Security

WMI Event Log Security Search

Explorer

Is there a way to search the WMI:Security event log within Windows to find out who has local admin rights on a server?

Tags (3)
0 Karma

SplunkTrust
SplunkTrust

Hi gharpe2

AFAIK you cannot see this kind of information in the WMI: Security event log and therefore you cannot search for it. maybe you can use a scripted output to read the users permission and feed that into splunk to make it searchable.

cheers