Darren thanks for setting me straight on the WMI filter to exclude a
specific user- your answer couldn't have been more perfect.
Can you point me in the direction of a url that can tell me how to create
a WMI filter that can trigger an alarm when a certain eventlog ID exists. I
have seen some WMI scripts that can locate specific Event ID #'s if they
exist but I want to trigger an alarm (email, net send, etc) if a specific
event ID is logged. Any ideas? Any low cost programs out there that can do
this?
Mark Mills, Sr. Network Engineer
Desktop Assistance, LP
14405 Walters Road, Suite 650
Houston, Texas 77346
Office Phone: 281-444-2300 x113
Email: mark.mills@xxxxxxxxxxxxxxxxxxxxxx
------------------------------
*From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
Behalf Of *Darren Mar-Elia
*Sent:* Tuesday, August 15, 2006 5:27 PM
*To:* gptalk@xxxxxxxxxxxxx
*Subject:* [gptalk] Re: GPO WMI Script filters - can it exclude users?
Mark-
I think the Win32_UserAccount class enumerates user accounts defined on
the system where the query runs. So, instead of getting the currently logged
on user with that query, you are really asking it if there is a user with
the manager's user name defined on that workstation's local SAM where the
query runs. I think what you need instead is:
Select * FROM Win32_ComputerSystem WHERE UserName <> "domainName\UserName"
So its looking for the NetBIOS form of the user name.
Also, this is a good opportunity for me to plug my newest free tool--the
WMI Filter Validator--which lets you validate a WMI Filter against a machine
without having to wait for a GP refresh to see if it will evaluate to true.
Darren
