Windows 10: Problems with Windows Event Collector

Good afternoon! There is a WEC server with several subscriptions for different logs System, Security, Application. It works in Push mode with the event delivery optimization parameter "Minimal Latency". There are 6 DC connected to subscriptions. However, there are periodic delays in WEC receiving events from the Security log there is a separate subscription for it. For example, the event is registered at 11:50 AM in the local log, but it only appears at 2:25PM on the WEC. 32GB of RAM is allocated for WEC, How to solve the problem?

:)

 

Windows 10 1709 System Restore problems...

That seems to be an attempt at Option 2 in the tutorial, which requires you to
a. Boot to a command prompt (Did you?)
b. You then seem to be mixing steps 3,4 and 5, thus your command is incorrect.

I suggest Option 1 is easier.

If you still have problems, please repost listing each specific step and saying which option from the tutorial you are using. Thanks.

 

Event Viewer problem with latest Windows Build 1607

After installing the new Windows build 1607, the Event Viewer stopped recording events under Diagnostic Performance. (Before 1607 I checked the files located under Windows.old dated 9/23/2016 and located this file which indeed did have a list of events
recorded.)

Since the initial 1607 download there have been two new builds automatically installed on my laptop.



The last step in an automatic download is the RESTART. Prior to my rebooting, I checked the Diagnostic Performance and for sure, these had the list of events.



Rebooting by me, causes the Diagnostic Performance errors to disappear.

As suggested earlier I have run the SFC/DISM commands with no errors reported.

Any Ideas?

Nancy

 

Export All Administrative Events to Excel

To analyze events, from the Windows Event Viewer, there is a simple way to export all Administrative Events to Excel, with PowerShell.

Exporting all Administrative Events to Excel is a simple two Step process, as described here:

Step 1 - Create the Administrative Events View .xml file

1. Open Eventviewer (%windir%\system32\eventvwr.msc)
2. Navigate to: Event Viewer (Local) > Custom Views > Administrative Events
3. In the “Actions” pane select “Filter Current Custom View”.
4. Select the the XML tab.
5. Press Ctrl+A to select all the XML code of the Custom View.
6. Open a notepad, paste the selected code and save the file to your Desktop as AdmEvtView.xml

Step 2 - Create the csv file with the events

1. Download the ExportEvtCSV.zip file, which contains the script ExportEvtCSV.ps1 and unzip it, on your Desktop.
   It's not a fancy script, just basic PowerShell commands to create a csv file on the Desktop.
2. In Windows Search, type “ISE” (without the quotes) to open “Windows PowerShell ISE” and Run as administrator
   
3. To allow running the script, change the ExecutionPolicy, for this session. To do that, in the Console pane type:
   Code:
4. In the Windows PowerShell ISE, open and run the script: ExportEvtCSV.ps1
   The script will create a csv file with a name YYYYMMDD.HHMM.csv on the Desktop
5. When done, open the newly created .csv file, format the columns as needed and optionally save it as .xlsx, if you wish.

That’s it! You now have all the Administrative Events in Excel for filtering and further analysis.

Now to the more technical hard stuff... *Confused

There is a reason for running the script from within PowerShell ISE!

It would be great if everything was also working perfectly, when running the script from an elevated PowerShell too.

We can run it from an elevated PowerShell, which means that you just follow the Step 1, as above but for the Step 2 instead of the ISE you run the script from an elevated PowerShell.

The problem is that it will work only for anybody who has en-US format for the dates. Everyone else, who has another format (i.e. en-GB, fr-FR, el-GR etc.), the dates are not translated properly by Excel (although the script uses the –UseCulture switch) and remain as text in the en-US format.

I'm not sure if this a bug of the "export-csv" cmdlet, but although it runs the way it supposed to from within the ISE, from PowerShell there is a problem with the dates format.
As I haven’t found a way to overcome this obstacle, any suggestion from the PowerShell gurus of the forum (like my good friend Shawn @Brink, for instance), is welcome.