User Profile
riechsteinertech
Copper Contributor
Joined 5 years ago
User Widgets
Recent Discussions
Windows Event Collector broken since at least 25099
In my lab I use a Windows Event Collector Server based in the insider version (now on 25151, upgrading atm to 25158). Unfortunately it is very hard getting Windows Event Collector to work reliable. Subscriptions just stop working after a few day and they have to be recreated. In the Runtime Status I see the following error: (no google results) Last retry time: 15.07.2022 07:16:14. Code (0x138C): <f:ProviderFault provider="Unknown provider" path="Unknown path" xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault"><t:ProviderError xmlns:t="http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog">Windows Event Forward plugin can't read any event from the query since the query returns no active channel. Please check channels in the query and make sure they exist and you have access to them.</t:ProviderError></f:ProviderFault> Can anybody enable Windows Event Collector, make a push subscription and collect some logs and see if they have the same probem? A Windows Event Collector using Windows Server 2022 works fine. Edit: additionally "wevtutil gl Security" shows the following error: name: Security enabled: true type: Admin Failed to get owningPublisher property. The data is invalid.1.4KViews1like0CommentsIntent behind configuring Network Protection but not enabling it in Windows Server Baselines
What is the intent behind the following two settings in the Windows Server 2019/2022 Baseline: Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Network Protection Prevent users and apps from accessing dangerous websites Block Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Network Protection This settings controls whether Network Protection is allowed to be configured into block or audit mode on Windows Server. In Windows Server Network Protection is not enabled by default, so when the 2nd setting is left to unconfigured the first setting cannot and does not work. Why configure it then?
Recent Blog Articles
No content to show