Re: Urgent:- Reading event log files using Win32_NTLogevent class
- From: "VB Research" <kevinc@xxxxxxxxxxxx>
- Date: 23 Dec 2006 16:57:35 -0800
Go here http://msdn2.microsoft.com/en-us/library/aa389284.aspx
Look for "DCOM Impersonation and Authentication Settings" table
To update your WMI go here
http://www.microsoft.com/downloads/details.aspx?FamilyID=afe41f46-e213-4cbf-9c5b-fbf236e0e875&DisplayLang=en
and 2000 has WMI 1.5 core install by default if not use windows update.
Good Luck
VB Research wrote:
The problem that you are have is with the connection string. The
following values change for different OSs and if the settings for Dcom
and Com+ where changed. Very few change dcom and com settings. You
should be able the values to replace RPC_C_AUTHN_LEVEL_CALL, and
RPC_C_IMP_LEVEL_IMPERSONATE. I do have a Win2000 computer to get the
values. There is not a connection string that works on all Win OSs by
default.
If you guess the values are
RPC_C_IMP_LEVEL_IMPERSONATE = 3 // your current setting. Try 0 to 4
RPC_C_AUTHN_LEVEL_CALL = 2 // your current setting. Try 0 to 6 and
maybe -1
Good Luck.
vikcy wrote:
Hi friends
I am developing a tool that reads the windows event log
files. I used WMI class Win32_NTLogEvent for it .
It works fine on Windows XP professional,Home and 2003 server std.
edition and enterprise edition (32 bit and 64 bit)
But it fails on Windows 2000 professional , 2000 server ,
NT 4.0
Can any body had done it before , please help me , it is very urgent.
Thanks
Sample code that i wrote to connect WMI is as follows:-
m_pIWbemLocator = NULL;
//Initializes the COM library for use by the calling
thread
m_hres=CoInitializeEx(NULL , COINIT_MULTITHREADED );
if(FAILED(m_hres))
{
return FALSE;
}
m_hres =
CoInitializeSecurity(NULL,-1,NULL,NULL,RPC_C_AUTHN_LEVEL_DEFAULT,
RPC_C_IMP_LEVEL_IMPERSONATE,NULL,EOAC_NONE,NULL);
if(FAILED(m_hres))
{
CoUninitialize();
return FALSE;
}
// Set the security privileges first.
BOOL bRet = SetSecurityPrivilege();
if(!bRet)
{
CoUninitialize();
return FALSE;
}
// Create Instance of IWbemLocator class.
CComPtr<IClassFactory> pCF;
BSTR bstrNamespace = (L"root\\cimv2");
DWORD dwClsContext=CLSCTX_INPROC_SERVER |
CLSCTX_LOCAL_SERVER;
m_hres = CoGetClassObject(CLSID_WbemLocator, dwClsContext,
NULL, IID_IClassFactory,reinterpret_cast< void** >
(&pCF));
if(FAILED(m_hres))
{
CoUninitialize();
return FALSE;
}
m_hres = CoCreateInstance(CLSID_WbemLocator,NULL,
CLSCTX_INPROC_SERVER | CLSCTX_LOCAL_SERVER,IID_IUnknown ,
(void **) & m_pIWbemLocator) ;
if(FAILED(m_hres))
{
CoUninitialize();
return FALSE;
}
return TRUE;
}
BOOL CWMIGenerateDefnFile::WMIConnect()
{
m_pWbemServices = NULL;
m_hres =
m_pIWbemLocator->ConnectServer(CComBSTR(L"ROOT\\CIMV2"),
NULL,NULL,NULL,0,NULL,NULL,&m_pWbemServices);
if(FAILED(m_hres))
{
return FALSE;
}
m_hres =
CoSetProxyBlanket(m_pWbemServices,RPC_C_AUTHN_WINNT,RPC_C_AUTHZ_NONE,
NULL,RPC_C_AUTHN_LEVEL_CALL,RPC_C_IMP_LEVEL_IMPERSONATE,NULL,
EOAC_NONE);
if(FAILED(m_hres))
{
return FALSE;
}
return TRUE;
}
BOOL CWMIGenerateDefnFile::ExecuteWMIQuery(CString szLogFileName)
{
m_pEnumObject = NULL;
_bstr_t strQuery = (L"Select * from Win32_NTLogEvent WHERE
LogFile =
");
strQuery += L"\"";
strQuery += (LPSTR)(LPCTSTR)szLogFileName;
strQuery += L"\"";
BSTR strQL = (L"WQL");
//Firing the WQL query to Win32_NTLogEvent class
m_hres = m_pWbemServices->ExecQuery(strQL, strQuery,
WBEM_FLAG_FORWARD_ONLY |
WBEM_FLAG_RETURN_IMMEDIATELY,NULL,&m_pEnumObject);
if(FAILED(m_hres))
{
return FALSE;
}
return TRUE;
.
- Follow-Ups:
- References:
- Prev by Date: Re: Urgent:- Reading event log files using Win32_NTLogevent class
- Next by Date: Re: block some exe
- Previous by thread: Re: Urgent:- Reading event log files using Win32_NTLogevent class
- Next by thread: Re: Urgent:- Reading event log files using Win32_NTLogevent class
- Index(es):
Relevant Pages
|
Loading
