The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties. Properties and methods are in alphabetic order, not MOF order.
class Win32_NTEventlogFile : CIM_DataFile
{
uint32 AccessMask;
boolean Archive;
string Caption;
boolean Compressed;
string CompressionMethod;
string CreationClassName;
datetime CreationDate;
string CSCreationClassName;
string CSName;
string Description;
string Drive;
string EightDotThreeFileName;
boolean Encrypted;
string EncryptionMethod;
string Extension;
string FileName;
uint64 FileSize;
string FileType;
string FSCreationClassName;
string FSName;
boolean Hidden;
datetime InstallDate;
uint64 InUseCount;
datetime LastAccessed;
datetime LastModified;
string LogfileName;
string. Manufacturer;
uint32 MaxFileSize;
string Name;
uint32 NumberOfRecords;
uint32 OverwriteOutDated;
string OverWritePolicy;
string Path;
boolean Readable;
string Sources[];
string Status;
boolean System;
string Version;
boolean Writeable;
}; | Method | Description |
TakeOwnerShip | Class method that obtains ownership of the logical file specified in the Name
property. |
ChangeSecurityPermissions | Class method that changes the security permissions for the logical file specified in the Name
property. |
Copy | Class method that copies the logical file or directory specified in the Name
property to the location specified by the input parameter. |
Rename | Class method that renames the logical file (or directory) specified in the Name
property. |
Delete | Class method that deletes the logical file (or directory) specified in the Name
property. |
Compress | Class method that compresses the logical file (or directory) specified in the Name
property. |
Uncompress | Class method that uncompresses the logical file (or directory) specified in the Name
property. |
TakeOwnerShipEx | Class method that obtains ownership of the logical file specified in the Name
property. |
ChangeSecurityPermissionsEx | Class method that changes the security permissions for the logical file specified in the Name
property. |
CopyEx | Class method that copies the logical file or directory specified in the Name
property to the location specified by the FileName parameter. |
DeleteEx | Class method that deletes the logical file (or directory) specified in the Name
property. |
CompressEx | Class method that uses NTFS compression to compress the logical file (or directory) specified in the Name
property. |
UncompressEx | Class method that uncompresses the logical file (or directory) specified in the Name
property. |
GetEffectivePermission | Class method that determines whether the caller has the aggregated permissions specified by the Permission argument not only on the file object, but on the share the file or directory resides on (if it is on a share). |
ClearEventLog | Clears the specified event log. |
BackupEventLog | Saves the specified event log to a backup file. |
- AccessMask
- Data type: uint32
Access type: Read-onlyBit mask that represents the access rights required to access or perform specific operations on the event log file. For bit values, see File and Directory Access Rights Constants.
Windows 2000 and Windows NT 4.0: On FAT volumes, the FULL_ACCESS value is returned instead, which indicates no security has been set on the object.
- Archive
- Data type: boolean
Access type: Read-onlyIf True, a file that contains Windows NT events should be archived.
- Caption
- Data type: string
Access type: Read-onlyShort description (one-line string) of the object.
- Compressed
- Data type: boolean
Access type: Read-onlyIf True, a file that contains Windows NT events is compressed.
- CompressionMethod
- Data type: string
Access type: Read-onlyAlgorithm or tool used to compress the logical file that contains Windows NT events.
- CreationClassName
- Data type: string
Access type: Read-only
Qualifiers: Key, MaxLen(256)Name of the first concrete class to appear in the inheritance chain used in the creation of an instance. When used with the other key properties of the class, this property allows all instances of this class and its subclasses to be uniquely identified.
- CreationDate
- Data type: datetime
Access type: Read-onlyDate that the file that contains Windows NT events was created.
- CSCreationClassName
- Data type: string
Access type: Read-onlyClass of the computer system.
- CSName
- Data type: string
Access type: Read-onlyName of the computer system.
- Description
- Data type: string
Access type: Read-onlyDescription of the object.
- Drive
- Data type: string
Access type: Read-onlyDrive letter (including colon) of the file that contains Windows NT events.
Example: "c:"
- EightDotThreeFileName
- Data type: string
Access type: Read-onlyDOS-compatible file name for the file that contains Windows NT events.
Example: "c:\progra~1"
- Encrypted
- Data type: boolean
Access type: Read-onlyFile that contains Windows NT events is encrypted.
- EncryptionMethod
- Data type: string
Access type: Read-onlyAlgorithm or tool used to encrypt the logical file.
- Extension
- Data type: string
Access type: Read-onlyFile name extension (without the dot) of the file that contains Windows NT events.
Example: "txt", "mof", "mdb"
- FileName
- Data type: string
Access type: Read-onlyFile name (without extension) of the file that contains Windows NT events.
Example: "autoexec"
- FileSize
- Data type: uint64
Access type: Read-onlySize of the file that contains Windows NT events (in bytes).
For more information about using uint64 values in scripts, see Scripting in WMI.
- FileType
- Data type: string
Access type: Read-onlyFile type (indicated by the Extension property).
- FSCreationClassName
- Data type: string
Access type: Read-onlyClass of the file system.
- FSName
- Data type: string
Access type: Read-onlyName of the file system.
- Hidden
- Data type: boolean
Access type: Read-onlyIf True, a file that contains Windows NT events is hidden.
- InstallDate
- Data type: datetime
Access type: Read-onlyObject is installed. This property does not need a value to indicate that the object is installed.
- InUseCount
- Data type: uint64
Access type: Read-onlyNumber of "file opens" that are currently active against the file that contains Windows NT events.
For more information about using uint64 values in scripts, see Scripting in WMI.
- LastAccessed
- Data type: datetime
Access type: Read-onlyDate and time that the file that contains Windows NT events was last accessed.
- LastModified
- Data type: datetime
Access type: Read-onlyDate and time that the file that contains Windows NT events was last modified.
- LogfileName
- Data type: string
Access type: Read-onlyName of the file that contains Windows NT events. Standard log file names include: Application, System, and Security.
- Manufacturer
- Data type: string.
Access type: Read-onlyManufacturer from version resource, if one is present.
- MaxFileSize
- Data type: uint32
Access type: Read/write
Maximum size (in bytes) permitted for the file that contains Windows NT events. If the file exceeds its maximum size, its contents are moved to another file and the primary file is emptied. A value of zero indicates no size limit. WMI retrieves the Maxsize value from the Event Log Service registry values.
- Name
- Data type: string
Access type: Read-only
Qualifiers: Key
Inherited name that serves as a key of a logical file instance that contains Windows NT events within a file system. Full path names should be provided.
Example: "c:\winnt\system\win.ini"
- NumberOfRecords
- Data type: uint32
Access type: Read-only
Number of records in the file that contains Windows NT events. This value is determined by calling the Windows function GetNumberOfEventLogRecords.
- OverwriteOutDated
- Data type: uint32
Access type: Read/write
Qualifiers: Units(Days)
Number of days after which an event can be overwritten.
Possible values for OverwriteOutDated include the following.
| Value | Meaning |
| 0
0x0 | Always Overwrite |
| 4294967295
0xFFFFFFFF | Never Overwrite |
Windows Server 2003, Windows XP, Windows 2000, and Windows NT 4.0: Possible values for OverwriteOutDated include the following.
| Value | Meaning |
| 0
0x0 | Any entry can be overwritten when necessary. |
| 1...365 | Events that have been in the log file for one year (365 days) or less can be overwritten. |
| 4294967295
0xFFFFFFFF | Nothing can be ever be overwritten. |
- OverWritePolicy
- Data type: string
Access type: Read-onlyCurrent overwrite policy the Event Log service employs for this log file. Data can be never overwritten, or can be overwritten when necessary or when outdated. When data is outdated depends on the OverwriteOutDated value.
| Value | Meaning |
| WhenNeeded | The value of OverwriteOutDated equals 0 (zero). |
| OutDated | The value of OverwriteOutDated ranges from 1 to 365. |
| Never | The value of OverwriteOutDated equals 4294967295. |
- Path
- Data type: string
Access type: Read-onlyPath of the file that contains Windows NT event. This includes leading and trailing backslashes.
Example: "\windows\system\"
- Readable
- Data type: boolean
Access type: Read-onlyIf True, a file that contains Windows NT events can be read.
- Sources
- Data type: string array
Access type: Read-onlyList of applications that are registered to log into this log file.
- Status
- Data type: string
Access type: Read-onlyCurrent status of the object.
The values are:
"OK"
"Error"
"Degraded"
"Unknown"
"Pred Fail"
"Starting"
"Stopping"
"Service"
"Stressed"
"NonRecover"
"No Contact"
"Lost Comm"
- System
- Data type: boolean
Access type: Read-onlyIf True, a file that contains Windows NT event is a system file.
- Version
- Data type: string
Access type: Read-onlyVersion string from version resource if one is present.
- Writeable
- Data type: boolean
Access type: Read-onlyIf True, a file that contains Windows NT events can be written.