G
Guest
Using Windows XP SP2 in a 2003 Native domain. I have configured a scheduled
task to run on each of the XP clients. This task triggers a VBScript which
uses WMI to connect to the event log provider, and save the Security event
log to a .EVT file on the local hard drive.
This task is configured to run under the SYSTEM account and was created
using the SCHTASKS.EXE command.
What I've found, is that the task runs when there is no user logged in. If
an Administrator logs in to the machine, the task runs. If a normal user,
without privileges to the Security Log is logged on to the machine, the task
fails.
By echoing extra commands from the vbscript file, it appears to be
connecting okay to \root\cimv2 with
{impersonationLevel=impersonate,(Security,Backup)}:\\.\root\cimv2 , then
obtaining a collection of security logs via ExecuteQuery. But, when I then
try to iterate "for each Log in colLogs" the script crashes citing an access
denied message.
Is there a trick to running this under the SYSTEM account that I don't know
about? Any help would be greatly appreciated.
task to run on each of the XP clients. This task triggers a VBScript which
uses WMI to connect to the event log provider, and save the Security event
log to a .EVT file on the local hard drive.
This task is configured to run under the SYSTEM account and was created
using the SCHTASKS.EXE command.
What I've found, is that the task runs when there is no user logged in. If
an Administrator logs in to the machine, the task runs. If a normal user,
without privileges to the Security Log is logged on to the machine, the task
fails.
By echoing extra commands from the vbscript file, it appears to be
connecting okay to \root\cimv2 with
{impersonationLevel=impersonate,(Security,Backup)}:\\.\root\cimv2 , then
obtaining a collection of security logs via ExecuteQuery. But, when I then
try to iterate "for each Log in colLogs" the script crashes citing an access
denied message.
Is there a trick to running this under the SYSTEM account that I don't know
about? Any help would be greatly appreciated.