Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Query Windows audit settings using WMI

Posted on 2013-05-24
4
Medium Priority
?
1,137 Views
Last Modified: 2013-05-25
Using REALbasic with the Monkeybread WMI plugin, I can query 57 of the 59 RSOP_xxx classes without error, but I only get data returned for these eight:
    RSOP_ExtensionEventSource
    RSOP_ExtensionEventSourceLink
    RSOP_ExtensionStatus
    RSOP_GPLink
    RSOP_GPO
    RSOP_PolicySetting
    RSOP_Session
    RSOP_SOM

I'm guessing that there is some security setting that keeps WMI from returning data for the other ones for which I know data exists -- specifically
    RSOP_AuditPolicy
    RSOP_RegistryKey
    RSOP_RegistryPolicySetting
    RSOP_RegistryValue
and some others.

Any ideas?
0
Comment
Question by:Roland_F
  • 2
  • 2
4 Comments
 
LVL 84

Accepted Solution

by:
David Johnson, CD, MVP earned 750 total points
ID: 39196764
if you use wmispy or other wmi tools i.e. powershell does it return a proper value?
0
 

Author Comment

by:Roland_F
ID: 39196839
I don't know - I've never touched WMI except with VB and this current code. I'll do a little research and try to find out.
0
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 39196851
0
 

Author Comment

by:Roland_F
ID: 39196897
I could not find a download for WniSpy from a source I considered reliable. i did find WMI Explorer, though, which is a very handy free tool. Using WMI Explorer I find that those classes that don't return any data don't have any instances -- which is frustrating because I have done considerable work with secpol.msc to establish security and audit policies. Anyway, I will accept this one response as the solution to this particular problem. Have to look farther to get where I need to go. Thanks.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
The article covers five tools all IT professionals should know about, as they up productivity by a great deal!
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question