| title | description | ms.date |
|---|---|---|
ADMX_EventForwarding Policy CSP |
Learn more about the ADMX_EventForwarding Area in Policy CSP. |
08/06/2024 |
[!INCLUDE ADMX-backed CSP tip]
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_EventForwarding/ForwarderResourceUsage
This policy setting controls resource usage for the forwarder (source computer) by controlling the events/per second sent to the Event Collector.
-
If you enable this policy setting, you can control the volume of events sent to the Event Collector by the source computer. This may be required in high volume environments.
-
If you disable or don't configure this policy setting, forwarder resource usage isn't specified.
This setting applies across all subscriptions for the forwarder (source computer).
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
[!INCLUDE ADMX-backed policy note]
ADMX mapping:
| Name | Value |
|---|---|
| Name | ForwarderResourceUsage |
| Friendly Name | Configure forwarder resource usage |
| Location | Computer Configuration |
| Path | Windows Components > Event Forwarding |
| Registry Key Name | Software\Policies\Microsoft\Windows\EventLog\EventForwarding |
| ADMX File Name | EventForwarding.admx |
| Scope | Editions | Applicable OS |
|---|---|---|
| ✅ Device ❌ User |
✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC |
✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later |
./Device/Vendor/MSFT/Policy/Config/ADMX_EventForwarding/SubscriptionManager
This policy setting allows you to configure the server address, refresh interval, and issuer certificate authority (CA) of a target Subscription Manager.
- If you enable this policy setting, you can configure the Source Computer to contact a specific FQDN (Fully Qualified Domain Name) or IP Address and request subscription specifics.
Use the following syntax when using the HTTPS protocol:
Server=https://<FQDN of the collector>:5986/wsman/SubscriptionManager/WEC,Refresh=<Refresh interval in seconds>,IssuerCA=<Thumb print of the client authentication certificate>. When using the HTTP protocol, use port 5985.
- If you disable or don't configure this policy setting, the Event Collector computer won't be specified.
Description framework properties:
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
[!INCLUDE ADMX-backed policy note]
ADMX mapping:
| Name | Value |
|---|---|
| Name | SubscriptionManager |
| Friendly Name | Configure target Subscription Manager |
| Location | Computer Configuration |
| Path | Windows Components > Event Forwarding |
| Registry Key Name | Software\Policies\Microsoft\Windows\EventLog\EventForwarding |
| ADMX File Name | EventForwarding.admx |