VB script at logon

Dear teach team,
I am running he below mentioned script at logon.
When I run this script with Administrator user then this script is running ok.
But when I when this script as standard user then it is giving error
Access denied at line no 30. I have given full permission
to folder C:\windows\system32\config to that user.
Basically this script is keeping backup of over log files and clearing
the content of existing log file if file size exeeding the limit.

Option Explicit
Dim objGroupList, objUser, strGroup, objNetwork, strNTName, objlogfile, objwmiservice, objsysinfo, objfso, objFile

Dim strNetBIOSDomain, strHomeDrive, strHomeShare, strComputer, collogfiles, strBackuplog, strdate, WshNetwork, errResult
Set WshNetwork = WScript.CreateObject("WScript.Network")
Set objWMIService = GetObject("winmgmts:" _
 & "{impersonationLevel=impersonate, (Backup, Security)}!\\" _
 & WshNetwork.ComputerName & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
 ("SELECT * FROM Win32_NTEventLogFile")
For Each objLogfile in colLogFiles
 If objLogFile.FileSize > 32000000 Then

Set objFSO = CreateObject("Scripting.FileSystemObject")

' deleting old file
If objFSO.FileExists("c:\windows\system32\config\" & objLogFile.LogFileName & WshNetwork.ComputerName & ".old") Then
      objfso.deletefile("c:\windows\system32\config\" & objLogFile.LogFileName & WshNetwork.ComputerName & ".old")

end if

If objFSO.FileExists("c:\windows\system32\config\" & objLogFile.LogFileName & WshNetwork.ComputerName & ".evt") Then
'If objFSO.FileExists("C:\FSO\ScriptLog.txt")

      objfso.MoveFile "c:\windows\system32\config\" & objLogFile.LogFileName & WshNetwork.ComputerName & ".evt" , "c:\windows\system32\config\" & objLogFile.LogFileName & WshNetwork.ComputerName & ".old"

end if

 strBackupLog = objLogFile.BackupEventLog _
 ("c:\windows\system32\config\" & objLogFile.LogFileName & WshNetwork.ComputerName & ".evt")

 End If

kindly suggest  the solution
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Miguel Angel Perez MuñozCommented:
Can´t move event log files while it open.

Try to export logfile and enable circular log: http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_23918652.html

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
You really want to restrict access to that folder, since core files are stored in there and if the User(s) have full control they can trash their Windows...

Basically you will need to use WMI with alternative credentials - see this link for an example how:

And then for security you should encrypt the VBScript - Microsoft provide the Script Encoder Tools which does this for you
Guillermo FeijóoSystems administratorCommented:
I think the proble is permission on the WMI objects.

Have you checheck it?

dcomcnfg.exe and connect to the host with issues. Right click on it and click properties.

Then check the DCOM security tab, and look in the default values of the access permissions and the logon and activation permissions.

The account should have granted permissions there.
C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

paramjitkakakrAuthor Commented:
Dear tech

Please guide me till now no con create solution

Guillermo FeijóoSystems administratorCommented:
Hi again:

    Altought you can try it in a remote connection, i suggest you to do it locally. So, logon in one of those hosts that is failing and then press start/run

There you have to type "dcomcnfg.exe".

A console will appear. Navigate to computer, and then right click on "my computer" icon. Then press properties, (you can right click the my computer icon and do a remote connection by clicking new/computer)

Go to the "COM security", and edit the default values for both "access permissions" and "startup and activation permissions".

In the access permissions, give local and remote access to the account that runs the script.
Self should be local access and remote access granted
System should be local access granted

In the startup and activation permissions, give :
system: local launch and local activation permissions
local launch, remote launch, local activation and remote activation to the account that runs the script.
interactive: local launch and local activation permissions granted

Hope it works. Waiting for a feedback.

In the
paramjitkakakrAuthor Commented:
Dear Guillermin-go,

First of all thanks for relying to my query.
I have tried your message but it gives error ''Access Denied '
on the below mentioned line

strBackupLog = objLogFile.BackupEventLog _
 ("c:\windows\system32\config\" & objLogFile.LogFileName & WshNetwork.ComputerName & ".evt")

Please reply this solution urgently

Guillermo FeijóoSystems administratorCommented:
Can you post the share and security permissions for the folder "c:\windows\system32\config\"?(take care and dont post personal or corporative info.)
paramjitkakakrAuthor Commented:
Dear Guillermin-go,

On the host which I am running the script
The folder : C:\windows\system32\config
THe user : Paramjit
       Permissions :Modify,Read and execut, List folder content, write and Read
Thanks & REgards

Guillermo FeijóoSystems administratorCommented:
It´s strange that you can modify the directory files, but you cannot create new ones,(looking the permissions you posted)

Are you able to create files from GUI under this user account?

Would you mind auditing the "create files/write data",(correct and incorrect),  permissions for the specific user account that runs the script?

Then, launch again the script to see the security section in the event log for that computer.

paramjitkakakrAuthor Commented:
Dear Sir,

Yes I am able to create new files in that folder and also delete file.
But the file Sysevent.evt, APpevent.evt and Secevent.evt not able to delete
the respetive files and not aboe to copy  into other location

Guillermo FeijóoSystems administratorCommented:
Have you set the auditing option in this folder as  I say in my last post?

what was the result?

what about the comment from Drashiel ? Have you tryied it?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VB Script

From novice to tech pro — start learning today.