diff --git a/Vagrant/scripts/install-splunkuf.ps1 b/Vagrant/scripts/install-splunkuf.ps1
index 242003d..0e76820 100755
--- a/Vagrant/scripts/install-splunkuf.ps1
+++ b/Vagrant/scripts/install-splunkuf.ps1
@@ -7,7 +7,7 @@ If (-not (Test-Path "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"))
   Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing & Starting Splunk"
   [Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls"
   (New-Object System.Net.WebClient).DownloadFile('https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=windows&version=7.1.0&product=universalforwarder&filename=splunkforwarder-7.1.0-2e75b3406c5b-x64-release.msi&wget=true', $msiFile)
-  Start-Process -FilePath "c:\windows\system32\msiexec.exe" -ArgumentList '/i', "$msiFile", 'RECEIVING_INDEXER="192.168.38.105:9997" WINEVENTLOG_SEC_ENABLE=1 WINEVENTLOG_SYS_ENABLE=1 WINEVENTLOG_APP_ENABLE=1 AGREETOLICENSE=Yes SERVICESTARTTYPE=1 LAUNCHSPLUNK=1 SPLUNKPASSWORD=changeme /quiet' -Wait
+  Start-Process -FilePath "c:\windows\system32\msiexec.exe" -ArgumentList '/i', "$msiFile", 'RECEIVING_INDEXER="192.168.38.105:9997" WINEVENTLOG_SEC_ENABLE=0 WINEVENTLOG_SYS_ENABLE=0 WINEVENTLOG_APP_ENABLE=0 AGREETOLICENSE=Yes SERVICESTARTTYPE=1 LAUNCHSPLUNK=1 SPLUNKPASSWORD=changeme /quiet' -Wait
 } Else {
   Write-Host "Splunk is already installed. Moving on."
 }
diff --git a/Vagrant/scripts/install-sysinternals.ps1 b/Vagrant/scripts/install-sysinternals.ps1
index 0ffa5de..a761de1 100755
--- a/Vagrant/scripts/install-sysinternals.ps1
+++ b/Vagrant/scripts/install-sysinternals.ps1
@@ -58,3 +58,6 @@ If ((Get-Service -name Sysmon64).Status -ne "Running")
 {
   throw "The Sysmon service did not start successfully"
 }
+
+# Make the event log channel readable. For some reason this doesn't work in the GPO and only works when run manually.
+wevtutil sl Microsoft-Windows-Sysmon/Operational "/ca:O:BAG:SYD:(A;;0x5;;;BA)(A;;0x1;;;S-1-5-20)(A;;0x1;;;S-1-5-32-573)"