How to configure an event source for multiple devices via Group Policy

How to configure an event source for multiple devices via Group Policy

Objective 

This article explains how to configure event sources for multiple Windows devices using Group Policy and a PowerShell script. This helps with enabling the Event Source file individually for each machine.

Prerequisites 

User permissions:

  • Domain administrator or equivalent privileges to create and edit Group Policy Objects.

Dependencies:


Poweshell script:

Download the PowerShell script file from Zoho Workdrive:  https://workdrive.zohoexternal.com/file/4p2s5484ea211168f4fad822da643066e45b9

You can also paste the following script in a text file and reformat it as a PS1 document.

Script:

$key = (get-item HKLM:\).OpenSubKey("SYSTEM\CurrentControlSet\Services\EventLog", $true)

$key.CreateSubKey('Microsoft-Windows-GroupPolicy/Operational')

$key.CreateSubKey('Microsoft-Windows-Application-Experience/Program-Inventory')

$key.CreateSubKey('Microsoft-IIS-Configuration/Operational')

$key.CreateSubKey('Microsoft-Windows-PrintService/Operational')

$key.CreateSubKey('Microsoft-Windows-TerminalServices-Gateway/Operational')

$key.Close()

Note: The above will create an Event Source for Microsoft-Windows-GroupPolicy/Operational, Microsoft-Windows-Application-Experience/Program-Inventory, Microsoft-IIS-Configuration/Operational, Microsoft-Windows-PrintService/Operational, and Microsoft-Windows-TerminalServices-Gateway/Operational. Customize the script based on your requirement.

Steps to follow 

Step 1: Create a Group Policy Object:  

On a domain controller or an admin machine with the Group Policy Management Console (GPMC) installed, Press Windows + R, type gpmc.msc in the search bar, and press Enter. This opens the GPMC.

Or, from the domain controller, open Server Manager > Tool > Group Policy Management.

Step 2: Right-click Group Policy Object and click New.


Step 3: After creating a Group Policy Object, click Edit and go to Policies > Windows Settings > Scripts > Startup, and then add the provided PowerShell script after adding the required event log source in the PowerShell script.

Sample screenshot of PowerShell script for adding event log source:

Copy the name of the event source from Event Viewer and the entries in the script accordingly.

Step 4: Allow the PowerShell script execution in the Group Policy Object. To do so, go to Policies > Administrative templates > Windows components > Windows PowerShell > Turn on Script Execution > Enable > Allow all scripts.


Step 5: Update the Group Policy by executing the below command in a Command Prompt to apply the Group Policy:

gpupdate /force

Tips

  1. To verify if Group Policy has been updated, execute the command gpresult /r and check if your Group Policy changes were mentioned.

  2. To verify the policy is added in the client system, go to the registry path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog and check if the event log sources added in script is successfully added.

  1. Always test your Group Policy Object on a small group before large-scale deployment.

  2. Keep the script versioned and documented for future updates. 


      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                      Related Products