Would you mind giving an url to your WMI Filter validator ?
Thursday, August 17, 2006, 6:01:25 PM, you wrote:
There's no simple answer to this. There's several ways to skin it. You could write a WMI event consumer script (search the TEchNet script center for this) that waits on event log entries and then do something when the event consumer fires. That is pretty straightforward and I wouldn't be surprised if there is an example of that somewhere out there. The concept of a WMI event consumer is basically that your scripts sits and wait on a particular WMI query until its true, then does some set of tasks. That's a real-time type of thing (or near real-time). Other alternatives include just writing a script that runs every so often, looks for a particular event id and then does something. But that isn't as real-time.
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Mills, Mark
Sent: Thursday, August 17, 2006 7:52 AM
Subject: [gptalk] Another WMI question for Darren, or anyone else.
Darren thanks for setting me straight on the WMI filter to exclude a specific user- your answer couldn’t have been more perfect.
Can you point me in the direction of a url that can tell me how to create a WMI filter that can trigger an alarm when a certain eventlog ID exists. I have seen some WMI scripts that can locate specific Event ID #’s if they exist but I want to trigger an alarm (email, net send, etc) if a specific event ID is logged. Any ideas? Any low cost programs out there that can do this?
Mark Mills, Sr. Network Engineer
Desktop Assistance, LP
14405 Walters Road, Suite 650
Houston, Texas 77346
Office Phone: 281-444-2300 x113
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Darren Mar-Elia
Sent: Tuesday, August 15, 2006 5:27 PM
Subject: [gptalk] Re: GPO WMI Script filters - can it exclude users?
I think the Win32_UserAccount class enumerates user accounts defined on the system where the query runs. So, instead of getting the currently logged on user with that query, you are really asking it if there is a user with the manager's user name defined on that workstation's local SAM where the query runs. I think what you need instead is:
Select * FROM Win32_ComputerSystem WHERE UserName <> "domainName\UserName"
So its looking for the NetBIOS form of the user name.
Also, this is a good opportunity for me to plug my newest free tool--the WMI Filter Validator--which lets you validate a WMI Filter against a machine without having to wait for a GP refresh to see if it will evaluate to true.
Mathieu mailto:gollum123@xxxxxxx*********************** You can unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are available at http://www.freelists.org/archives/gptalk/ ************************