[gptalk] Re: Another WMI question for Darren, or anyone else.

  • From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Mon, 21 Aug 2006 09:11:07 -0700

Thanks for that Bala. Its often a fine line between giving advice and
advertising. I just want to make sure we stay on the right side of that line


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Bala P
Sent: Monday, August 21, 2006 1:09 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Another WMI question for Darren, or anyone else.

Hi Darren,

I work for AdventNet, the creators of EventLog Analyzer software I referred
to earlier (though I am handling a different product). Forgive me if it
sounded like advertising but that was not my intent. I was just "referring"
to a product (not even recommending) that might be useful to solve a
problem. I am not too aware of other similar products (am not an expert in
this area) so I did not suggest any others. And as for the "free tool" part,
EventLogAnalyzer does have a free version as well. 

I would also like to let the moderators of this forum know, that my
suggestions/posts to this forum do not reflect or endorse the views of my
company in any way. But I get the cue. I apologize once again if this was
perceived as advertising.


On 8/21/06, Darren Mar-Elia <darren@xxxxxxxxxx> wrote: 

I want to do my best to ensure that this list does not become an advertising
vehicle for commercial software vendors. I know there are a few on the list,
so, in the interests of everyone subscribed, please adhere to the following


        If somebody is asking how to solve a problem for which 3rd party
solutions exist, please don't answer with, "my product is how you do that"
or something else that is equally biased. If there are multiple vendor
solutions to a problem then giving multiple unbiased recommendations on
those is the only acceptable response here. Folks are looking for advice,
not advertising :-)

If you have a free tool, then that is another story, since we all want to
hear about those (:-)), but only when its relevant to a current question. 
In the interests of that, there are lots of low cost commercial products out
there that can monitor for event log occurrences. What'sUp
(http://www.ipswitch.com/products/whatsup/professional/index.asp ) and Big
Brother (www.bb4.com) come to mind right away, but I know there are lots of

Thanks much!



From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Bala P
Sent: Saturday, August 19, 2006 1:07 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Another WMI question for Darren, or anyone else.

Take a look at : http://manageengine.adventnet.com/products/eventlog/

Believe they are doing something similar to your requirement, but not sure.


On 8/17/06, Mills, Mark <Mark.Mills@xxxxxxxxxxxxxxxxxxxxxx> wrote: 

Darren thanks for setting me straight on the WMI filter to exclude a
specific user- your answer couldn't have been more perfect.  

Can you point me in the direction of a url that can tell me how to create a
WMI filter that can trigger an alarm when a certain eventlog ID exists.  I
have seen some WMI scripts that can locate specific Event ID #'s if they
exist but I want to trigger an alarm (email, net send, etc) if a specific
event ID is logged.  Any ideas?  Any low cost programs out there that can do



Mark Mills, Sr. Network Engineer

Desktop Assistance, LP

14405 Walters Road, Suite 650

Houston , Texas 77346


Office Phone:  281-444-2300 x113

Email: mark.mills@xxxxxxxxxxxxxxxxxxxxxx 



From: gptalk-bounce@xxxxxxxxxxxxx [mailto:
<mailto:gptalk-bounce@xxxxxxxxxxxxx> gptalk-bounce@xxxxxxxxxxxxx] On Behalf
Of Darren Mar-Elia
Sent: Tuesday, August 15, 2006 5:27 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: GPO WMI Script filters - can it exclude users? 



I think the Win32_UserAccount class enumerates user accounts defined on the
system where the query runs. So, instead of getting the currently logged on
user with that query, you are really asking it if there is a user with the
manager's user name defined on that workstation's local SAM where the query
runs. I think what you need instead is:


Select * FROM Win32_ComputerSystem WHERE UserName <> "domainName\UserName"


So its looking for the NetBIOS form of the user name.



Also, this is a good opportunity for me to plug my newest free tool--the WMI
Filter Validator--which lets you validate a WMI Filter against a machine
without having to wait for a GP refresh to see if it will evaluate to true.



- Bala - 

- Bala - 

Other related posts: