« Previous Next »

• 07-05-2005, 3:11 AM

  	Resolve SID & FS input Reply Contact Can the resolve SID function be used with the FS input format??
  	Tags: FS input format

• 07-05-2005, 10:42 AM

  In reply to

  	RE: Resolve SID & FS input Mark as Not AnswerMark as Answer... Reply Contact RESOLVE_SID can be used with any STRING field that represents a SID; it has nothing to do with input formats.
  	Tags: FS input format

• 07-05-2005, 3:59 PM

  In reply to

  RE: Resolve SID & FS input Mark as Not AnswerMark as Answer... Reply Contact Gabriele, thankx for your reply, but not sure I understand. What I'm trying to do is search a directory for various file types and return the details of those files matching in an excel spreadsheet. I'd also like my query to return the file owners user name, from looking through the Logparser documentation I can't see anyway of doing this. I don't have the script I'm using here at present but can post tomorrow if needed. Iain

  Tags: FS input format

• 07-06-2005, 4:45 AM

  In reply to

  RE: Resolve SID & FS input Mark as Not AnswerMark as Answer... Reply Contact Hi, I was using the example included in the doc. I want to know if someone knows how to resolve the SIDS in this script. But I want to include this line: oEVTInputFormat.resolveSIDs = "ON" How can I resolve the SIDs here?? ThanX. Dim oEVTInputFormat Dim oCSVOutputFormat Dim strQuery Set oLogQuery = CreateObject("MSUtil.LogQuery") ' Create Input Format object Set oEVTInputFormat = CreateObject("MSUtil.LogQuery.EventLogInputFormat") oEVTInputFormat.direction = "BW" 'THE NEXT LINE DOESNT WORK 'oEVTInputFormat.resolveSIDs = "ON" ' Create Output Format object Set oCSVOutputFormat = CreateObject("MSUtil.LogQuery.CSVOutputFormat") oCSVOutputFormat.tabs = TRUE ' Create query text strQuery = "SELECT SID INTO C:\sid.csv FROM Security" ' Execute query oLogQuery.ExecuteBatch strQuery, oEVTInputFormat, oCSVOutputFormat

  Tags: FS input format

• 07-08-2005, 9:09 AM

  In reply to

  RE: Resolve SID & FS input Mark as Not AnswerMark as Answer... Reply Contact This is thread hijacking :-) Regarding FirmByte's problem, sorry for not getting your question earlier. Nope, the FS input format does not return that information. That's a good item for the next version though ;-) Regarding Jr's problem: try with "oEVTInputFormat.resolveSIDs = True". When you say it doesn't work, what do you mean? Does CScript give you an error, or just you don't see SID's being resolved?

  Tags: FS input format

• 10-11-2005, 8:19 AM

  In reply to

  	RE: Resolve SID & FS input Mark as Not AnswerMark as Answer... Reply Contact You can retrieve the owner information with this : http://download.microsoft.com/download/f/7/8/f786aaf3-a37b-45ab-b0a2-8c8c18bbf483/xcacls_installer.exe It's a vbs script : XCACLS.VBS; and it's resolves SID.
  	Tags: FS input format

• 08-07-2008, 3:15 AM

  In reply to

  cvengelen Joined on 01-17-2007, 12:16 PM Odijk, Nederland Posts 3

  Re: RE: Resolve SID & FS input Mark as Not AnswerMark as Answer... Reply Contact Anonymous: Regarding Jr's problem: try with "oEVTInputFormat.resolveSIDs = True". When you say it doesn't work, what do you mean? Does CScript give you an error, or just you don't see SID's being resolved? I'm using JScript to execute a query on Security event logs, and use the following lines to resolve the SID's (taken from the Log Parser Help file): //Create EventLog input format var objEventLogInputFormat = new ActiveXObject( "MSUtil.LogQuery.EventLogInputFormat" ); // Resolve SIDs objEventLogInputFormat.resolveSIDs = true; However, this does not work, since the SID in my output is not resolved. I use the followinq query: SELECT RecordNumber, SourceName, TimeGenerated, SID, ComputerName, EXTRACT_TOKEN(Strings, 13, '|') as SourceNetworkAddress, Message  FROM R:\temp\LogQueryWorkDir\Security.2008-07-02-16-50-42.evt WHERE eventID = 528  ORDER BY RecordNumber, TimeGenerated and the output , which I generate with the toNativeString method, still shows the SID unresolved I removed everything after the SID for safety): 7, Security, 2008-07-02 10:16:22, S-1-5-21-2046926873-3586635073-1646930892-2756, ...... Is this caused by using the  toNativeString method?   Chris van Engelen, vtsPN Nederland

  Tags: JScript EventLogInputFormat resolveSIDs