Access Denied Clear Event Log

I an getting an error when trying to clear the application and system event log with my vbscript. I am able to back it up but get the error when trying to clear it. Below is the code I am using to connect.

Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate,(Backup, Security)}!\\" & _
        strComputer & "\root\cimv2")

Set colLogFiles = objWMIService.ExecQuery _
    ("Select * from Win32_NTEventLogFile where LogFileName='Application'")

For Each objLogfile in colLogFiles
    objLogFile.BackupEventLog(pth &"\IOS\Application_" & tDate & ".evt")
    WScript.Sleep 400000
    objLogFile.ClearEventLog()  
Next

I am logged on to the 2008 R2 server as a domain admin. I added full control to the HKLM\System\CurrentControlSet\Services\EventLog to my user account. I am not in the Domain Guest Group. What am I missing? I also changed the restrictedguestaccess from 1 to 0 for the system and application log.
dthillsrAsked:
Who is Participating?
 
RobSampsonConnect With a Mentor Commented:
It should certainly work....maybe try running cmd.exe by right clicking it, and selecting "Run as administrator", then type
cscript C:\Scripts\YourScript.vbs

and see if that helps.

I'm not sure you'll need the Sleep in there either...try using:

For Each objLogfile in colLogFiles
    intReturn = objLogFile.BackupEventLog(pth &"\IOS\Application_" & tDate & ".evt")
    If intReturn = 0 Then
       objLogFile.ClearEventLog()
    Else
       WScript.Echo "Backup of event log failed with return code " & intReturn
    End If
Next

Open in new window


Regards,

Rob.
0
 
dthillsrAuthor Commented:
Running it as administrator with cscript worked, thanks
0
 
RobSampsonCommented:
No worries.  That's down to UAC being enabled.  Same happens on Vista and Windows 7.

Rob.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.