Author: admin

This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators. If you enable this policy setting the Event Log uses the path specified in this policy setting. If you disable or do not configure this policy setting the Event Log uses the system32 or system64 subdirectory.

This policy setting controls Event Log behavior when the log file reaches its maximum size. If you enable this policy setting and a log file reaches its maximum size new events are not written to the log and are lost. If you disable or do not configure this policy setting and a log file reaches its maximum size new events overwrite old events. Note: Old events may or may not be retained according to the “Backup log automatically when full” policy setting.

This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string. If you enable this policy setting only those users matching the security descriptor can access the log. If you disable or do not configure this policy setting all authenticated users and system services can write read or clear this log.

This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the “Retain old events” policy setting is enabled. If you enable this policy setting and the “Retain old events” policy setting is enabled the Event Log file is automatically closed and renamed when it is full. A new file is then started. If you disable this policy setting and the “Retain old events” policy setting is enabled new events are discarded and old events are retained. If you do not configure this policy setting and the “Retain old events” policy setting is enabled new events are discarded and the old events are retained.

This policy setting controls resource usage for the forwarder (source computer) by controlling the events/per second sent to the Event Collector. If you enable this policy setting you can control the volume of events sent to the Event Collector by the source computer. This may be required in high volume environments. If you disable or do not configure this policy setting forwarder resource usage is not specified. This setting applies across all subscriptions for the forwarder (source computer).

This policy setting allows you to configure the server address refresh interval and issuer certificate authority (CA) of a target Subscription Manager. If you enable this policy setting you can configure the Source Computer to contact a specific FQDN (Fully Qualified Domain Name) or IP Address and request subscription specifics. Use the following syntax when using the HTTPS protocol:Server=https://:5986/wsman/SubscriptionManager/WECRefresh=IssuerCA=. When using the HTTP protocol use port 5985. If you disable or do not configure this policy setting the Event Collector computer will not be specified.

This policy setting determines the default consent behavior of Windows Error Reporting. If you enable this policy setting you can set the default consent handling for error reports. The following list describes the Consent level settings that are available in the pull-down menu in this policy setting:- Always ask before sending data: Windows prompts users for consent to send reports. – Send parameters: Only the minimum data that is required to check for an existing solution is sent automatically and Windows prompts users for consent to send any additional data that is requested by Microsoft. – Send parameters and safe additional data: the minimum data that is required to check for an existing solution along with data which Windows has determined (within a high probability) does not contain personally-identifiable information is sent automatically and Windows prompts the user for consent to send any additional data that is requested by Microsoft. – Send all data: any error reporting data requested by Microsoft is sent automatically. If this policy setting is disabled or not configured then the consent level defaults to the highest-privacy setting: Always ask before sending data.

This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings. If you enable this policy setting the default consent levels of Windows Error Reporting always override any other consent policy setting. If you disable or do not configure this policy setting custom consent policy settings for error reporting determine the consent level for specified event types and the default consent setting determines only the consent level of any other error reports.