WMI Event Log Security Search


Is there a way to search the WMI:Security event log within Windows to find out who has local admin rights on a server?

Tags (3)
0 Karma


Hi gharpe2

AFAIK you cannot see this kind of information in the WMI: Security event log and therefore you cannot search for it. maybe you can use a scripted output to read the users permission and feed that into splunk to make it searchable.


State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!