Security

WMI Event Log Security Search

Explorer

Is there a way to search the WMI:Security event log within Windows to find out who has local admin rights on a server?

Tags (3)
0 Karma

SplunkTrust
SplunkTrust

Hi gharpe2

AFAIK you cannot see this kind of information in the WMI: Security event log and therefore you cannot search for it. maybe you can use a scripted output to read the users permission and feed that into splunk to make it searchable.

cheers

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!