Event log privileges 
Author Message
 Event log privileges


I am trying to write a script so that a non-administrator user can
create a plain text file of all all the event logs.  I have successfully
done this for the system and application logs however I am unable to get
the script to work for the security log.

I know I need to have the security privilege (group policy - manage
audit and security) which I do however the user is still unable to
create a plain text file of the security log.  Another wierd thing -
when I log on with the user account and use event viewer to view the
logs I can view the security log once!!  If I refresh the view or change
to another log and come back event viewer reports that I do not have the
privilege to view the security log!!!

Is there any other security privileges that the user needs to have?

Is there another way to allow a non-administrator to create plain text
files of all event logs?

P.S. The script works for all event logs when logged in as administrator
and does not work even if the user belongs to the power user group.


result = msgbox("Are you sure you want to copy event logs to e: ?",
vbQuestion + vbOKCancel, "Copy Event Logs")

if result = 1 then
  set WshNetwork = WScript.CreateObject("WScript.Network")
  strComputerName = WshNetwork.ComputerName

  dtmThisDay = Day(Now)
  dtmThisMonth = Month(Now)
  dtmThisYear = Year(Now)
  strFilename = "e:\" & dtmThisYear & "_" & dtmThisMonth & "_" &
dtmThisDay & "_" & strComputerName

  strcomputer = "."

  set FSys = CreateObject("Scripting.FileSystemObject")

  set objWMIService = GetObject("winmgmts:" &
"{impersonationLevel=impersonate, (Backup, Security)}!\\" _
                      & strComputer & "\root\cimv2")
  set colEventLogFiles = objWMIService.ExecQuery ("Select * from

  for each objLogFile in colEventLogFiles
    set colLogFiles = objWMIService.ExecQuery ("Select * from
Win32_NTLogEvent WHERE LogFile = '" & objLogFile.LogFileName & "'")
    strName = strFilename & "_" & objLogFile.LogFileName & ".txt"
    set TStream = FSys.OpenTextFile(strName, 2, True)
    TStream.WriteLine "Backup of " & objLogFile.LogFileName & " Event
    TStream.WriteLine ""
    TStream.WriteLine "Type, Time, Source, Category, Event, User,
    For each objEvent in colLogFiles
      strEvent = objEvent.Type & ", " & objEvent.TimeGenerated & ", " &
objEvent.SourceName & ", " & _
                 objEvent.CategoryString & ", " & objEvent.EventCode &
", " & objEvent.User & ", " & _

 Wscript.Echo "Event logs backed up"

end if




Wed, 17 Aug 2005 05:55:51 GMT  
 [ 1 post ] 

 Relevant Pages 

1. Logging to system event logs...

2. How-to: Log to NT Event Log

3. How to Retrieve Events For One Day From An Event Log on Windows 2000/NT

4. Write events to the event log ?

5. Accesing events in Event Viewer logs

6. Retrieve Events For One Day from an Event Log

7. Event ID in Event Logs

8. Windows 2000/NT Event log monitoring

9. System event logs

10. Backing up the Event Log to a central location

11. WMI, Reading Event Log Entries is VERY slow!

12. Event logging for VB application using VBScript


Powered by phpBB® Forum Software