PC Review Forums Newsgroups Windows XP Windows XP WMI Enable SE_SECURITY privilege and slow WMI

Reply

Enable SE_SECURITY privilege and slow WMI
 
Thread Tools Rate Thread
Old 06-04-2007, 04:20 PM   #1
=?Utf-8?B?a290cGx1aw==?=
Guest
 
Posts: n/a
Default Enable SE_SECURITY privilege and slow WMI


I have C++ code, which reads events from Security Log using WMI
When I enable SE_SECURITY privilege, my program work's very long, for
example - about 5 minutes
This problem occurs only in win2000, in WinXp all work's fine.
My code:

privilege(SE_SECURITY_NAME, TRUE);

std::cout << dataSave << "│га- < Security...";

logEventClass *a =new logEventClass("Security",(debugMode?true:false));

if
(FAILED(StringCbPrintf(SQLdateForCompare,11+2,"'%u-%02u-%02u'",myDate.getYear(),myDate.getMonth(),myDate.getDay())))
StringCbPrintfError(__FILE__,__LINE__);

while (returnStatus=a->createSqlString(bd.getConn(),SQLdateForCompare))
{
if (returnStatus==1)
{
/* save event is MySQL RDMB */

bd.query((a->getSqlString()).c_str());
bd.storeResult();
}
}
delete a;
std::cout << "ok" << std::endl;

privilege(SE_SECURITY_NAME, FALSE);

For example, and this code works very slow:

privilege(SE_SECURITY_NAME, TRUE); // stuff

std::cout << dataSave << "│га- < Application...";

logEventClass *logEventObj =new
logEventClass("Application",(debugMode?true:false));

if
(FAILED(StringCbPrintf(SQLdateForCompare,11+2,"'%u-%02u-%02u'",myDate.getYear(),myDate.getMonth(),myDate.getDay())))
StringCbPrintfError(__FILE__,__LINE__);

while (returnStatus=a->createSqlString(bd.getConn(),SQLdateForCompare))
{
if (returnStatus==1)
{
/* save event is MySQL RDMB */

bd.query((a->getSqlString()).c_str());
bd.storeResult();
}
}
delete a;
std::cout << "ok" << std::endl;

privilege(SE_SECURITY_NAME, FALSE); // stuff

When I comment "privilege(SE_SECURITY_NAME, TRUE)" for Application Log, all
work fine

When I use WMI CIM Studio and execute WQL query
(from example:"select * from win32_ntlogevent where logfile='system'")
with checked box "Enable all privileges", this work very long, or
if I execute WQL query "select * from win32_ntlogevent where
logfile='security'"
I retrieve warning message that not enough memory
When I don't use "Enable all privileges" all work very fast

Why call to privilege(SE_SECURITY_NAME, TRUE) has this effect ?
And why I can avoid this ?
  Reply With Quote
Reply

Archive


Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off