Using the functino win32evtlog.EvtOpenSession with a remote server I noticed that I could not authenticate with any user. With an sniffer, I confirmed that my current user was always being used, rather than the user passed in the EVT_RPC_LOGIN tuple.
Debugging with Windbg, placing a breakpoint in EvtOpenSession, I noticed that the EVT_RPC_LOGIN had an empty username, the other fields were correct.
I believe that this is a bug: in the file http://pywin32.hg.sourceforge.net/hgweb/pywin32/pywin32/file/b81227a0b147/win32/src/win32evtlog.i , in the code that parses the tuple EVT_RPC_LOGIN we see
1180 if (!PyArg_ParseTuple(ob, "O|OOOk", &observer, *obuser, &obdomain, &obpassword, &erl->Flags))
1181 return FALSE;
The username (obuser) is incorrectly passed by value. It should be &obuser, like obdomain and obpassword.
Fixed in this commit:
http://pywin32.hg.sourceforge.net/hgweb/pywin32/pywin32/hgroot/pywin32/pywin32?cmd=changeset;node=f89c0a9724ca