From RuggeroPaolo.Basile at ora-0.it Wed Sep 15 08:50:32 2021 From: RuggeroPaolo.Basile at ora-0.it (Ruggero Paolo Basile) Date: Wed, 15 Sep 2021 12:50:32 +0000 Subject: [python-win32] pywintypes.error: (5, 'OpenEventLogW', 'Access is denied.') Message-ID: <706074e0950e4a8ebaae782729bd6f8e@ora-0.it> Good morning i'am try to connect to remote host and get the eventlog from windows , but in the module i can't find a value for authentication. Have you some news? this is my error "pywintypes.error: (5, 'OpenEventLogW', 'Access is denied.')" Thanks. Best Regards Ruggero Paolo Basile Cellulare: 3403216393 Mail: ruggeropaolo.basile at ora-0.it Privacy Policy Company Policy [cid:image001.png at 01D789E4.08355260] -------------- next part -------------- An HTML attachment was scrubbed... URL: From timr at probo.com Wed Sep 15 21:17:56 2021 From: timr at probo.com (Tim Roberts) Date: Wed, 15 Sep 2021 18:17:56 -0700 Subject: [python-win32] pywintypes.error: (5, 'OpenEventLogW', 'Access is denied.') In-Reply-To: <706074e0950e4a8ebaae782729bd6f8e@ora-0.it> References: <706074e0950e4a8ebaae782729bd6f8e@ora-0.it> Message-ID: <0487a66a-980e-a332-019e-a0fb74c1c00d@probo.com> Ruggero Paolo Basile wrote: > > > Good morning i'am try to connect to remote host and get?the eventlog > from windows , but in the > > module i can't find a value for authentication. > Have you some news? > > this is my error "pywintypes.error: (5, 'OpenEventLogW', 'Access is > denied.')" To do that operation, your username has to have permission on that remote machine.? Are you using a domain?? Are you logged in as a domain administrator? This article talks about it, but since Windows security is a vast, dark, confusing, twisted mess, I'm not sure you'll be able to make it work. https://docs.microsoft.com/en-us/archive/blogs/janelewis/giving-non-administrators-permission-to-read-event-logs-windows-2003-and-windows-2008 If you bring up the Event Viewer application ("eventvwr"), under Action, there's a "Connect to Another Computer" option.? Does that work for you? -- Tim Roberts, timr at probo.com Providenza & Boekelheide, Inc. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3389 bytes Desc: S/MIME Cryptographic Signature URL: From RuggeroPaolo.Basile at ora-0.it Thu Sep 16 04:41:50 2021 From: RuggeroPaolo.Basile at ora-0.it (Ruggero Paolo Basile) Date: Thu, 16 Sep 2021 08:41:50 +0000 Subject: [python-win32] pywintypes.error: (5, 'OpenEventLogW', 'Access is denied.') In-Reply-To: <0487a66a-980e-a332-019e-a0fb74c1c00d@probo.com> References: <706074e0950e4a8ebaae782729bd6f8e@ora-0.it>, <0487a66a-980e-a332-019e-a0fb74c1c00d@probo.com> Message-ID: ok , i have the username and password of local machine, i'am a starter in python this is my code, the arguments "server" take only an ip and when i tray to run the code i can't know how i have to authenticate the connection. Thanks. #python C:\python\5_Forensic_Basic\eventlog.py # Windows Event Log Viewer # FB - 201012116 import win32evtlog # requires pywin32 pre-installed import pdb server = '192.168.1.10' # name of the target computer to get event logs try: logtype = 'System' # 'Application' # 'Security' hand = win32evtlog.OpenEventLog(server,logtype) flags = win32evtlog.EVENTLOG_BACKWARDS_READ|win32evtlog.EVENTLOG_SEQUENTIAL_READ total = win32evtlog.GetNumberOfEventLogRecords(hand) pdb.set_trace() while True: print ("test") events = win32evtlog.ReadEventLog(hand, flags,0) if events: for event in events: print ('Event Category:', event.EventCategory) print ('Time Generated:', event.TimeGenerated) print ('Source Name:', event.SourceName) print ('Event ID:', event.EventID) print ('Event Type:', event.EventType) data = event.StringInserts if data: print ('Event Data:') for msg in data: print (msg) print() except Exception as err: print("Exception") print(str(err)) if __name__ == "__main__": try: print ("start") except getopt.GetoptError as err: print(str(err)) Ruggero Paolo Basile Cellulare: 3403216393 Mail: ruggeropaolo.basile at ora-0.it Privacy Policy Company Policy [cid:image001.png at 01D789E4.08355260] ________________________________ Da: python-win32 per conto di Tim Roberts Inviato: gioved? 16 settembre 2021 03:17:56 A: python-win32 at python.org Oggetto: Re: [python-win32] pywintypes.error: (5, 'OpenEventLogW', 'Access is denied.') Ruggero Paolo Basile wrote: > > > Good morning i'am try to connect to remote host and get the eventlog > from windows , but in the > > module i can't find a value for authentication. > Have you some news? > > this is my error "pywintypes.error: (5, 'OpenEventLogW', 'Access is > denied.')" To do that operation, your username has to have permission on that remote machine. Are you using a domain? Are you logged in as a domain administrator? This article talks about it, but since Windows security is a vast, dark, confusing, twisted mess, I'm not sure you'll be able to make it work. https://docs.microsoft.com/en-us/archive/blogs/janelewis/giving-non-administrators-permission-to-read-event-logs-windows-2003-and-windows-2008 If you bring up the Event Viewer application ("eventvwr"), under Action, there's a "Connect to Another Computer" option. Does that work for you? -- Tim Roberts, timr at probo.com Providenza & Boekelheide, Inc. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mhammond at skippinet.com.au Thu Sep 16 04:49:43 2021 From: mhammond at skippinet.com.au (Mark Hammond) Date: Thu, 16 Sep 2021 18:49:43 +1000 Subject: [python-win32] pywintypes.error: (5, 'OpenEventLogW', 'Access is denied.') In-Reply-To: References: <706074e0950e4a8ebaae782729bd6f8e@ora-0.it> <0487a66a-980e-a332-019e-a0fb74c1c00d@probo.com> Message-ID: <17428b70-856d-90aa-0c2d-09ba0197497f@skippinet.com.au> On 16/09/2021 6:41 pm, Ruggero Paolo Basile wrote: > ok , i have the username and password of local machine, i'am a starter > in python Tim noted that the issue is what permissions you have on the *remote* machine - having the username and password of the local machine means nothing to the remote machine you are trying to access. Tim also suggested a specific experiment you should try - did you try it? What happened? (To put it another way - the issue is not about your code, nor about your account on the local machine - it's about your permissions on the server. The server apparently does not trust either your local machine or the account you are using on your local machine) Cheers, Mark > > > > this is my code, the arguments "server" take only > > an ip and when i tray to?run the code i can't know > > how i have to authenticate the connection. > > > > Thanks. > > > > #python C:\python\5_Forensic_Basic\eventlog.py > > # Windows Event Log Viewer > # FB - 201012116 > import win32evtlog # requires pywin32 pre-installed > > > import pdb > > server = '192.168.1.10' # name of the target computer to get event logs > > > try: > > ? ? logtype = 'System' # 'Application' # 'Security' > ? ? hand = win32evtlog.OpenEventLog(server,logtype) > ? ? flags = > win32evtlog.EVENTLOG_BACKWARDS_READ|win32evtlog.EVENTLOG_SEQUENTIAL_READ > ? ? total = win32evtlog.GetNumberOfEventLogRecords(hand) > ? ? pdb.set_trace() > ? ? while True: > ? ? ? ? print ("test") > ? ? ? ? events = win32evtlog.ReadEventLog(hand, flags,0) > ? ? ? ? if events: > ? ? ? ? ? ? for event in events: > ? ? ? ? ? ? ? ? print ('Event Category:', event.EventCategory) > ? ? ? ? ? ? ? ? print ('Time Generated:', event.TimeGenerated) > ? ? ? ? ? ? ? ? print ('Source Name:', event.SourceName) > ? ? ? ? ? ? ? ? print ('Event ID:', event.EventID) > ? ? ? ? ? ? ? ? print ('Event Type:', event.EventType) > ? ? ? ? ? ? ? ? data = event.StringInserts > ? ? ? ? ? ? ? ? if data: > ? ? ? ? ? ? ? ? ? ? print ('Event Data:') > ? ? ? ? ? ? ? ? ? ? for msg in data: > ? ? ? ? ? ? ? ? ? ? ? ? print (msg) > ? ? ? ? ? ? ? ? print() > except Exception as err: > ? ? print("Exception") > ? ? print(str(err)) > if __name__ == "__main__": > ? ? try: > ? ? ? ? print ("start") > ? ? except getopt.GetoptError as err: > ? ? ? ? print(str(err)) > > > > /Ruggero Paolo Basile/ > > /Cellulare: 3403216393/ > /Mail:/ruggeropaolo.basile at ora-0.it > Privacy Policy Company Policy > > > ------------------------------------------------------------------------ > *Da:* python-win32 > per conto > di Tim Roberts > *Inviato:* gioved? 16 settembre 2021 03:17:56 > *A:* python-win32 at python.org > *Oggetto:* Re: [python-win32] pywintypes.error: (5, 'OpenEventLogW', > 'Access is denied.') > Ruggero Paolo Basile wrote: >> >> >> Good morning i'am try to connect to remote host and get?the eventlog >> from windows , but in the >> >> module i can't find a value for authentication. >> Have you some news? >> >> this is my error "pywintypes.error: (5, 'OpenEventLogW', 'Access is >> denied.')" > > > To do that operation, your username has to have permission on that > remote machine.? Are you using a domain?? Are you logged in as a domain > administrator? > > > This article talks about it, but since Windows security is a vast, dark, > confusing, twisted mess, I'm not sure you'll be able to make it work. > > > https://docs.microsoft.com/en-us/archive/blogs/janelewis/giving-non-administrators-permission-to-read-event-logs-windows-2003-and-windows-2008 > > > > If you bring up the Event Viewer application ("eventvwr"), under Action, > there's a "Connect to Another Computer" option.? Does that work for you? > > -- > Tim Roberts, timr at probo.com > Providenza & Boekelheide, Inc. > > > > _______________________________________________ > python-win32 mailing list > python-win32 at python.org > https://mail.python.org/mailman/listinfo/python-win32 > From RuggeroPaolo.Basile at ora-0.it Thu Sep 16 05:17:37 2021 From: RuggeroPaolo.Basile at ora-0.it (Ruggero Paolo Basile) Date: Thu, 16 Sep 2021 09:17:37 +0000 Subject: [python-win32] pywintypes.error: (5, 'OpenEventLogW', 'Access is denied.') In-Reply-To: <17428b70-856d-90aa-0c2d-09ba0197497f@skippinet.com.au> References: <706074e0950e4a8ebaae782729bd6f8e@ora-0.it> <0487a66a-980e-a332-019e-a0fb74c1c00d@probo.com> , <17428b70-856d-90aa-0c2d-09ba0197497f@skippinet.com.au> Message-ID: OK , let's explain the case My goal is to read the event log of the remote windows machine. I have experienced the wmi library, the wmi problem is that I have to create parsers, I have not found any code. On the remote machine I have no authentication problems as I connect to the local network. the only question now is how i have to do? before call hand = win32evtlog.OpenEventLog (server, logtype) maybe i have to create an authentication contex? i'am not skilled in that. Ruggero Paolo Basile Cellulare: 3403216393 Mail: ruggeropaolo.basile at ora-0.it Privacy Policy Company Policy [cid:image001.png at 01D789E4.08355260] ________________________________ Da: Mark Hammond Inviato: gioved? 16 settembre 2021 10:49:43 A: Ruggero Paolo Basile; python-win32 at python.org Oggetto: Re: [python-win32] pywintypes.error: (5, 'OpenEventLogW', 'Access is denied.') On 16/09/2021 6:41 pm, Ruggero Paolo Basile wrote: > ok , i have the username and password of local machine, i'am a starter > in python Tim noted that the issue is what permissions you have on the *remote* machine - having the username and password of the local machine means nothing to the remote machine you are trying to access. Tim also suggested a specific experiment you should try - did you try it? What happened? (To put it another way - the issue is not about your code, nor about your account on the local machine - it's about your permissions on the server. The server apparently does not trust either your local machine or the account you are using on your local machine) Cheers, Mark > > > > this is my code, the arguments "server" take only > > an ip and when i tray to run the code i can't know > > how i have to authenticate the connection. > > > > Thanks. > > > > #python C:\python\5_Forensic_Basic\eventlog.py > > # Windows Event Log Viewer > # FB - 201012116 > import win32evtlog # requires pywin32 pre-installed > > > import pdb > > server = '192.168.1.10' # name of the target computer to get event logs > > > try: > > logtype = 'System' # 'Application' # 'Security' > hand = win32evtlog.OpenEventLog(server,logtype) > flags = > win32evtlog.EVENTLOG_BACKWARDS_READ|win32evtlog.EVENTLOG_SEQUENTIAL_READ > total = win32evtlog.GetNumberOfEventLogRecords(hand) > pdb.set_trace() > while True: > print ("test") > events = win32evtlog.ReadEventLog(hand, flags,0) > if events: > for event in events: > print ('Event Category:', event.EventCategory) > print ('Time Generated:', event.TimeGenerated) > print ('Source Name:', event.SourceName) > print ('Event ID:', event.EventID) > print ('Event Type:', event.EventType) > data = event.StringInserts > if data: > print ('Event Data:') > for msg in data: > print (msg) > print() > except Exception as err: > print("Exception") > print(str(err)) > if __name__ == "__main__": > try: > print ("start") > except getopt.GetoptError as err: > print(str(err)) > > > > /Ruggero Paolo Basile/ > > /Cellulare: 3403216393/ > /Mail:/ruggeropaolo.basile at ora-0.it > Privacy Policy Company Policy > > > ------------------------------------------------------------------------ > *Da:* python-win32 > per conto > di Tim Roberts > *Inviato:* gioved? 16 settembre 2021 03:17:56 > *A:* python-win32 at python.org > *Oggetto:* Re: [python-win32] pywintypes.error: (5, 'OpenEventLogW', > 'Access is denied.') > Ruggero Paolo Basile wrote: >> >> >> Good morning i'am try to connect to remote host and get the eventlog >> from windows , but in the >> >> module i can't find a value for authentication. >> Have you some news? >> >> this is my error "pywintypes.error: (5, 'OpenEventLogW', 'Access is >> denied.')" > > > To do that operation, your username has to have permission on that > remote machine. Are you using a domain? Are you logged in as a domain > administrator? > > > This article talks about it, but since Windows security is a vast, dark, > confusing, twisted mess, I'm not sure you'll be able to make it work. > > > https://docs.microsoft.com/en-us/archive/blogs/janelewis/giving-non-administrators-permission-to-read-event-logs-windows-2003-and-windows-2008 > > > > If you bring up the Event Viewer application ("eventvwr"), under Action, > there's a "Connect to Another Computer" option. Does that work for you? > > -- > Tim Roberts, timr at probo.com > Providenza & Boekelheide, Inc. > > > > _______________________________________________ > python-win32 mailing list > python-win32 at python.org > https://mail.python.org/mailman/listinfo/python-win32 > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mhammond at skippinet.com.au Thu Sep 16 05:30:34 2021 From: mhammond at skippinet.com.au (Mark Hammond) Date: Thu, 16 Sep 2021 19:30:34 +1000 Subject: [python-win32] pywintypes.error: (5, 'OpenEventLogW', 'Access is denied.') In-Reply-To: References: <706074e0950e4a8ebaae782729bd6f8e@ora-0.it> <0487a66a-980e-a332-019e-a0fb74c1c00d@probo.com> <17428b70-856d-90aa-0c2d-09ba0197497f@skippinet.com.au> Message-ID: <35a93491-cdd3-b2d1-3ea1-3b0d2d48f52f@skippinet.com.au> On 16/09/2021 7:17 pm, Ruggero Paolo Basile wrote: > OK , let's explain the case > > > My goal is to read the event log of the remote windows machine. I have > experienced the *wmi library,* the wmi problem is that I have to create > parsers, I have not found any code. On the remote machine I have no > authentication problems as I connect to the local network. If you have a username and password that works on the *server*, you may be able to use win32security.LogonUser(). You still haven't answered: > Tim also suggested a specific experiment you should try - did you try > it? What happened? It's likely you will be prompted for a username and password here. If you have a username/password that works, win32security.LogonUser() is likely to work with the same username/password. Mark From RuggeroPaolo.Basile at ora-0.it Thu Sep 16 09:51:37 2021 From: RuggeroPaolo.Basile at ora-0.it (Ruggero Paolo Basile) Date: Thu, 16 Sep 2021 13:51:37 +0000 Subject: [python-win32] pywintypes.error: (5, 'OpenEventLogW', 'Access is denied.') In-Reply-To: <35a93491-cdd3-b2d1-3ea1-3b0d2d48f52f@skippinet.com.au> References: <706074e0950e4a8ebaae782729bd6f8e@ora-0.it> <0487a66a-980e-a332-019e-a0fb74c1c00d@probo.com> <17428b70-856d-90aa-0c2d-09ba0197497f@skippinet.com.au> , <35a93491-cdd3-b2d1-3ea1-3b0d2d48f52f@skippinet.com.au> Message-ID: OK well , i dint try the experiment becouse i wont modify the other host, only i have to connect to a remote host in the local lan but i cant find any parameter to connect to an host with win32security.LogonUser(). Gretings Ruggero Paolo Basile Cellulare: 3403216393 Mail: ruggeropaolo.basile at ora-0.it Privacy Policy Company Policy [cid:image001.png at 01D789E4.08355260] ________________________________ Da: Mark Hammond Inviato: gioved? 16 settembre 2021 11:30:34 A: Ruggero Paolo Basile; python-win32 at python.org Oggetto: Re: [python-win32] pywintypes.error: (5, 'OpenEventLogW', 'Access is denied.') On 16/09/2021 7:17 pm, Ruggero Paolo Basile wrote: > OK , let's explain the case > > > My goal is to read the event log of the remote windows machine. I have > experienced the *wmi library,* the wmi problem is that I have to create > parsers, I have not found any code. On the remote machine I have no > authentication problems as I connect to the local network. If you have a username and password that works on the *server*, you may be able to use win32security.LogonUser(). You still haven't answered: > Tim also suggested a specific experiment you should try - did you try > it? What happened? It's likely you will be prompted for a username and password here. If you have a username/password that works, win32security.LogonUser() is likely to work with the same username/password. Mark -------------- next part -------------- An HTML attachment was scrubbed... URL: From christoph.dorner at gmx.de Fri Sep 17 03:26:54 2021 From: christoph.dorner at gmx.de (Christoph J. Dorner) Date: Fri, 17 Sep 2021 09:26:54 +0200 Subject: [python-win32] Issue with PythonCOM - Application.Run does not work for Access.Application Message-ID: Hi there, I need to call Office / VBA applications form a running Python script. While calling VBA from Python using Application.Run works with EXCEL, it does not work with ACCESS. What I do: I link to the Office application via the win32com.client dispatch mechanism as usual and I can see the application object in the Python debugger. If I do an excelapp.Run('xxx") everything is fine. If I do an accessapp.Run('xxx") it throws an error -2147352562 which win32api.FormatMessage states is an issue with the number of parameters. But that cannot be the case as the UDF has no parameter and I do not pass any (additional) parameter. Moreover I simulated this accessapp.Run call from EXCEL in VBA and there it works. Moreover, I did a "passthrough" via EXCEL i. e. called a stub in EXCEL VBA using excelapp.Run in Python which itself calls ACCESS VBA via Application.Run as well. This works for ACCESS VBA code I cannot call directly from Python. It even works to create/pass back VBA object references from ACCESS via EXCEL to Python. I could not find any information ont hat issue and I wonder if this is an issue related to pywin32 / PythonCOM ? I was told this is a support request and not an issue. Happy to learn if anybody else knows this problem and what to do. Thanks in advance Christoph From timr at probo.com Fri Sep 17 12:50:20 2021 From: timr at probo.com (Tim Roberts) Date: Fri, 17 Sep 2021 09:50:20 -0700 Subject: [python-win32] Issue with PythonCOM - Application.Run does not work for Access.Application In-Reply-To: References: Message-ID: Christoph J. Dorner wrote: > > I need to call Office / VBA applications form a running Python script. > While calling VBA from Python using Application.Run works with EXCEL, it > does not work with ACCESS. What I do: > I link to the Office application via the win32com.client dispatch > mechanism as usual and I can see the application object in the Python > debugger. > If I do an excelapp.Run('xxx") everything is fine. > If I do an accessapp.Run('xxx") it throws an error -2147352562 which > win32api.FormatMessage states is an issue with the number of parameters. > But that cannot be the case as the UDF has no parameter and I do not > pass any (additional) parameter. Curious.? Both the Excel "Application.Run" and Access "Application.Run" methods are defined the same way, with 30 "optional" parameters.? Have you experimented with specifying a dummy parameter to see if that makes a difference? Have you tried using "win32com.client.gencache.EnsureDispatch" instead of simple "Dispatch"?? That way, it generates and caches a wrapper file.? It might be possible to peek in the generated file to see if the wrappers look any different. -- Tim Roberts, timr at probo.com Providenza & Boekelheide, Inc. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3389 bytes Desc: S/MIME Cryptographic Signature URL: From RuggeroPaolo.Basile at ora-0.it Fri Sep 17 05:58:27 2021 From: RuggeroPaolo.Basile at ora-0.it (Ruggero Paolo Basile) Date: Fri, 17 Sep 2021 09:58:27 +0000 Subject: [python-win32] pywintypes.error: (5, 'OpenEventLogW', 'Access is denied.') - GOAL - ACCESS to windows event log from remote host In-Reply-To: References: <706074e0950e4a8ebaae782729bd6f8e@ora-0.it> <0487a66a-980e-a332-019e-a0fb74c1c00d@probo.com> <17428b70-856d-90aa-0c2d-09ba0197497f@skippinet.com.au> , <35a93491-cdd3-b2d1-3ea1-3b0d2d48f52f@skippinet.com.au>, Message-ID: <60c9719c53a24bd0a4dd5521617d3b18@ora-0.it> Hello everyone. I am insisting on two python modules for windows event collection, I still don't have a satisfactory result as the solution eventlog_0.py the win32evtlog module of the pypiwin32 library I can connect to the RPC service but only on a local PC, have a readable parsing of the events and then forward it to the soc, I have to insist on remote login. * learning about the topic and exchanging emails with the WIN32 API community, they wrote me about the possibility to launch a script on a remote computer to authorize the share of the eventlog also on guest users, then the strategy would be with WMI with admin connection, modification of the parameters useful for the log dump and connection with win32 for parsing the event log. As for the solution using the WMI, I encountered the reverse problem, connecting to the remote host happens correctly (after entering the registrations), with an SQL query I log in to Win32_NTLogEvent, but I don't know the schema of the db and I have not found snippet that readable results. I had believed in the use of win32, theoretically and from what they tell me in the community it is necessary first authenticate with the win32security.LogonUser () module and then invoke the RPC service, which I did but it didn't results. The win32evtlog library apparently does not have a method for posting les article when establishing the connection. I spent less time on WMI because I found little fiction about managing the eventlog with python. eventlog_0.py #python C:\python\5_Forensic_Basic\eventlog.py # Windows Event Log Viewer # FB - 201012116 import win32evtlog # requires pywin32 pre-installed server = 'localhost' # name of the target computer to get event logs try: logtype = 'System' # 'Application' # 'Security' hand = win32evtlog.OpenEventLog(server,logtype) flags = win32evtlog.EVENTLOG_BACKWARDS_READ|win32evtlog.EVENTLOG_SEQUENTIAL_READ total = win32evtlog.GetNumberOfEventLogRecords(hand) while True: print ("test") events = win32evtlog.ReadEventLog(hand, flags,0) if events: for event in events: print ('Event Category:', event.EventCategory) print ('Time Generated:', event.TimeGenerated) print ('Source Name:', event.SourceName) print ('Event ID:', event.EventID) print ('Event Type:', event.EventType) data = event.StringInserts if data: print ('Event Data:') for msg in data: print (msg) print() except Exception as err: print("Exception") print(str(err)) if __name__ == "__main__": try: print ("start") except getopt.GetoptError as err: print(str(err)) #ModuleNotFoundError: No module named 'win32evtlog' #pip install pypiwin32 #Server RPC non disponibile. login_eventlog.py import getpass import win32security import win32evtlog # requires pywin32 pre-installed domain = input("Domain: ") username = input("Username: ") password = getpass.getpass ("Password: ") def simple_logon(): try: hUser = win32security.LogonUser ( username, domain, password, win32security.LOGON32_LOGON_NETWORK, win32security.LOGON32_PROVIDER_DEFAULT ) except win32security.error: print ("Failed") else: print ("Succeeded") if __name__ == "__main__": simple_logon() try: logtype = 'System' # 'Application' # 'Security' hand = win32evtlog.OpenEventLog(server,logtype) flags = win32evtlog.EVENTLOG_BACKWARDS_READ|win32evtlog.EVENTLOG_SEQUENTIAL_READ total = win32evtlog.GetNumberOfEventLogRecords(hand) pdb.set_trace() while True: print ("test") events = win32evtlog.ReadEventLog(hand, flags,0) if events: for event in events: print ('Event Category:', event.EventCategory) print ('Time Generated:', event.TimeGenerated) print ('Source Name:', event.SourceName) print ('Event ID:', event.EventID) print ('Event Type:', event.EventType) data = event.StringInserts if data: print ('Event Data:') for msg in data: print (msg) print() except Exception as err: print("Exception") print(str(err)) #print (logonUser("/\norazero\norazero")) wmi_2 import wmi ip = '192.168.1.10' username = password = from socket import * try: print("Establishing connection to %s" %ip) conn = wmi.WMI(ip, user=username, password=password) print("Connection established") print(conn) if False: print("list processes") # list processes for process in conn.Win32_Process(): print("ID: {0}\nHandleCount: {1}\nProcessName: {2}\n".format( process.ProcessId, process.HandleCount, process.Name ) ) if False: for s in conn.Win32_Service(StartMode="Auto", State="Running"): print(s.State, s.StartMode, s.Name, s.DisplayName) # filter service names if 'Update' in s.Name: print(s.State, s.StartMode, s.Name, s.DisplayName) if False: wmi_obj = wmi.WMI('.') #Initialize WMI object and query. wmi_query = "SELECT * FROM Win32_NTLogEvent WHERE Logfile='System' AND EventType=1" query_result = wmi_obj.query(wmi_query) # Query WMI object print(query_result) #for group in conn.Win32_Group(): for group in conn.Win32_Group(): print(group.Caption) # loop #for user in group.associators(wmi_result_class="Win32_UserAccount"): # print(" [+]", user.Caption) except wmi.x_wmi: print("Your Username and Password of "+getfqdn(ip)+" are wrong.") Ruggero Paolo Basile Cellulare: 3403216393 Mail: ruggeropaolo.basile at ora-0.it Privacy Policy Company Policy [cid:image001.png at 01D789E4.08355260] ________________________________ Da: python-win32 per conto di Ruggero Paolo Basile Inviato: gioved? 16 settembre 2021 15:51:37 A: Mark Hammond; python-win32 at python.org Oggetto: Re: [python-win32] pywintypes.error: (5, 'OpenEventLogW', 'Access is denied.') OK well , i dint try the experiment becouse i wont modify the other host, only i have to connect to a remote host in the local lan but i cant find any parameter to connect to an host with win32security.LogonUser(). Gretings Ruggero Paolo Basile Cellulare: 3403216393 Mail: ruggeropaolo.basile at ora-0.it Privacy Policy Company Policy [cid:image001.png at 01D789E4.08355260] ________________________________ Da: Mark Hammond Inviato: gioved? 16 settembre 2021 11:30:34 A: Ruggero Paolo Basile; python-win32 at python.org Oggetto: Re: [python-win32] pywintypes.error: (5, 'OpenEventLogW', 'Access is denied.') On 16/09/2021 7:17 pm, Ruggero Paolo Basile wrote: > OK , let's explain the case > > > My goal is to read the event log of the remote windows machine. I have > experienced the *wmi library,* the wmi problem is that I have to create > parsers, I have not found any code. On the remote machine I have no > authentication problems as I connect to the local network. If you have a username and password that works on the *server*, you may be able to use win32security.LogonUser(). You still haven't answered: > Tim also suggested a specific experiment you should try - did you try > it? What happened? It's likely you will be prompted for a username and password here. If you have a username/password that works, win32security.LogonUser() is likely to work with the same username/password. Mark -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: login_eventlog.py Type: text/x-python Size: 1739 bytes Desc: login_eventlog.py URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: eventlog_0.py Type: text/x-python Size: 1479 bytes Desc: eventlog_0.py URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: wmi_2.py Type: text/x-python Size: 1493 bytes Desc: wmi_2.py URL: From steven at manross.net Fri Sep 17 20:25:05 2021 From: steven at manross.net (Steven Manross) Date: Sat, 18 Sep 2021 00:25:05 +0000 Subject: [python-win32] Access Denied on Eventlogs - possible solution(s) Message-ID: <5ea204abbc27415988980f3accd36ba7@manross.net> Howdy. I replied offline to the author earlier in my day about what might be the problem he is running into (I was in digest mode until today and couldnt just reply to the thread - apologies), but played around with this script a little today and seem to have something that can pass credentials to a call for eventlogs and wanted to share with the list (now that I had a working sample). Based on the API that was available for running searches on remote computers, I had to output the data into XML and did not parse the XML (a task which I leave to the original author of this thread -- using something like lxml). However, Hopefully this helps the original author see how he might be able to inject credentials into their script to get what they need. It is worthy of note that the original poster's script worked fine on my test systems (with Remote Scripting UAC disabled) which might suggest that there's a problem with how the remote server is configured and maybe "Allowing Remote Scripts to Bypass UAC" is the solution to their whole problem... See here: https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/user-account-control-and-remote-restriction Kudos to the pywin32 maintainers and the members of this list for their input. I hope this minor script helps someone. # ------------------------------- # tested using python 3.6.3 on W10x64 with domain admin credentials tested in the script import?win32evtlog?#?requires?pywin32?pre-installed import?time user?=?"someuser"?#?your?windows?username domain?=?"SOMEDOMAIN"?#?your?windows?domain?name?(or?possibly?computername) passwd?=?"reallysecurepassword"?#?your?unencrypted?password server?=?'IP_OR_FQDN'?#?name?of?the?target?computer?to?get?event?logs try: ????logtype?=?'System'?#?'Application'?#?'Security' ????sess_handle?=?win32evtlog.EvtOpenSession(Login=(server,?user,?domain,?passwd,?win32evtlog.EvtRpcLoginAuthDefault), ????????????????????????????????????Timeout=0, ????????????????????????????????????Flags=0) ????query_flags?=?win32evtlog.EvtQueryReverseDirection?|?win32evtlog.EvtQueryChannelPath # while I get "*" (all the logs), this thread seems to suggest you could limit it.. however, their syntax didn't work for me # https://stackoverflow.com/questions/29827769/get-an-event-object-from-win32evtlog-evtquery-results ????log_handle?=?win32evtlog.EvtQuery(logtype,?query_flags,?"*",?sess_handle) ????x?=?0 ????count?=?10???# get x events per query ????events?=?win32evtlog.EvtNext(ResultSet=log_handle,?Count=count,Timeout=0,?Flags=0) ????while?events: ????????for?event?in?events: ????????????x?+=?1 ????????????print(f'b4?render:?{x}?-->?{event}') ????????????print?(f'Event?Data:?{win32evtlog.EvtRender(event,?Flags=win32evtlog.EvtRenderEventXml)}') ????????events?=?win32evtlog.EvtNext(ResultSet=log_handle,?Count=count,Timeout=0,?Flags=0) ????????time.sleep(5) except?Exception?as?e: ????print(f"Excepted?with:?{e}") #################### # minor excerpt of output: b4 render: 240 --> Event Data: 703604000x8080000000000000296223Systemsomecomuter.somewhere.comWMI Performance Adapterstopped77006D006900410070005300720076002F0031000000 From danielhg52 at hotmail.com Tue Sep 28 10:54:21 2021 From: danielhg52 at hotmail.com (daniel hernandez jimenez) Date: Tue, 28 Sep 2021 14:54:21 +0000 Subject: [python-win32] Hook windows messages with python Message-ID: Hello! I am trying to use the PyCwnd.HookMessage but seems to not be working, and I read the email you sent to the Python-win32 mailing list: Hi! I'm trying to set a message hook with python to catch WM_DROPFILES. The guiframework is Tkinter. Here a code snippet: > hwnd = eval(self.wm_frame()) > win32gui.DragAcceptFiles(hwnd,1) > wnd = win32ui.CreateWindowFromHandle(hwnd) > wnd.HookMessage(self.test,w32con.WM_DROPFILES) > def test(self): > print "blala" The DragAcceptFiles-Call seems to be alright. When i drag a file over the gui there is this drag-and-drop icon. But the problem is, that the callback-function (test) is never executed. I also try different messages like Mousemove or Buttondown. So i think there is a problem with the HookMessage function. I read that you must compile Python with PYWIN_WITH_WINDOWPROC option enabled. Is this the problem? Can someone give me a short working code to hook a message so i can try it on my workstation? Thx in advance! Would you be so kind to help me with the short code if you found how to do it? Thanks, Daniel Hernandez -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 69BDDF7DE58C4695AE643452F39DBA9A.png Type: image/png Size: 140 bytes Desc: 69BDDF7DE58C4695AE643452F39DBA9A.png URL: