{4B3113E3-C8EF-4CED-813C-F0D888C55C61} windomain.local Windows Event Forwarding Server true 2017-07-21T07:47:00 2017-07-21T21:50:09 2017-07-22T06:46:22.2172604Z O:S-1-5-21-2906110659-1782557030-2646142923-1000G:DUD:PAI(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;;CCDCLCSWRPWPDTLOSDRCWDWO;;;S-1-5-21-2906110659-1782557030-2646142923-1000)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;S-1-5-21-2906110659-1782557030-2646142923-519)(A;CI;LCRPLORC;;;ED)(A;CI;LCRPLORC;;;AU)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;SY)(A;CIIO;CCDCLCSWRPWPDTLOSDRCWDWO;;;CO)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) S-1-5-21-2906110659-1782557030-2646142923-1000 WINDOMAIN\vagrant S-1-5-21-2906110659-1782557030-2646142923-513 WINDOMAIN\Domain Users true false S-1-5-21-2906110659-1782557030-2646142923-519 WINDOMAIN\Enterprise Admins Allow false true false true false Edit, delete, modify security 0 S-1-5-9 NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Allow false true false true false Read 0 S-1-5-18 NT AUTHORITY\SYSTEM Allow false true false true false Edit, delete, modify security 0 S-1-5-21-2906110659-1782557030-2646142923-1000 WINDOMAIN\vagrant Allow false true false false false Edit, delete, modify security 0 S-1-5-11 NT AUTHORITY\Authenticated Users Allow false true false true false Apply Group Policy 0 S-1-5-21-2906110659-1782557030-2646142923-512 WINDOMAIN\Domain Admins Allow false true false true false Edit, delete, modify security 0 false true 2 2 true Configure target Subscription Manager Enabled This policy setting allows you to configure the server address, refresh interval, and issuer certificate authority (CA) of a target Subscription Manager. If you enable this policy setting, you can configure the Source Computer to contact a specific FQDN (Fully Qualified Domain Name) or IP Address and request subscription specifics. Use the following syntax when using the HTTPS protocol: Server=https://<FQDN of the collector>:5986/wsman/SubscriptionManager/WEC,Refresh=<Refresh interval in seconds>,IssuerCA=<Thumb print of the client authentication certificate>. When using the HTTP protocol, use port 5985. If you disable or do not configure this policy setting, the Event Collector computer will not be specified. At least Windows Vista Windows Components/Event Forwarding SubscriptionManagers Enabled false false Server=http://wef.windomain.local:5985/wsman/SubscriptionManager/WEC,Refresh=60 Registry 1 1 true windomain windomain.local true true Domain Controllers windomain.local/Domain Controllers true true