Query Windows audit settings using WMI
Using REALbasic with the Monkeybread WMI plugin, I can query 57 of the 59 RSOP_xxx classes without error, but I only get data returned for these eight:
RSOP_ExtensionEventSource
RSOP_ExtensionEventSourceL
RSOP_ExtensionStatus
RSOP_GPLink
RSOP_GPO
RSOP_PolicySetting
RSOP_Session
RSOP_SOM
I'm guessing that there is some security setting that keeps WMI from returning data for the other ones for which I know data exists -- specifically
RSOP_AuditPolicy
RSOP_RegistryKey
RSOP_RegistryPolicySetting
RSOP_RegistryValue
and some others.
Any ideas?
RSOP_ExtensionEventSource
RSOP_ExtensionEventSourceL
RSOP_ExtensionStatus
RSOP_GPLink
RSOP_GPO
RSOP_PolicySetting
RSOP_Session
RSOP_SOM
I'm guessing that there is some security setting that keeps WMI from returning data for the other ones for which I know data exists -- specifically
RSOP_AuditPolicy
RSOP_RegistryKey
RSOP_RegistryPolicySetting
RSOP_RegistryValue
and some others.
Any ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
you may want to look at this article
http://www.codeproject.com/Articles/61658/Query-the-New-Windows-Audit-Policies-Programmatica
http://www.codeproject.com/Articles/61658/Query-the-New-Windows-Audit-Policies-Programmatica
ASKER
I could not find a download for WniSpy from a source I considered reliable. i did find WMI Explorer, though, which is a very handy free tool. Using WMI Explorer I find that those classes that don't return any data don't have any instances -- which is frustrating because I have done considerable work with secpol.msc to establish security and audit policies. Anyway, I will accept this one response as the solution to this particular problem. Have to look farther to get where I need to go. Thanks.
ASKER