First you need to add an entry to the Registry for the log from the "Applications and Services Logs" that you want before you can access it using WMI. These newer logs are not listed in the Registry by default and WMI checks the registry for which logs are available for it to access.
To find the log's actual name, open the the Event Viewer and expand the tree containing the log that you want, then copy the contents of the
Full Name field from the
Properties dialogue- for example:
Microsoft-Windows-DriverFrameworks-UserMode/Operational
Next, open the Registry using the registry editor (regedit.exe) and navigate to the this key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog
Create a new Key underneath this one, naming it using the
Full Name above and close the registry editor to save the changes. It is a good idea to make a backup of the Registry before making any changes.
In your code, use the
Full Name above to access the log. For example, using VBScript:
objWMIService.ExecQuery("Select * from Win32_NTLogEvent Where Logfile = 'Microsoft-Windows-DriverFrameworks-UserMode/Operational' AND EventCode='2003'")