• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 851
  • Last Modified:

Clearing Event Logs with WBEM WMI object

What permissions and user rights are required.  I'm getting SWbemObject: Access denied messages while running a script with an admin account. The line in question is

objWMIService.ClearEventLog()
0
ojfahoum
Asked:
ojfahoum
1 Solution
 
Droby10Commented:
without more info to go on, my first thoughts are this:

for the security log you will need to impersonate the security role, in addition to any others you are using (ie. backup).  this isn't required for the application or system logs, but without it you will get access denied when attempting to clear the security event log.

ie.

' obtain all event logs
set alllogs=GetObject("winmgmts:{impersonationLevel=impersonate,(Backup)}").ExecQuery("select * from Win32_NTEventLogFile")
' will fail when attempting to clear secevent.

-vs-

' obtain all event logs
set alllogs=GetObject("winmgmts:{impersonationLevel=impersonate,(Security,Backup)}").ExecQuery("select * from Win32_NTEventLogFile")
' should not fail when attempting to clear secevent.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now