0

On windows server, when you open group policy setting (gpedit.msc in System32), I can set up Event Forwarding by following steps here: http://msdn.microsoft.com/en-us/library/windows/desktop/bb870973(v=vs.85).aspx under section Configuring the event source computer

I was wondering if I could use PowerShell to do the same thing with setting up the Collector Address and Enabling the Subscription Manager Configuration (Steps 3 and 4 in the provided link under the specified section above).

I came across this doc: http://technet.microsoft.com/en-us/library/ee461027.aspx for group policy cmdlets but I am not sure how to use these cmdlets to do the same thing I can do by using the gpedit UI.

If you have any hints or good pointers on how to start or which cmdlets to use, I would appreciate that.

Thanks

Daniel A. White
  • 187,200
  • 47
  • 362
  • 445
Saher Ahwal
  • 9,015
  • 32
  • 84
  • 152

1 Answers1

1

you will find in another answer the roadmap to create a GPO based on a registry key on a W2K8 R2 computer using PowerShell.

To find thes you fave tochange have a look to : C:\Windows\PolicyDefinitions\EventForwarding.admx

<?xml version="1.0"?>
<policyDefinitions xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.0" schemaVersion="1.0" xmlns="http://schemas.microsoft.com/GroupPolicy/2006/07/PolicyDefinitions">

        <policyNamespaces>
                <target prefix="eventforwarding" namespace="Microsoft.Policies.EventForwarding" />
                <using prefix="windows" namespace="Microsoft.Policies.Windows" />
        </policyNamespaces>

    <supersededAdm fileName="EventForwarding.adm"/>

    <resources minRequiredRevision="1.0"/>

    <categories>
        <category name="EventForwarding" displayName="$(string.EventForwarding)">
            <parentCategory ref="windows:WindowsComponents"/>
        </category>
    </categories>

    <policies>
        <policy name="SubscriptionManager" class="Machine" displayName="$(string.SubscriptionManager)" explainText="$(string.Subscription_Help)" presentation="$(presentation.SubscriptionManager)" key="Software\Policies\Microsoft\Windows\EventLog\EventForwarding">
            <parentCategory ref="EventForwarding"/>
                        <supportedOn ref="windows:SUPPORTED_WindowsVista" />  
            <elements>
                <list id="SubscriptionManager_Listbox" key="Software\Policies\Microsoft\Windows\EventLog\EventForwarding\SubscriptionManager" valuePrefix=""/>
            </elements>
        </policy>
        <policy name="ForwarderResourceUsage" class="Machine" displayName="$(string.ForwarderResourceUsage)" explainText="$(string.ForwarderResourceUsage_Help)" presentation="$(presentation.ForwarderResourceUsage)" key="Software\Policies\Microsoft\Windows\EventLog\EventForwarding">
            <parentCategory ref="EventForwarding"/>
                        <supportedOn ref="windows:SUPPORTED_WindowsVista" />  
                        <elements>
                                <decimal id="MaxForwardingRate" valueName="MaxForwardingRate"/>
                        </elements>
                </policy>
    </policies>

</policyDefinitions>
Community
  • 1
  • 1
JPBlanc
  • 70,406
  • 17
  • 130
  • 175
  • Hey @JPBlanc: When I look at the EventForwarding.admx, I don't see the current configuration (for example, the collecter address of the machine), can I still change that or set it at the first place? – Saher Ahwal Jun 07 '12 at 16:39
  • Sorry, I don't understand, the ADMX file is a description file, you don't find the registry kes you need inside ? – JPBlanc Jun 07 '12 at 16:50
  • By the way, I cannot Import-Module grouppolicy , do you have any idea why this might be. (I get FileNotFoundException)? – Saher Ahwal Jun 07 '12 at 16:52
  • 1
    Are you working on the server ? Can you see GroupPolicy when you type get-module -listavailable ? If no You may install RSAT. – JPBlanc Jun 07 '12 at 17:02
  • Hey @JPBlanc: If I already set EventForwarding manually , I should be able to see that through this command right : *PS C:\Windows\PolicyDefinitions> Get-GPRegistryValue -Name SubscriptionManager -key HKEY_LOCAL_MACHINE\Software\Policies \Microsoft\Windows\EventLog\EventForwarding* , but this is not working. I also tried with HKEY_CURRENT_USER. I am sure I have SubscriptionManager policy that is forwarding events to other machines in the domain. I can add this as new question if you want. Thanks – Saher Ahwal Jun 07 '12 at 21:13
  • I found the config using the command Get-GPResultantSetOfPolicy – Saher Ahwal Jun 07 '12 at 21:31
  • let me point you to this question :http://stackoverflow.com/questions/10941176/how-to-get-set-registry-value-through-group-policy-cmdlet – Saher Ahwal Jun 07 '12 at 23:17