473,326 Members | 2,102 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

EnablePrivileges = True not working in wmi connection

I'm trying to (programatically) backup and clear the security event log on
the local machine. I can do this manually through the event viewer and I am
logged on as an administrator. I can successfully connect to the local wmi
service. I can step through and list all the log files on the local computer
in a text box so I know I can get an System.Management.ManagementObject that
is the security log.

However when I try to execute the "BackupEventLog" method I get access
denied.

Here is my code for trying to execute the method:

logfileSearcher = New
System.Management.ManagementObjectSearcher(myManag ementScope.Path.ToString,
"Select * from win32_NTEventLogFile WHERE LogFileName='security'")
'* execute query
'* Get Event Log Files
logfiles = logfileSearcher.Get()

For Each logfile In logfiles
Dim inParams As Management.ManagementBaseObject =
logfile.GetMethodParameters("BackupEventLog")
inParams("ArchiveFileName") = "c:\testing.evt"
Dim outParams As Management.ManagementBaseObject =
logfile.InvokeMethod("BackupEventLog", inParams, Nothing)
Next

Here is the error detail:

Error Encountered: System.Management.ManagementException: Access denied
at
System.Management.ManagementException.ThrowWithExt endedInfo(ManagementStatus
errorCode)
at System.Management.ManagementObject.InvokeMethod(St ring methodName,
ManagementBaseObject inParameters, InvokeMethodOptions options)
at wmitest.Form1.Button3_Click(Object sender, EventArgs e) in
C:\Documents and Settings\1069317\Desktop\Desktop
Stuff\JTSecuAudit\wmitest\Form1.vb:line 75
I have checked around on google and found that several people have had
similar issues and it has to do with the privileges of the wmi connection. I
am logged onto the machine as an administrator, I have also set the
ConnectionOptions.EnablePrivileges = True

But it does not work...I have found threads online indicating that setting
EnablePrivileges to True worked on .NET framework 1.0 but it "stopped"
working on 1.1 and I assume doesn't work on 2.0 as I am having this issue.
(I am using .NET Framework 2.0 SP1).

please help!
Jun 27 '08 #1
3 2450
"JohnBates" wrote:
I'm trying to (programatically) backup and clear the security event log on
the local machine. I can do this manually through the event viewer and I am
logged on as an administrator. I can successfully connect to the local wmi
service. I can step through and list all the log files on the local computer
in a text box so I know I can get an System.Management.ManagementObject that
is the security log.

However when I try to execute the "BackupEventLog" method I get access
denied.

Here is my code for trying to execute the method:

logfileSearcher = New
System.Management.ManagementObjectSearcher(myManag ementScope.Path.ToString,
"Select * from win32_NTEventLogFile WHERE LogFileName='security'")
'* execute query
'* Get Event Log Files
logfiles = logfileSearcher.Get()

For Each logfile In logfiles
Dim inParams As Management.ManagementBaseObject =
logfile.GetMethodParameters("BackupEventLog")
inParams("ArchiveFileName") = "c:\testing.evt"
Dim outParams As Management.ManagementBaseObject =
logfile.InvokeMethod("BackupEventLog", inParams, Nothing)
Next

Here is the error detail:

Error Encountered: System.Management.ManagementException: Access denied
at
System.Management.ManagementException.ThrowWithExt endedInfo(ManagementStatus
errorCode)
at System.Management.ManagementObject.InvokeMethod(St ring methodName,
ManagementBaseObject inParameters, InvokeMethodOptions options)
at wmitest.Form1.Button3_Click(Object sender, EventArgs e) in
C:\Documents and Settings\1069317\Desktop\Desktop
Stuff\JTSecuAudit\wmitest\Form1.vb:line 75
I have checked around on google and found that several people have had
similar issues and it has to do with the privileges of the wmi connection. I
am logged onto the machine as an administrator, I have also set the
ConnectionOptions.EnablePrivileges = True

But it does not work...I have found threads online indicating that setting
EnablePrivileges to True worked on .NET framework 1.0 but it "stopped"
working on 1.1 and I assume doesn't work on 2.0 as I am having this issue.
(I am using .NET Framework 2.0 SP1).

please help!

This worked for me on .NET Framework 2.0:

Dim scope As New ManagementScope
scope.Options.EnablePrivileges = True

logfileSearcher = New
System.Management.ManagementObjectSearcher(scope, New
Management.ObjectQuery("Select * from win32_NTEventLogFile WHERE
LogFileName='security'"))
logfiles = logfileSearcher.Get()

For Each logfile In logfiles

Dim inParams As Management.ManagementBaseObject =
logfile.GetMethodParameters("BackupEventLog")
inParams("ArchiveFileName") = "c:\testing.evt"
Dim outParams As Management.ManagementBaseObject =
logfile.InvokeMethod("BackupEventLog", inParams, Nothing)
Console.WriteLine(outParams.Item("returnValue"))

Next
--
urkec
Jun 27 '08 #2
urkec - first off thank you so much for your help your code does work...let
me post my original connection code (which doesn't seem to work) I think the
difference was that I was attempting to create a connection using impersonate
and authentication...without those it works. based on the working wmi
vbsscript I had I thought I had to use impersonate and authentication.

My Connection Code:
===================BEGIN
With myConnectionOptions
.Impersonation = Management.ImpersonationLevel.Impersonate
.Authentication = System.Management.AuthenticationLevel.Packet
End With

If Not Me.txtUsername.Text = "" Then
myConnectionOptions.Username = Me.txtUsername.Text
Else
myConnectionOptions.Username = Nothing
End If
If Not Me.txtPassword.Text = "" Then
myConnectionOptions.Password = Me.txtPassword.Text
Else
myConnectionOptions.Password = Nothing
End If
If Me.CheckBox1.Checked = True Then
myConnectionOptions.EnablePrivileges = True
End If
'* Replace the "." with an actual servername for remote connection
'Dim myServerName As String = "."
Dim myServerName As String = Me.txtServer.Text
myManagementScope = New System.Management.ManagementScope("\\" &
myServerName & "\root\cimv2", myConnectionOptions)

'* connect to WMI namespace
myManagementScope.Connect()
If myManagementScope.IsConnected = False Then
rtbStatus.AppendText("Could not connect to WMI namespace on " &
myServerName & ControlChars.Cr)
Else
rtbStatus.AppendText("Connected to WMI namespace on " &
myServerName & ControlChars.Cr)
End If

===================END
I'm getting a little closer to my final end product - now I just can't seem
to get the ClearLogFile method to work. I tried using the Nothing keyword in
place of the options object but it choked on that. Any other ideas?

Here is what I am doing now:

===================BEGIN
Dim scope As New ManagementScope("\\" & Me.txtServer.Text &
"\root\cimv2")
Dim logfileSearcher As System.Management.ManagementObjectSearcher
Dim logfiles As System.Management.ManagementObjectCollection
Dim logfile As System.Management.ManagementObject
Dim logQuery As New Management.ObjectQuery("Select * from
win32_NTEventLogFile WHERE LogFileName='security'")

Me.rtbStatus.Clear()

Try

If Me.txtUsername.Text = "" Then
scope.Options.Username = Nothing
Else
scope.Options.Username = Me.txtUsername.Text
End If
If Me.txtPassword.Text = "" Then
scope.Options.Password = Nothing
Else
scope.Options.Password = Me.txtPassword.Text
End If
If Me.CheckBox1.Checked = True Then
scope.Options.EnablePrivileges = True
End If

scope.Connect()

If scope.IsConnected = False Then
rtbStatus.AppendText("Could not connect to WMI namespace on
" & Me.txtServer.Text & ControlChars.Cr)
Else
rtbStatus.AppendText("Connected to WMI namespace on " &
Me.txtServer.Text & ControlChars.Cr)
End If

logfileSearcher = New
System.Management.ManagementObjectSearcher(scope, logQuery)
logfiles = logfileSearcher.Get()

For Each logfile In logfiles
'Backup Log File
Dim inParams As Management.ManagementBaseObject =
logfile.GetMethodParameters("BackupEventLog")
inParams("ArchiveFileName") = "c:\testing.evt"
Dim outParams As Management.ManagementBaseObject =
logfile.InvokeMethod("BackupEventLog", inParams, Nothing)

'Backup Result
rtbStatus.AppendText("Backup Method Returned : " &
outParams.Item("returnValue").ToString & " ")
If outParams.Item("returnValue").ToString = 0 Then
rtbStatus.AppendText("The Security event log was backed
up." & ControlChars.Cr)
'Only execute ClearEventLog method upon successful Backup
outParams = logfile.InvokeMethod("ClearEventLog",
inParams, Nothing)
'Diplay Clear Result
rtbStatus.AppendText("Clear Method Returned : " &
outParams.Item("returnValue").ToString & ControlChars.Cr)
End If
If outParams.Item("returnValue").ToString = 8 Then
rtbStatus.AppendText("Privilege missing!" &
ControlChars.Cr)
End If
If outParams.Item("returnValue").ToString = 21 Then
rtbStatus.AppendText("Invalid Parameter in call" &
ControlChars.Cr)
End If

If outParams.Item("returnValue").ToString = 183 Then
rtbStatus.AppendText("The archive file already exists."
& ControlChars.Cr)
End If

Next
Catch ex As Exception
rtbStatus.AppendText("Error Encountered: " & ex.ToString &
ControlChars.Cr)
End Try
===================END
"urkec" wrote:
"JohnBates" wrote:
I'm trying to (programatically) backup and clear the security event log on
the local machine. I can do this manually through the event viewer and I am
logged on as an administrator. I can successfully connect to the local wmi
service. I can step through and list all the log files on the local computer
in a text box so I know I can get an System.Management.ManagementObject that
is the security log.

However when I try to execute the "BackupEventLog" method I get access
denied.

Here is my code for trying to execute the method:

logfileSearcher = New
System.Management.ManagementObjectSearcher(myManag ementScope.Path.ToString,
"Select * from win32_NTEventLogFile WHERE LogFileName='security'")
'* execute query
'* Get Event Log Files
logfiles = logfileSearcher.Get()

For Each logfile In logfiles
Dim inParams As Management.ManagementBaseObject =
logfile.GetMethodParameters("BackupEventLog")
inParams("ArchiveFileName") = "c:\testing.evt"
Dim outParams As Management.ManagementBaseObject =
logfile.InvokeMethod("BackupEventLog", inParams, Nothing)
Next

Here is the error detail:

Error Encountered: System.Management.ManagementException: Access denied
at
System.Management.ManagementException.ThrowWithExt endedInfo(ManagementStatus
errorCode)
at System.Management.ManagementObject.InvokeMethod(St ring methodName,
ManagementBaseObject inParameters, InvokeMethodOptions options)
at wmitest.Form1.Button3_Click(Object sender, EventArgs e) in
C:\Documents and Settings\1069317\Desktop\Desktop
Stuff\JTSecuAudit\wmitest\Form1.vb:line 75
I have checked around on google and found that several people have had
similar issues and it has to do with the privileges of the wmi connection. I
am logged onto the machine as an administrator, I have also set the
ConnectionOptions.EnablePrivileges = True

But it does not work...I have found threads online indicating that setting
EnablePrivileges to True worked on .NET framework 1.0 but it "stopped"
working on 1.1 and I assume doesn't work on 2.0 as I am having this issue.
(I am using .NET Framework 2.0 SP1).

please help!


This worked for me on .NET Framework 2.0:

Dim scope As New ManagementScope
scope.Options.EnablePrivileges = True

logfileSearcher = New
System.Management.ManagementObjectSearcher(scope, New
Management.ObjectQuery("Select * from win32_NTEventLogFile WHERE
LogFileName='security'"))
logfiles = logfileSearcher.Get()

For Each logfile In logfiles

Dim inParams As Management.ManagementBaseObject =
logfile.GetMethodParameters("BackupEventLog")
inParams("ArchiveFileName") = "c:\testing.evt"
Dim outParams As Management.ManagementBaseObject =
logfile.InvokeMethod("BackupEventLog", inParams, Nothing)
Console.WriteLine(outParams.Item("returnValue"))

Next
--
urkec
Jun 27 '08 #3
Actually I got it to work...I have to reset the inParams object to the
parameters for the ClearLogFile method with:

inParams = logfile.GetMethodParameters("ClearEventLog")

before the line:

outParams = logfile.InvokeMethod("ClearEventLog", inParams, Nothing)

It just would not accept Nothing in place of the base object.

Again thank you so much for your help.
"JohnBates" wrote:
urkec - first off thank you so much for your help your code does work...let
me post my original connection code (which doesn't seem to work) I think the
difference was that I was attempting to create a connection using impersonate
and authentication...without those it works. based on the working wmi
vbsscript I had I thought I had to use impersonate and authentication.

My Connection Code:
===================BEGIN
With myConnectionOptions
.Impersonation = Management.ImpersonationLevel.Impersonate
.Authentication = System.Management.AuthenticationLevel.Packet
End With

If Not Me.txtUsername.Text = "" Then
myConnectionOptions.Username = Me.txtUsername.Text
Else
myConnectionOptions.Username = Nothing
End If
If Not Me.txtPassword.Text = "" Then
myConnectionOptions.Password = Me.txtPassword.Text
Else
myConnectionOptions.Password = Nothing
End If
If Me.CheckBox1.Checked = True Then
myConnectionOptions.EnablePrivileges = True
End If
'* Replace the "." with an actual servername for remote connection
'Dim myServerName As String = "."
Dim myServerName As String = Me.txtServer.Text
myManagementScope = New System.Management.ManagementScope("\\" &
myServerName & "\root\cimv2", myConnectionOptions)

'* connect to WMI namespace
myManagementScope.Connect()
If myManagementScope.IsConnected = False Then
rtbStatus.AppendText("Could not connect to WMI namespace on " &
myServerName & ControlChars.Cr)
Else
rtbStatus.AppendText("Connected to WMI namespace on " &
myServerName & ControlChars.Cr)
End If

===================END
I'm getting a little closer to my final end product - now I just can't seem
to get the ClearLogFile method to work. I tried using the Nothing keyword in
place of the options object but it choked on that. Any other ideas?

Here is what I am doing now:

===================BEGIN
Dim scope As New ManagementScope("\\" & Me.txtServer.Text &
"\root\cimv2")
Dim logfileSearcher As System.Management.ManagementObjectSearcher
Dim logfiles As System.Management.ManagementObjectCollection
Dim logfile As System.Management.ManagementObject
Dim logQuery As New Management.ObjectQuery("Select * from
win32_NTEventLogFile WHERE LogFileName='security'")

Me.rtbStatus.Clear()

Try

If Me.txtUsername.Text = "" Then
scope.Options.Username = Nothing
Else
scope.Options.Username = Me.txtUsername.Text
End If
If Me.txtPassword.Text = "" Then
scope.Options.Password = Nothing
Else
scope.Options.Password = Me.txtPassword.Text
End If
If Me.CheckBox1.Checked = True Then
scope.Options.EnablePrivileges = True
End If

scope.Connect()

If scope.IsConnected = False Then
rtbStatus.AppendText("Could not connect to WMI namespace on
" & Me.txtServer.Text & ControlChars.Cr)
Else
rtbStatus.AppendText("Connected to WMI namespace on " &
Me.txtServer.Text & ControlChars.Cr)
End If

logfileSearcher = New
System.Management.ManagementObjectSearcher(scope, logQuery)
logfiles = logfileSearcher.Get()

For Each logfile In logfiles
'Backup Log File
Dim inParams As Management.ManagementBaseObject =
logfile.GetMethodParameters("BackupEventLog")
inParams("ArchiveFileName") = "c:\testing.evt"
Dim outParams As Management.ManagementBaseObject =
logfile.InvokeMethod("BackupEventLog", inParams, Nothing)

'Backup Result
rtbStatus.AppendText("Backup Method Returned : " &
outParams.Item("returnValue").ToString & " ")
If outParams.Item("returnValue").ToString = 0 Then
rtbStatus.AppendText("The Security event log was backed
up." & ControlChars.Cr)
'Only execute ClearEventLog method upon successful Backup
outParams = logfile.InvokeMethod("ClearEventLog",
inParams, Nothing)
'Diplay Clear Result
rtbStatus.AppendText("Clear Method Returned : " &
outParams.Item("returnValue").ToString & ControlChars.Cr)
End If
If outParams.Item("returnValue").ToString = 8 Then
rtbStatus.AppendText("Privilege missing!" &
ControlChars.Cr)
End If
If outParams.Item("returnValue").ToString = 21 Then
rtbStatus.AppendText("Invalid Parameter in call" &
ControlChars.Cr)
End If

If outParams.Item("returnValue").ToString = 183 Then
rtbStatus.AppendText("The archive file already exists."
& ControlChars.Cr)
End If

Next
Catch ex As Exception
rtbStatus.AppendText("Error Encountered: " & ex.ToString &
ControlChars.Cr)
End Try
===================END
"urkec" wrote:
"JohnBates" wrote:
I'm trying to (programatically) backup and clear the security event log on
the local machine. I can do this manually through the event viewer and I am
logged on as an administrator. I can successfully connect to the local wmi
service. I can step through and list all the log files on the local computer
in a text box so I know I can get an System.Management.ManagementObject that
is the security log.
>
However when I try to execute the "BackupEventLog" method I get access
denied.
>
Here is my code for trying to execute the method:
>
logfileSearcher = New
System.Management.ManagementObjectSearcher(myManag ementScope.Path.ToString,
"Select * from win32_NTEventLogFile WHERE LogFileName='security'")
'* execute query
'* Get Event Log Files
logfiles = logfileSearcher.Get()
>
For Each logfile In logfiles
Dim inParams As Management.ManagementBaseObject =
logfile.GetMethodParameters("BackupEventLog")
inParams("ArchiveFileName") = "c:\testing.evt"
Dim outParams As Management.ManagementBaseObject =
logfile.InvokeMethod("BackupEventLog", inParams, Nothing)
Next
>
Here is the error detail:
>
Error Encountered: System.Management.ManagementException: Access denied
at
System.Management.ManagementException.ThrowWithExt endedInfo(ManagementStatus
errorCode)
at System.Management.ManagementObject.InvokeMethod(St ring methodName,
ManagementBaseObject inParameters, InvokeMethodOptions options)
at wmitest.Form1.Button3_Click(Object sender, EventArgs e) in
C:\Documents and Settings\1069317\Desktop\Desktop
Stuff\JTSecuAudit\wmitest\Form1.vb:line 75
>
>
I have checked around on google and found that several people have had
similar issues and it has to do with the privileges of the wmi connection. I
am logged onto the machine as an administrator, I have also set the
ConnectionOptions.EnablePrivileges = True
>
But it does not work...I have found threads online indicating that setting
EnablePrivileges to True worked on .NET framework 1.0 but it "stopped"
working on 1.1 and I assume doesn't work on 2.0 as I am having this issue.
(I am using .NET Framework 2.0 SP1).
>
please help!

This worked for me on .NET Framework 2.0:

Dim scope As New ManagementScope
scope.Options.EnablePrivileges = True

logfileSearcher = New
System.Management.ManagementObjectSearcher(scope, New
Management.ObjectQuery("Select * from win32_NTEventLogFile WHERE
LogFileName='security'"))
logfiles = logfileSearcher.Get()

For Each logfile In logfiles

Dim inParams As Management.ManagementBaseObject =
logfile.GetMethodParameters("BackupEventLog")
inParams("ArchiveFileName") = "c:\testing.evt"
Dim outParams As Management.ManagementBaseObject =
logfile.InvokeMethod("BackupEventLog", inParams, Nothing)
Console.WriteLine(outParams.Item("returnValue"))

Next
--
urkec
Jun 27 '08 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: iwdu15 | last post by:
hi, iim trying to write a driver for an mp3 player i have. ive been looking on google for hours, but nothing i try works...i was wondering if anyone could point me in the right ditrection on why my...
2
by: sk.rasheedfarhan | last post by:
Hi , i want to manage connection pooling using C++ code, below is the code i am using so can any body tell me if this code is correct or not ? if not plz send me a snap shot !!! if the code is...
3
by: jfarley | last post by:
I have been searching everywhere to try to figure out how to use Access to open an existing Word document that is merged to an Excel spreadsheet and merge the data when it opens. I'm working with...
0
by: DanWeaver | last post by:
Using asp and SQLserver2005 on shared server and with connection string: <connectionStrings> <remove name="LocalSqlServer"/> <add name="LocalSqlServer" connectionString="Data...
0
by: DanWeaver | last post by:
Using asp and SQLserver2005 on shared server and with connection string: <connectionStrings> <remove name="LocalSqlServer"/> <add name="LocalSqlServer" connectionString="Data...
3
by: =?Utf-8?B?Sm9obkJhdGVz?= | last post by:
I'm trying to (programatically) backup and clear the security event log on the local machine. I can do this manually through the event viewer and I am logged on as an administrator. I can...
1
by: DKn | last post by:
I am having C#.NET windows application, to read the system info from Remote system through WMI. For Win2003 server machine, the WMI connection is successful. For the Dell vostro Machines WMI...
2
by: Marc | last post by:
I am reading some book over dotnet. I do not understand this sentence considering connection pooling: Enlist When this value is true, the connection is automatically enlisted into the creation...
1
by: phpuser123 | last post by:
This program consists of a client1 named client1 and a server named server.My client is able to connect to the server but the server cannot catch what my client is sending as inputs. Here are the...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.