var wbemFlagReturnImmediately = 0x10; var wbemFlagForwardOnly = 0x20; var arrComputers = new Array("."); for (i = 0; i < arrComputers.length; i++) { WScript.Echo(); WScript.Echo("=========================================="); WScript.Echo("Computer: " + arrComputers[i]); WScript.Echo("=========================================="); var objWMIService = GetObject("winmgmts:\\\\" + arrComputers[i] + "\\root\\aspnet"); var colItems = objWMIService.ExecQuery("SELECT * FROM AuthenticationSuccessAuditEvent", "WQL", wbemFlagReturnImmediately | wbemFlagForwardOnly); var enumItems = new Enumerator(colItems); for (; !enumItems.atEnd(); enumItems.moveNext()) { var objItem = enumItems.item(); WScript.Echo("AccountName: " + objItem.AccountName); WScript.Echo("ApplicationDomain: " + objItem.ApplicationDomain); WScript.Echo("ApplicationPath: " + objItem.ApplicationPath); WScript.Echo("ApplicationVirtualPath: " + objItem.ApplicationVirtualPath); WScript.Echo("CustomEventDetails: " + objItem.CustomEventDetails); WScript.Echo("EventCode: " + objItem.EventCode); WScript.Echo("EventDetailCode: " + objItem.EventDetailCode); WScript.Echo("EventID: " + objItem.EventID); WScript.Echo("EventMessage: " + objItem.EventMessage); WScript.Echo("EventTime: " + objItem.EventTime); WScript.Echo("MachineName: " + objItem.MachineName); WScript.Echo("NameToAuthenticate: " + objItem.NameToAuthenticate); WScript.Echo("Occurrence: " + objItem.Occurrence); WScript.Echo("ProcessID: " + objItem.ProcessID); WScript.Echo("ProcessName: " + objItem.ProcessName); WScript.Echo("RequestPath: " + objItem.RequestPath); WScript.Echo("RequestThreadAccountName: " + objItem.RequestThreadAccountName); WScript.Echo("RequestUrl: " + objItem.RequestUrl); try { WScript.Echo("SECURITY_DESCRIPTOR: " + (objItem.SECURITY_DESCRIPTOR.toArray()).join(",")); } catch(e) { WScript.Echo("SECURITY_DESCRIPTOR: null"); } WScript.Echo("SecurityDescriptor: " + objItem.SecurityDescriptor); WScript.Echo("SequenceNumber: " + objItem.SequenceNumber); WScript.Echo("TIME_CREATED: " + objItem.TIME_CREATED); WScript.Echo("TrustLevel: " + objItem.TrustLevel); WScript.Echo("UserAuthenticated: " + objItem.UserAuthenticated); WScript.Echo("UserAuthenticationType: " + objItem.UserAuthenticationType); WScript.Echo("UserHostAddress: " + objItem.UserHostAddress); WScript.Echo("UserName: " + objItem.UserName); } }