[gptalk] Re: Another WMI question for Darren, or anyone else.

  • From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Thu, 17 Aug 2006 09:01:25 -0700

There's no simple answer to this. There's several ways to skin it. You could
write a WMI event consumer script (search the TEchNet script center for
this) that waits on event log entries and then do something when the event
consumer fires. That is pretty straightforward and I wouldn't be surprised
if there is an example of that somewhere out there. The concept of a WMI
event consumer is basically that your scripts sits and wait on a particular
WMI query until its true, then does some set of tasks. That's a real-time
type of thing (or near real-time). Other alternatives include just writing a
script that runs every so often, looks for a particular event id and then
does something. But that isn't as real-time.


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Mills, Mark
Sent: Thursday, August 17, 2006 7:52 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Another WMI question for Darren, or anyone else.

Darren thanks for setting me straight on the WMI filter to exclude a
specific user- your answer couldn't have been more perfect.  

Can you point me in the direction of a url that can tell me how to create a
WMI filter that can trigger an alarm when a certain eventlog ID exists.  I
have seen some WMI scripts that can locate specific Event ID #'s if they
exist but I want to trigger an alarm (email, net send, etc) if a specific
event ID is logged.  Any ideas?  Any low cost programs out there that can do



Mark Mills, Sr. Network Engineer

Desktop Assistance, LP

14405 Walters Road, Suite 650

Houston, Texas 77346


Office Phone:  281-444-2300 x113

Email: mark.mills@xxxxxxxxxxxxxxxxxxxxxx 



From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Darren Mar-Elia
Sent: Tuesday, August 15, 2006 5:27 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: GPO WMI Script filters - can it exclude users? 



I think the Win32_UserAccount class enumerates user accounts defined on the
system where the query runs. So, instead of getting the currently logged on
user with that query, you are really asking it if there is a user with the
manager's user name defined on that workstation's local SAM where the query
runs. I think what you need instead is:


Select * FROM Win32_ComputerSystem WHERE UserName <> "domainName\UserName"


So its looking for the NetBIOS form of the user name.



Also, this is a good opportunity for me to plug my newest free tool--the WMI
Filter Validator--which lets you validate a WMI Filter against a machine
without having to wait for a GP refresh to see if it will evaluate to true.



Other related posts: