Forum Discussion
Windows Events Command Line Utility (wevtutil) producing NUL values in text output.
I've noticed that Windows Server 2022, the wevtutil is adding NULs after some entries the text output; running the same utility from an instance of server 2019 doesn't.
Server 2022:
wevtutil qe Application "/q:*[System [(EventID=865)]]" /f:text /rd:true /c:1
Event[0]
Log Name: Application
Source: Microsoft-Windows-SoftwareRestrictionPolicies
Date: 2022-02-21T08:12:27.5490000Z
Event ID: 865
Task: N/A
Level: Warning Opcode: Info Keyword: N/A
User: S-1-5-21-1860657127-41187656-1928362250-12396
User Name: <redacted>
Computer: <redacted>
Description:
Access to c:\Users\<redacted>\Desktop\calc.exe has been restricted by your Administrator by the default software restriction policy level.
Server 2019:
wevtutil qe Application "/q:*[System [(EventID=865)]]" /f:text /rd:true /c:1
Event[0]:
Log Name: Application
Source: Microsoft-Windows-SoftwareRestrictionPolicies
Date: 2022-02-21T08:12:27.549
Event ID: 865
Task: N/A
Level: Warning
Opcode: Info
Keyword: N/A
User: S-1-5-21-1860657127-41187656-1928362250-12396
User Name: <redacted>
Computer: <redacted>
Description:
Access to c:\Users\<redacted>\Desktop\calc.exe has been restricted by your Administrator by the default software restriction policy level.
Any ideas other than just using the utility from a 2019 machine?
Thanks.
- Any update to this or workaround? I am seeing this same problem on Server 2022 on both machines with fresh OS install and an upgrade from 2019 to Server2022. Seems like this is still happening in September of 2023.
I'm surprised this hasn't been reported more or fixed in the last year and a half since it is so easily reproducible.- Update: I was able to work around this by using the wevtutil.exe and the wevtutil.exe.mui in a en-US subfolder from a Server 2019 machine and put this on my Server 2022 that was having the issue. The older version of wevtutil works without inserting the NUL character into the text file.
