computer you would like to check the event logs on:")

For each i in arrLogFile
WScript.echo "Now checking the " & i & " log on " & strComputer & "."
Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set objSWbemServices = objSWbemLocator.ConnectServer(strComputer & "\root\cimv2", strUser, strPassword,,strDomain)
Set colSWbemObjectSet = objSWbemServices.ExecQuery("Select * from Win32_NTLogEvent WHERE Logfile = '" & i & "' AND Type <> 'information' AND TimeWritten >= '" & dtmStartDate & "'")

For Each objEvent in colSWbemObjectSet
objRS.AddNew
objRS("logFile") = objEvent.Logfile
objRS("category") = objEvent.Category
objRS("computerName") = objEvent.ComputerName
objRS("eventCode") = objEvent.EventCode
objRS("message") = objEvent.Message
objRS("recordNumber") = objEvent.RecordNumber
objRS("sourceName") = objEvent.SourceName
objRS("timeWritten") = objEvent.TimeWritten
objRS("type") = objEvent.Type
objRS("userName") = objEvent.User
objRS.Update
Next

Call backupEventLog(strComputer, i) 'call the sub that backs up and clears the log
Next
Call moveFiles(strComputer) 'call the sub that moves the backed up evt files to a central location
'Next

WScript.Echo "Event logs logged!"
objRS.Close
objConn.Close

' This is a sub routine that backs the log up to a .evt file
' The file has the date, computer name and log type as the file name
' If successful then the log is cleared
Sub backupEventLog(xComp, xLog)
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate,(Backup)}!\\" & xComp & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery("Select * from Win32_NTEventLogFile where LogFileName='" & xLog & "'")

For Each objLogfile in colLogFiles
errBackupLog = objLogFile.BackupEventLog("C:\" & xComp & "_" & strDate & "_" & xLog & ".evt")
If errBackupLog <> 0 Then
Call logEvent(errBackupLog, xLog)
End If
Next
End Sub

' This is the sub that copies the files from the server to the central location
Sub moveFiles(pcName)
Set fso = CreateObject("Scripting.FileSystemObject")
fso.MoveFile "\\" & pcName & "\c$\*.evt", excelSaveLoc & "\eventLogBackups\"
End Sub

' This sub will write an event to the local machines event log
Sub logEvent(errBackupLog, logErr)
errStr = "There has been a problem creating the " & logErr & " backup. Error code: " & errBackupLog & ". Additional information is available from http://msdn.microsoft.com/library/?url=/library/en-us/debug/base/system_error_codes.asp?frame=true"
Set le = WScript.CreateObject("WScript.Shell")
le.LogEvent 1, errStr
End Sub
</script>
</job>

I have changed this

Set objSWbemServices = objSWbemLocator.ConnectServer(strComputer & "\root\cimv2", strUser, strPassword,,strDomain)

to

Set objSWbemServices = objSWbemLocator.ConnectServer(strComputer & "\root\cimv2", strDomain & "\" & strUser, strPassword)

And still get the same result.

I don't know if there is another way to do this - if there is please let me know, or, if you can see an issue wih the code please tell me where I am going wrong

Colin

RE: WBemscripting problems

Hello purepest,

[1] Should you not change the connectserver to? :

Set objSWbemServices = objSWbemLocator.ConnectServer(strComputer,"\root\cimv2", strUser, strPassword,,strDomain)

or as in another form:

Set objSWbemServices = objSWbemLocator.ConnectServer(strComputer,"\root\cimv2", strDomain & "\" & strUser, strPassword)

[2] I see you have referenced again to the services with the moniker string with backup privilege. Should you not consider preserving the global reference you already established at the moment mentioned in [1] and just adding the backup privilege?

regards - tsuji

RE: WBemscripting problems

(OP)
thanks for that. I now have the mahoity of the script working. However, I don't understand how to add the backup pivelage as stated in point [2].

Can you point me in the right direction please?

Colin

RE: WBemscripting problems

purepest,

To use the consistent service object do this in your backup sub.

CODE

Sub backupEventLog(xComp, xLog)
'this line commented out
'Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate,(Backup)}!\\" & xComp & "\root\cimv2")
'wbempri
objWMIService.Security_.Privileges.Add 18,true
'continued with the other lines until the end
objWMIService.Security_.Privileges.Remove 18
End Sub
In the modification above, you see I do not set the impersonationlevel because the default is wbemImpersonationLevelImpersonate (=3) for the latest version of wbem. If you want to make sure, you can add the setting at the top of the script after setting up the objWMIService at the main body.

CODE

objWMIService.Security_.ImpersonationLevel=3
- tsuji

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close