[python-win32] Win32_NTLogEvent access denied exception

Tim Golden mail at timgolden.me.uk
Thu Mar 10 19:46:47 CET 2011

On 10/03/2011 6:24 PM, Tim Roberts wrote:
> inf200640 at ucf.edu.cu wrote:
>> I'm having problems recieving local wmi events from Win32_NTLogEvent class. It turns
>> out that I want to know which user starts or stops services. I set a watcher for that
>> propose and it raises the following exception:
>> x_access_denied:<x_wmi: Unexpected COM Error (-2147352567, 'Ocurri\xf3 una exce
>> pci\xf3n.', (0, u'SWbemServicesEx', u'Acceso denegado ', None, 0, -2147217405),
>> None)>
>> I have done the same with other classes and everything works just fine.
>> The script is running from the system's administration account. Do I need to provide
>> extra privileges in con = wmi.WMI()?
>> Could anyone help me figure out what is happening, please?
> Did you look at the documentation?
>      http://msdn.microsoft.com/en-us/library/aa394226.aspx
> The very first paragraph says:
>      An application must have SeSecurityPrivilege to receive events from
>      the security event log, otherwise "Access Denied" is returned to the
>      application.
> -2147217405 is 0x80041003, which is WBEM_E_ACCESS_DENIED, just like it says.
> It takes a surprising amount of code to acquire a privilege.  Here is
> some Python code that shows how to do it:

Well, I think I can help out on three fronts here:

1) For WMI purposes, acquiring a privilege is as simple as adding a clause
to the WMI moniker. Using the wmi module, it's even easier:

c = wmi.WMI (privileges=["security"])

2) On W7, at least, in a non-elevated command prompt, this wasn't enough
to let me capture eventlog events: I had to run it in an elevated command

3) If you did want to apply the priv to the whole process you were in
(as per the code Tim R pointed to) you might do worse than use my
winsys package:

from winsys import security

with security.change_privileges (["security"]):
   # do stuff



However, I don't believe that's necessary here...

More information about the python-win32 mailing list