querying event logs from remote computer

---

• From: "Aseem Bansal" <aseembansal@xxxxxxxxx>
• Date: Wed, 6 Dec 2006 17:42:05 +0530

---

Hi,

I want to know what permissions do you require to query event logs (using
WMI) lying on a remote computer.

I created a small sample to query event logs, but I get the following error.

Unhandled Exception: System.UnauthorizedAccessException: Access is denied.
(Exce
ption from HRESULT: 0x80070005 (E_ACCESSDENIED))
at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 e
rrorCode, IntPtr errorInfo)
at System.Management.ManagementScope.InitializeGuts(Object o)
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementObjectSearcher.Initialize()
at System.Management.ManagementObjectSearcher.Get()

Here are the details of my environment and the various options I tried.

1. Local as well remote computer are windows server 2003 with SP1.
2. Using EventViewer to view the event logs on remote computer shows an
error message box saying "Unable to complete the operation on "Application".
Access is denied.
3. Added my self in the Administrators group of that computer and it worked.
But I want to find out the minimum permissions required to access the event
logs from remote computer. So this is not an exciting option unless and
until this is the only option we have. So I removed myself from
administrators group.
4. Added 'FullControl' permission for myself on all the .evt files. But
observed the same above mentioned error.
5. Added myself to the security group on Root\cimv2 in 'WMI Control' and
allowed everything, still it did not work.
6. Added myself to "Manage Auditing and Security Log" in local policies\User
Rights Assignment, still it did not work.

Can you please let me know whether it is possible to query event logs
remotely without being part of Administrators group. If yes, what all
permissions are required?

Regards
Aseem Bansal


.

---

• Prev by Date: Re: wxDevC++ and WMI?
• Next by Date: problem implementing method provider
• Previous by thread: Unattended network related operations on windows server 2003
• Next by thread: problem implementing method provider
• Index(es):
  • Date
  • Thread

---

Relevant Pages accessing eventlogs on remote machine fails using system.management apis ... I want to know what permissions do you require to query event logs ... I created a small sample to query event logs, ... Local as well remote computer are windows server 2003 with SP1. ... (microsoft.public.dotnet.framework) Re: Erradic display of alternate connections dialog ? ... Also problems with network connectivity and name resolution can ... Try using the IP address of the remote computer ... not have the required permissions. ... (microsoft.public.windowsxp.security_admin) RE: Remote access ... You'll likely need to grant your code FullTrust permissions (or a subset ... > application from a remote computer, ... >> be able to run my application, I have to install it on every PC that needs to ... (microsoft.public.dotnet.framework.windowsforms) Re: Erradic display of alternate connections dialog ? ... credentials on the remote computer, correct share/NTFS permissions, or the ... Try using the IP address of the remote computer instead of the ... name resolution problem which in a domain computer can often be related to ... also help determine if there are name resolution or network connectivity ... (microsoft.public.windowsxp.security_admin)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Development  > microsoft.public.win32.programmer.wmi  > 2006-12