Take a look at : http://manageengine.adventnet.com/products/eventlog/
Believe they are doing something similar to your requirement, but not sure.
Darren thanks for setting me straight on the WMI filter to exclude a specific user- your answer couldn't have been more perfect.
Can you point me in the direction of a url that can tell me how to create a WMI filter that can trigger an alarm when a certain eventlog ID exists. I have seen some WMI scripts that can locate specific Event ID #'s if they exist but I want to trigger an alarm (email, net send, etc) if a specific event ID is logged. Any ideas? Any low cost programs out there that can do this?
Mark Mills, Sr. Network Engineer
Desktop Assistance, LP
14405 Walters Road, Suite 650
Houston, Texas 77346
Office Phone: 281-444-2300 x113
Email: mark.mills@xxxxxxxxxxxxxxxxxxxxxx ------------------------------
*From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On Behalf Of *Darren Mar-Elia *Sent:* Tuesday, August 15, 2006 5:27 PM *To:* gptalk@xxxxxxxxxxxxx *Subject:* [gptalk] Re: GPO WMI Script filters - can it exclude users?
I think the Win32_UserAccount class enumerates user accounts defined on the system where the query runs. So, instead of getting the currently logged on user with that query, you are really asking it if there is a user with the manager's user name defined on that workstation's local SAM where the query runs. I think what you need instead is:
Select * FROM Win32_ComputerSystem WHERE UserName <> "domainName\UserName"
So its looking for the NetBIOS form of the user name.
Also, this is a good opportunity for me to plug my newest free tool--the WMI Filter Validator--which lets you validate a WMI Filter against a machine without having to wait for a GP refresh to see if it will evaluate to true.
-- - Bala -