• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 855
  • Last Modified:

Clearing Event Logs with WBEM WMI object

What permissions and user rights are required.  I'm getting SWbemObject: Access denied messages while running a script with an admin account. The line in question is

1 Solution
without more info to go on, my first thoughts are this:

for the security log you will need to impersonate the security role, in addition to any others you are using (ie. backup).  this isn't required for the application or system logs, but without it you will get access denied when attempting to clear the security event log.


' obtain all event logs
set alllogs=GetObject("winmgmts:{impersonationLevel=impersonate,(Backup)}").ExecQuery("select * from Win32_NTEventLogFile")
' will fail when attempting to clear secevent.


' obtain all event logs
set alllogs=GetObject("winmgmts:{impersonationLevel=impersonate,(Security,Backup)}").ExecQuery("select * from Win32_NTEventLogFile")
' should not fail when attempting to clear secevent.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

Tackle projects and never again get stuck behind a technical roadblock.
Join Now