[python-win32] pywintypes.error: (5, 'OpenEventLogW', 'Access is denied.')

Ruggero Paolo Basile RuggeroPaolo.Basile at ora-0.it
Thu Sep 16 05:17:37 EDT 2021 

OK , let's explain the case


My goal is to read the event log of the remote windows machine.
I have experienced the wmi library, the wmi problem is that I have to create parsers, I have not found any code.
On the remote machine I have no authentication problems as I connect to the local network.
the only question now is how i have to do? before call
 hand = win32evtlog.OpenEventLog (server, logtype)
maybe i have to create an authentication contex? i'am not skilled in that.



Ruggero Paolo Basile

Cellulare: 3403216393
Mail:  ruggeropaolo.basile at ora-0.it<mailto:gabriele.saltini at ora-0.it>
Privacy Policy<https://ora-0.it/privacy-policy/>     Company Policy<https://ora-0.it/wp-content/uploads/2020/08/politica_aziendale_it.pdf>
[cid:image001.png at 01D789E4.08355260]


________________________________
Da: Mark Hammond <mhammond at skippinet.com.au>
Inviato: giovedì 16 settembre 2021 10:49:43
A: Ruggero Paolo Basile; python-win32 at python.org
Oggetto: Re: [python-win32] pywintypes.error: (5, 'OpenEventLogW', 'Access is denied.')

On 16/09/2021 6:41 pm, Ruggero Paolo Basile wrote:
> ok , i have the username and password of local machine, i'am a starter
> in python

Tim noted that the issue is what permissions you have on the *remote*
machine - having the username and password of the local machine means
nothing to the remote machine you are trying to access.

Tim also suggested a specific experiment you should try - did you try
it? What happened?

(To put it another way - the issue is not about your code, nor about
your account on the local machine - it's about your permissions on the
server. The server apparently does not trust either your local machine
or the account you are using on your local machine)

Cheers,

Mark

>
>
>
> this is my code, the arguments "server" take only
>
> an ip and when i tray to run the code i can't know
>
> how i have to authenticate the connection.
>
>
>
> Thanks.
>
>
>
> #python C:\python\5_Forensic_Basic\eventlog.py
>
> # Windows Event Log Viewer
> # FB - 201012116
> import win32evtlog # requires pywin32 pre-installed
>
>
> import pdb
>
> server = '192.168.1.10' # name of the target computer to get event logs
>
>
> try:
>
>      logtype = 'System' # 'Application' # 'Security'
>      hand = win32evtlog.OpenEventLog(server,logtype)
>      flags =
> win32evtlog.EVENTLOG_BACKWARDS_READ|win32evtlog.EVENTLOG_SEQUENTIAL_READ
>      total = win32evtlog.GetNumberOfEventLogRecords(hand)
>      pdb.set_trace()
>      while True:
>          print ("test")
>          events = win32evtlog.ReadEventLog(hand, flags,0)
>          if events:
>              for event in events:
>                  print ('Event Category:', event.EventCategory)
>                  print ('Time Generated:', event.TimeGenerated)
>                  print ('Source Name:', event.SourceName)
>                  print ('Event ID:', event.EventID)
>                  print ('Event Type:', event.EventType)
>                  data = event.StringInserts
>                  if data:
>                      print ('Event Data:')
>                      for msg in data:
>                          print (msg)
>                  print()
> except Exception as err:
>      print("Exception")
>      print(str(err))
> if __name__ == "__main__":
>      try:
>          print ("start")
>      except getopt.GetoptError as err:
>          print(str(err))
>
>
>
> /Ruggero Paolo Basile/
>
> /Cellulare: 3403216393/
> /Mail:/ruggeropaolo.basile at ora-0.it <mailto:gabriele.saltini at ora-0.it>
> Privacy Policy <https://ora-0.it/privacy-policy/>Company Policy
> <https://ora-0.it/wp-content/uploads/2020/08/politica_aziendale_it.pdf>
>
> ------------------------------------------------------------------------
> *Da:* python-win32
> <python-win32-bounces+ruggeropaolo.basile=ora-0.it at python.org> per conto
> di Tim Roberts <timr at probo.com>
> *Inviato:* giovedì 16 settembre 2021 03:17:56
> *A:* python-win32 at python.org
> *Oggetto:* Re: [python-win32] pywintypes.error: (5, 'OpenEventLogW',
> 'Access is denied.')
> Ruggero Paolo Basile wrote:
>>
>>
>> Good morning i'am try to connect to remote host and get the eventlog
>> from windows , but in the
>>
>> module i can't find a value for authentication.
>> Have you some news?
>>
>> this is my error "pywintypes.error: (5, 'OpenEventLogW', 'Access is
>> denied.')"
>
>
> To do that operation, your username has to have permission on that
> remote machine.  Are you using a domain?  Are you logged in as a domain
> administrator?
>
>
> This article talks about it, but since Windows security is a vast, dark,
> confusing, twisted mess, I'm not sure you'll be able to make it work.
>
>
> https://docs.microsoft.com/en-us/archive/blogs/janelewis/giving-non-administrators-permission-to-read-event-logs-windows-2003-and-windows-2008
> <https://docs.microsoft.com/en-us/archive/blogs/janelewis/giving-non-administrators-permission-to-read-event-logs-windows-2003-and-windows-2008>
>
>
> If you bring up the Event Viewer application ("eventvwr"), under Action,
> there's a "Connect to Another Computer" option.  Does that work for you?
>
> --
> Tim Roberts, timr at probo.com
> Providenza & Boekelheide, Inc.
>
>
>
> _______________________________________________
> python-win32 mailing list
> python-win32 at python.org
> https://mail.python.org/mailman/listinfo/python-win32
>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/python-win32/attachments/20210916/eecbe754/attachment-0001.html>

More information about the python-win32 mailing list