Win32_NTEventlogFile

List of access rights to the given file or directory held by the user or group on whose behalf the instance is returned. This property is only supported under Windows NT and Windows 2000. On Windows 98 and on Windows NT/Windows 2000 FAT volumes, the FULL_ACCESS value is returned instead, indicating no security has been set on the object.

Values are:
0 = FILE_READ_DATA (file) or FILE_LIST_DIRECTORY (directory)
1 = FILE_WRITE_DATA (file) or FILE_ADD_FILE (directory)
2 = FILE_APPEND_DATA (file) or FILE_ADD_SUBDIRECTORY (directory)
3 = FILE_READ_EA
4 = FILE_WRITE_EA
5 = FILE_EXECUTE (file) or FILE_TRAVERSE (directory)
6 = FILE_DELETE_CHILD (directory)
7 = FILE_READ_ATTRIBUTES
8 = FILE_WRITE_ATTRIBUTES
16 = DELETE
17 = READ_CONTROL
18 = WRITE_DAC
19 = WRITE_OWNER
20 = SYNCHRONIZE

Indicates whether the file should be archived.

Short description (one-line string) of the object.

Indicates whether the file is compressed.

Algorithm or tool used to compress the logical file. If it is not possible (or not desired) to describe the compression scheme (perhaps because it is not known), use the following words: "Unknown" to represent that it is not known whether the logical file is compressed or not; "Compressed" to represent that the file is compressed but either its compression scheme is not known or not disclosed; and "Not Compressed" to represent that the logical file is not compressed.

Name of the first concrete class to appear in the inheritance chain used in the creation of an instance. When used with the other key properties of the class, the property allows all instances of this class and its subclasses to be uniquely identified.

File creation date.

Class of the computer system.

Name of the computer system.

Description of the object.

Drive letter (including colon) of the file.

Example: "c:"

DOS-compatible file name for this file.

Example: "c:\progra~1"

Indicates whether the file is encrypted.

Algorithm or tool used to encrypt the logical file. If it is not possible (or not desired) to describe the encryption scheme (perhaps for security reasons), use the following words: Unknown to represent that it is not known whether the logical file is encrypted or not, Encrypted to represent that the file is encrypted but either its encryption scheme is not known or not disclosed, and Not Encrypted to represent that the logical file is not encrypted.

File extension (without the dot).

Example: "txt", "mof", "mdb"

File name (without extension) of the file. Example: "autoexec"

Size of the file (in bytes).

File type (indicated by the Extension property).

Class of the file system.

Name of the file system.

Indicates whether the file is hidden.

When the object was installed. A lack of a value does not indicate that the object is not installed.

Number of 'file opens' that are currently active against the file.

When the file was last accessed.

When the file was last modified.

Name of the file.

Manufacturer from version resource, if one is present.

Maximum size (in bytes) permitted for the log file. If the file exceeds its maximum size, its contents are moved to another file and the primary file is emptied. A value of zero indicates no size limit.

Inherited name that serves as a key of a logical file instance within a file system. Full path names should be provided.

Example: "c:\winnt\system\win.ini"

Number of records in the log file. This value is determined by calling the Win32 function GetNumberOfEventLogRecords.

Number of days after which an event can be overwritten.

Values are:

0 = Any entry can be overwritten when necessary.
1..365 = Events that have been in the log file for one year (365 days) or less can be overwritten.
4294967295 = Nothing can be ever be overwritten.

Current overwrite policy the Windows NT/Windows 2000 Event Log service employs for this log file. Data can be overwritten either never, when necessary, or when outdated. When data is outdated depends on the OverwriteOutDated value.

Values are:
"WhenNeeded" (OverWriteOutdated = 0)
"OutDated" = (OverWriteOutdated = 1..365)
"Never" = (OverWriteOutdated = 4294967295)

Path of the file. This includes leading and trailing backslashes.

Example: "\windows\system\"

Indicates whether the file can be read.

Current status of the object. Various operational and non-operational statuses can be defined. Operational statuses include: "OK", "Degraded", and "Pred Fail" (an element, such as a SMART-enabled hard drive, may be functioning properly but predicting a failure in the near future). Non-operational statuses include: "Error", "Starting", "Stopping", and "Service". The latter, "Service", could apply during mirror-resilvering of a disk, reload of a user permissions list, or other administrative work. Not all such work is on-line, yet the managed element is neither "OK" nor in one of the other states.

Values are:
"OK"
"Error"
"Degraded"
"Unknown"
"Pred Fail"
"Starting"
"Stopping"
"Service"

Indicates whether the file is a system file.

Version string from version resource if one is present.

Indicates whether the file can be written.