accessing eventlogs on remote machine fails using system.management apis

---

• From: "aseembansal" <aseembansal@xxxxxxxxx>
• Date: 7 Dec 2006 04:06:29 -0800

---

Hi,

I want to know what permissions do you require to query event logs
(using system.management APIs) lying on a remote computer.


I created a small sample to query event logs, but I get the following
error.


Unhandled Exception: System.UnauthorizedAccessException: Access is
denied.
(Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo)
at System.Management.ManagementScope.InitializeGuts(Object o)
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementObjectSearcher.Initialize()
at System.Management.ManagementObjectSearcher.Get()


Here are the details of my environment and the various options I tried.



1. Local as well remote computer are windows server 2003 with SP1.
2. Using EventViewer to view the event logs on remote computer shows an
error message box saying "Unable to complete the operation on
"Application". Access is denied.
3. Added my self in the Administrators group of that computer and it
worked. But I want to find out the minimum permissions required to
access the event logs from remote computer. So this is not an exciting
option unless and until this is the only option we have. So I removed
myself from administrators group.
4. Added 'FullControl' permission for myself on all the .evt files. But
observed the same above mentioned error.
5. Added myself to the security group on Root\cimv2 in 'WMI Control'
and
allowed everything, still it did not work.
6. Added myself to "Manage Auditing and Security Log" in local
policies\User Rights Assignment, still it did not work.


Can you please let me know whether it is possible to query event logs
remotely without being part of Administrators group. If yes, what all
permissions are required?


Regards
Aseem Bansal

.

---

• Prev by Date: Appearance of a DrawingBrush material (WPF 3D)
• Next by Date: Is this a good Dispose() idea or not?
• Previous by thread: Appearance of a DrawingBrush material (WPF 3D)
• Next by thread: Is this a good Dispose() idea or not?
• Index(es):
  • Date
  • Thread

---

Relevant Pages querying event logs from remote computer ... I created a small sample to query event logs, but I get the following error. ... Local as well remote computer are windows server 2003 with SP1. ... Added my self in the Administrators group of that computer and it worked. ... But I want to find out the minimum permissions required to access the event ... (microsoft.public.win32.programmer.wmi) Re: Erradic display of alternate connections dialog ? ... Also problems with network connectivity and name resolution can ... Try using the IP address of the remote computer ... not have the required permissions. ... (microsoft.public.windowsxp.security_admin) Cannot Move Mailboxes ... I posted yesterday about MAPI errors in my event logs and this appears to be ... Besides the MAPI ... Obviously permissions related but what and where? ... I am running under an admin account with Domain Admin, ... (microsoft.public.exchange.admin) OT: GP Software Deployment {long} ... If there are installation errors in the event logs, ... This probably means that your permissions on ... computer is not getting the policy applied. ... you could easily send a package out to ... (microsoft.public.cert.exam.mcse) permissions to read event logs ... what permissions are needed to have a domain account READ server event logs? ... this service account the minimum rights to query a server's event logs using ... (microsoft.public.windows.server.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)