[gptalk] Re: Another WMI question for Darren, or anyone else.

  • From: "Bala P" <baluspage@xxxxxxxxx>
  • To: gptalk@xxxxxxxxxxxxx
  • Date: Sat, 19 Aug 2006 13:37:01 +0530

Take a look at : http://manageengine.adventnet.com/products/eventlog/

Believe they are doing something similar to your requirement, but not sure.


On 8/17/06, Mills, Mark <Mark.Mills@xxxxxxxxxxxxxxxxxxxxxx> wrote:

Darren thanks for setting me straight on the WMI filter to exclude a specific user- your answer couldn't have been more perfect.

Can you point me in the direction of a url that can tell me how to create
a WMI filter that can trigger an alarm when a certain eventlog ID exists.  I
have seen some WMI scripts that can locate specific Event ID #'s if they
exist but I want to trigger an alarm (email, net send, etc) if a specific
event ID is logged.  Any ideas?  Any low cost programs out there that can do

Mark Mills, Sr. Network Engineer

Desktop Assistance, LP

14405 Walters Road, Suite 650

Houston, Texas 77346

Office Phone:  281-444-2300 x113

Email: mark.mills@xxxxxxxxxxxxxxxxxxxxxx

*From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
Behalf Of *Darren Mar-Elia
*Sent:* Tuesday, August 15, 2006 5:27 PM
*To:* gptalk@xxxxxxxxxxxxx
*Subject:* [gptalk] Re: GPO WMI Script filters - can it exclude users?


I think the Win32_UserAccount class enumerates user accounts defined on
the system where the query runs. So, instead of getting the currently logged
on user with that query, you are really asking it if there is a user with
the manager's user name defined on that workstation's local SAM where the
query runs. I think what you need instead is:

Select * FROM Win32_ComputerSystem WHERE UserName <> "domainName\UserName"

So its looking for the NetBIOS form of the user name.

Also, this is a good opportunity for me to plug my newest free tool--the
WMI Filter Validator--which lets you validate a WMI Filter against a machine
without having to wait for a GP refresh to see if it will evaluate to true.


-- - Bala -

Other related posts: