[python-win32] pywintypes.error: (5, 'OpenEventLogW', 'Access is denied.')

Mark Hammond mhammond at skippinet.com.au
Thu Sep 16 04:49:43 EDT 2021 

On 16/09/2021 6:41 pm, Ruggero Paolo Basile wrote:
> ok , i have the username and password of local machine, i'am a starter 
> in python

Tim noted that the issue is what permissions you have on the *remote* 
machine - having the username and password of the local machine means 
nothing to the remote machine you are trying to access.

Tim also suggested a specific experiment you should try - did you try 
it? What happened?

(To put it another way - the issue is not about your code, nor about 
your account on the local machine - it's about your permissions on the 
server. The server apparently does not trust either your local machine 
or the account you are using on your local machine)

Cheers,

Mark

> 
> 
> 
> this is my code, the arguments "server" take only
> 
> an ip and when i tray to run the code i can't know
> 
> how i have to authenticate the connection.
> 
> 
> 
> Thanks.
> 
> 
> 
> #python C:\python\5_Forensic_Basic\eventlog.py
> 
> # Windows Event Log Viewer
> # FB - 201012116
> import win32evtlog # requires pywin32 pre-installed
> 
> 
> import pdb
> 
> server = '192.168.1.10' # name of the target computer to get event logs
> 
> 
> try:
> 
>      logtype = 'System' # 'Application' # 'Security'
>      hand = win32evtlog.OpenEventLog(server,logtype)
>      flags = 
> win32evtlog.EVENTLOG_BACKWARDS_READ|win32evtlog.EVENTLOG_SEQUENTIAL_READ
>      total = win32evtlog.GetNumberOfEventLogRecords(hand)
>      pdb.set_trace()
>      while True:
>          print ("test")
>          events = win32evtlog.ReadEventLog(hand, flags,0)
>          if events:
>              for event in events:
>                  print ('Event Category:', event.EventCategory)
>                  print ('Time Generated:', event.TimeGenerated)
>                  print ('Source Name:', event.SourceName)
>                  print ('Event ID:', event.EventID)
>                  print ('Event Type:', event.EventType)
>                  data = event.StringInserts
>                  if data:
>                      print ('Event Data:')
>                      for msg in data:
>                          print (msg)
>                  print()
> except Exception as err:
>      print("Exception")
>      print(str(err))
> if __name__ == "__main__":
>      try:
>          print ("start")
>      except getopt.GetoptError as err:
>          print(str(err))
> 
> 
> 
> /Ruggero Paolo Basile/
> 
> /Cellulare: 3403216393/
> /Mail:/ruggeropaolo.basile at ora-0.it <mailto:gabriele.saltini at ora-0.it>
> Privacy Policy <https://ora-0.it/privacy-policy/>Company Policy 
> <https://ora-0.it/wp-content/uploads/2020/08/politica_aziendale_it.pdf>
> 
> ------------------------------------------------------------------------
> *Da:* python-win32 
> <python-win32-bounces+ruggeropaolo.basile=ora-0.it at python.org> per conto 
> di Tim Roberts <timr at probo.com>
> *Inviato:* giovedì 16 settembre 2021 03:17:56
> *A:* python-win32 at python.org
> *Oggetto:* Re: [python-win32] pywintypes.error: (5, 'OpenEventLogW', 
> 'Access is denied.')
> Ruggero Paolo Basile wrote:
>>
>>
>> Good morning i'am try to connect to remote host and get the eventlog 
>> from windows , but in the
>>
>> module i can't find a value for authentication.
>> Have you some news?
>>
>> this is my error "pywintypes.error: (5, 'OpenEventLogW', 'Access is 
>> denied.')"
> 
> 
> To do that operation, your username has to have permission on that
> remote machine.  Are you using a domain?  Are you logged in as a domain
> administrator?
> 
> 
> This article talks about it, but since Windows security is a vast, dark,
> confusing, twisted mess, I'm not sure you'll be able to make it work.
> 
> 
> https://docs.microsoft.com/en-us/archive/blogs/janelewis/giving-non-administrators-permission-to-read-event-logs-windows-2003-and-windows-2008 
> <https://docs.microsoft.com/en-us/archive/blogs/janelewis/giving-non-administrators-permission-to-read-event-logs-windows-2003-and-windows-2008>
> 
> 
> If you bring up the Event Viewer application ("eventvwr"), under Action,
> there's a "Connect to Another Computer" option.  Does that work for you?
> 
> -- 
> Tim Roberts, timr at probo.com
> Providenza & Boekelheide, Inc.
> 
> 
> 
> _______________________________________________
> python-win32 mailing list
> python-win32 at python.org
> https://mail.python.org/mailman/listinfo/python-win32
>

More information about the python-win32 mailing list