SharePoint, PowerShell and .Net Development

About the author

Author Name is someone.
E-mail me Send mail

Recent posts

Recent comments

Don't show

Archive

Authors

Tags

Categories


Blogroll

Download OPML file OPML

Disclaimer

The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.

© Copyright 2010

Make it stop, make it stop!

The easiest way to stop event processing is to delete the binding between a filter and a consumer. In WMI terms the '__FilterToConsumerBinding' class is known as an association class, all it does is link together two other classes. Association classes are a pain to connect to directly so it's simpler to use another type of WQL query that returns the association class connected to your filter or consumer. The code below does exactly that and once you have the associator you can invoke its delete method to break the link. Do bear in mind that a filter or consumer may be associated with more than one other filter or consumer so you might get an array of results rather than just one.


$AssociatorInstance = gwmi -query "REFERENCES OF {__EventFilter='NewProcessFilter'}" -namespace "root\subscription"
$AssociatorInstance.delete()

Be the first to rate this post

  • Currently 0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Posted by tb on Monday, January 07, 2008 3:39 AM
E-mail | Kick it! | DZone it! | del.icio.us
Permalink | Comments (0) | Post RSSRSS comment feed

Add comment


(Will show your Gravatar icon)  

  Country flag

[b][/b] - [i][/i] - [u][/u]- [quote][/quote]



Live preview

Saturday, July 31, 2010 7:47 AM