Home Reference WMI Reference root CIMV2 Win32_NTEventlogFile
 

Win32_NTEventlogFile

CIM_DataFile is a type of logical file that is a named collection of data or executable code.

The behavior of the provider backing this class will be changed in future releases. Currently the provider returns both files on fixed disks as well as files on mapped logical disks. In the future, only instances of files on local fixed disks will be returned.

Quick Start

Properties

Most WMI properties are read-only. You can only read values but not change them. Few properties are also writeable. You can assign new values to those properties.

Writeable properties are marked with this icon:   

AccessMask

Data type UInt32

The AccessMask property is a bit array representing the access rights to the given file or directory held by the user or group on whose behalf the instance is returned. This property is only supported under Windows NT and Windows 2000. On Windows 98 and on Windows NT/2000 FAT volumes, FULL_ACCESS is returned, indicating no security has been set on the object.

$FILE_READ_DATAfileorFILE_LIST_DIRECTORYdirectory=1
$FILE_WRITE_DATAfileorFILE_ADD_FILEdirectory=2
$FILE_APPEND_DATAfileorFILE_ADD_SUBDIRECTORYdirectory=4
$FILE_READ_EA=8
$FILE_WRITE_EA=16
$FILE_EXECUTEfileorFILE_TRAVERSEdirectory=32
$FILE_DELETE_CHILDdirectory=64
$FILE_READ_ATTRIBUTES=128
$FILE_WRITE_ATTRIBUTES=256
$DELETE=512
$READ_CONTROL=1024
$WRITE_DAC=2048
$WRITE_OWNER=4096
$SYNCHRONIZE=8192

$AccessMask = $SYNCHRONIZE + $WRITE_OWNER

Archive

Data type Boolean

The Archive property is a boolean value indicating that the file should be archived.

Caption

Data type String

The Caption property is a short textual description (one-line string) of the object.

Compressed

Data type Boolean

The Compressed property is a boolean value indicating that the file is compressed.

CompressionMethod

Data type String

The CompressionMethod property is a free form string indicating the algorithm or tool used to compress the logical file. If it is not possible (or not desired) to describe the compression scheme (perhaps because it is not known), use the following words: “Unknown” to represent that it is not known whether the logical file is compressed or not, “Compressed” to represent that the file is compressed but either its compression scheme is not known or not disclosed, and “Not Compressed” to represent that the logical file is not compressed.

CreationClassName

Data type String

The CreationClassName property is a string indicating the name of this class.

CreationDate

Data type DateTime

The CreationDate property is a datetime value indicating the file’s creation date.

CSCreationClassName

Data type String

The CSCreationClassName property is a string indicating the class of the computer system.

CSName

Data type String

The CSName property is a string indicating the name of the computer system.

Description

Data type String

The Description property provides a textual description of the object.

Drive

Data type String

The Drive property is a string representing the drive letter (including colon) of the file. Example: c:

EightDotThreeFileName

Data type String

The EightDotThreeFileName property is a string representing the DOS-compatible file name for this file.

Example: c:\progra~1

Encrypted

Data type Boolean

The Encrypted property is a boolean value indicating that the file is encrypted.

EncryptionMethod

Data type String

The EncryptionMethod property is a free form string indicating the algorithm or tool used to encrypt the logical file. If it is not possible (or not desired) to describe the encryption scheme (perhaps for security reasons), use the following words: “Unknown” to represent that it is not known whether the logical file is encrypted or not, “Encrypted” to represent that the file is encrypted but either its encryption scheme is not known or not disclosed, and “Not Encrypted” to represent that the logical file is not encrypted.

Extension

Data type String

The Extension property is a string representing the file’s extension (without the dot). Example: txt, mof, mdb.

FileName

Data type String

The FileName property is a string representing the filename (without extension) of the file. Example: autoexec

FileSize

Data type UInt64

The FileSize property represents the size of the file (in bytes).

FileType

Data type String

The FileType property is a string descriptor representing the file type (indicated by the Extension property).

FSCreationClassName

Data type String

The FSCreationClassName property is a string indicating the class of the file system.

FSName

Data type String

The FSName property is string indicating the name of the file system.

Hidden

Data type Boolean

The Hidden property is a boolean value indicating if the file is hidden.

InstallDate

Data type DateTime

The InstallDate property is datetime value indicating when the object was installed. A lack of a value does not indicate that the object is not installed.

InUseCount

Data type UInt64

The InUseCount property is an integer indicating the number of ‘file opens’ that are currently active against the file.

LastAccessed

Data type DateTime

The LastAccessed property is a datetime value indicating the time the file was last accessed.

LastModified

Data type DateTime

The LastModified property is a datetime value indicating the time the file was last modified.

LogfileName

Data type String

The LogFileName property indicates name of the log file.

Manufacturer

Data type String

Manufacturer string from version resource if one is present.

  MaxFileSize

Data type UInt32

The MaxFileSize property indicates the maximum size (in bytes) permitted for the log file. If the file exceeds its maximum size, its contents are moved to another file and the primary file is emptied. A value of zero indicates no size limit.

Name

Data type String

The Name property is a string representing the inherited name that serves as a key of a logical file instance within a file system. Full path names should be provided. Example: c:\winnt\system\win.ini

NumberOfRecords

Data type UInt32

Number of records in the log file. This value is determined by calling the Win32 function GetNumberOfEventLogRecords.

Option

Data type UInt32

  OverwriteOutDated

Data type UInt32

Number of days after which an event can be overwritten. Values are:

0 = Any entry can be overwritten when necessary.1..365 = Events that have been in the log file for one year (365 days) or less can be overwritten.4294967295 = Nothing can be ever be overwritten.

There is an interdependence between the OverWriteOutDated property (which is writable) value and the OverWritePolicy property (which is not writable) value.

If one changes the OverWriteOutDated property value to 0, the OverWritePolicy property value will be ‘henNeeded’

If one changes the OverWriteOutDated property value to 1-365, the OverWritePolicy property value will be ‘outDated’

If one changes the OverWriteOutDated property value to 4294967295, the OverWritePolicy property value will be ‘Never’.

OverWritePolicy

Data type String

Current overwrite policy the Windows NT/Windows 2000 Event Log service employs for this log file. The possible values of the property are:

WhenNeeded – This corresponds to OverWriteOutdated = 0.

OutDated – This corresponds to OverWriteOutdated of 1 to 365.

Never – This corresponds to OverWriteOutdated = 4294967295.

There is an interdependence between the OverWriteOutDated property (which is writable) value and the OverWritePolicy property (which is not writable) value.

If one changes the OverWriteOutDated property value to 0, the OverWritePolicy property value will be ‘henNeeded’

If one changes the OverWriteOutDated property value to 1-365, the OverWritePolicy property value will be ‘outDated’

If one changes the OverWriteOutDated property value to 4294967295, the OverWritePolicy property value will be ‘Never’.

$OverWritePolicy_ReturnValue = 
@{
    0='WhenNeeded'
  1..365='OutDated'
  4294967295='Never'
}

Path

Data type String

The Path property is a string representing the path of the file. This includes leading and trailing backslashes. Example: \windows\system\

Readable

Data type Boolean

The Readable property is a boolean value indicating if the file can be read.

Recursive

Data type Boolean

SecurityDescriptor

Data type Object

Sources

Data type String

The Sources property indicates the applications that are registered to log into this log file.

StartFileName

Data type String

Status

Data type String

The Status property is a string indicating the current status of the object. Various operational and non-operational statuses can be defined. Operational statuses are “OK”, “Degraded” and “Pred Fail”. “Pred Fail” indicates that an element may be functioning properly but predicting a failure in the near future. An example is a SMART-enabled hard drive. Non-operational statuses can also be specified. These are “Error”, “Starting”, “Stopping” and “Service”. The latter, “Service”, could apply during mirror-resilvering of a disk, reload of a user permissions list, or other administrative work. Not all such work is on-line, yet the managed element is neither “OK” nor in one of the other states.

'OK','Error','Degraded','Unknown','Pred Fail','Starting','Stopping','Service','Stressed','NonRecover','No Contact','Lost Comm'

System

Data type Boolean

The system property is a boolean value indicating if the file is a system file.

Version

Data type String

Version string from version resource if one is present.

Writeable

Data type Boolean

The Writeable property is a boolean value indicating if the file can be written.

Methods

Examples

See Also

Help and Questions

  Community Content

You are cordially invited to add knowledge to this page. If you have sample code or additional information related to this WMI class, please share it. Use the comment form to send your information. We will edit and incorparate it into the reference library. Thank you!

Please do not use the comment form to submit questions. If you have questions or need assistance, visit our free forum: Help me with WMI.

Content last updated: 2013-12-27 12:24:19 (UTC).

Facebooktwittergoogle_pluspinterestlinkedinFacebooktwittergoogle_pluspinterestlinkedin