List RSOP Security Event Log Numeric Information

Returns resultant set of policy Security Event Log numeric information. This script contributed by Mike Stephens of Microsoft.

Visual Basic

Edit|Remove

Const FL_FORCE_CREATE_NAMESPACE = 4

strComputer = "."

Set wDate = CreateObject("WbemScripting.SWbemDateTime")
Set locator = CreateObject("WbemScripting.SWbemLocator")
Set connection = locator.ConnectServer( strComputer, "root\rsop", null, null, null, null, 0, null)
Set provider = connection.Get("RsopLoggingModeProvider")
provider.RsopCreateSession FL_FORCE_CREATE_NAMESPACE, Null, namespaceLocation, hResult, eInfo

Set rsopProv = locator.ConnectServer _
    (strComputer, namespaceLocation & "\Computer", null, null, Null, Null, 0 , Null)

WScript.Echo "Event Log Numeric Settings"

Set colItems = rsopProv.ExecQuery("Select * from RSOP_SecurityEventLogSettingNumeric")

For Each objItem in colItems
    WScript.Echo String(50, "=")
    Wscript.Echo "Key Name: " & objItem.KeyName
    Wscript.Echo "Precedence: " & objItem.Precedence
    Wscript.Echo "Setting: " & objItem.Setting
    Select Case objItem.Type 
    	Case 0
    		WScript.Echo "Log Type: System"
    	Case 1
    		WScript.Echo "Log Type: Security"
    	Case 2
    		WScript.Echo "Log Type: Application"
    	Case Else
    		WScript.Echo "Log Type: Unknown (" & objItem.Type & ")"
    End Select    
Next

provider.RsopDeleteSession namespaceLocation, hResult

Const FL_FORCE_CREATE_NAMESPACE = 4

strComputer = "."

Set wDate = CreateObject("WbemScripting.SWbemDateTime")
Set locator = CreateObject("WbemScripting.SWbemLocator")
Set connection = locator.ConnectServer( strComputer, "root\rsop", null, null, null, null, 0, null)
Set provider = connection.Get("RsopLoggingModeProvider")
provider.RsopCreateSession FL_FORCE_CREATE_NAMESPACE, Null, namespaceLocation, hResult, eInfo

Set rsopProv = locator.ConnectServer _
    (strComputer, namespaceLocation & "\Computer", null, null, Null, Null, 0 , Null)

WScript.Echo "Event Log Numeric Settings"

Set colItems = rsopProv.ExecQuery("Select * from RSOP_SecurityEventLogSettingNumeric")

For Each objItem in colItems
    WScript.Echo String(50, "=")
    Wscript.Echo "Key Name: " & objItem.KeyName
    Wscript.Echo "Precedence: " & objItem.Precedence
    Wscript.Echo "Setting: " & objItem.Setting
    Select Case objItem.Type 
    	Case 0
    		WScript.Echo "Log Type: System"
    	Case 1
    		WScript.Echo "Log Type: Security"
    	Case 2
    		WScript.Echo "Log Type: Application"
    	Case Else
    		WScript.Echo "Log Type: Unknown (" & objItem.Type & ")"
    End Select    
Next

provider.RsopDeleteSession namespaceLocation, hResult