Printer Event Logging enabled but not getting events
Hiya, I've enabled logging for the Operational event log under Applications and Services Logs - Microsoft - Windows - PrintService but when I print I don't get any events. This configuration used to work and I can't find any different advice. Thoughts? TIA ~DGM~
Create Task scheduler-run for event with specific Result Code
I would like to trigger the task only if the login attempt is against a disabled account. This includes the Result Code 0x12. How can I add this to the trigger? Any help would be much appreciated. Thanks. Here is the event. Here is the event details XML View: - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> - <System> <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" /> <EventID>4768</EventID> <Version>0</Version> <Level>0</Level> <Task>14339</Task> <Opcode>0</Opcode> <Keywords>0x8010000000000000</Keywords> <TimeCreated SystemTime="2022-04-19T16:40:04.842900000Z" /> <EventRecordID>562602120</EventRecordID> <Correlation /> <Execution ProcessID="528" ThreadID="106016" /> <Channel>Security</Channel> <Computer>XXXXXXXXXX</Computer> <Security /> </System> - <EventData> <Data Name="TargetUserName">XXXXXXXX</Data> <Data Name="TargetDomainName">XXXXXXX</Data> <Data Name="TargetSid">S-1-0-0</Data> <Data Name="ServiceName">krbtgt/mie</Data> <Data Name="ServiceSid">S-1-0-0</Data> <Data Name="TicketOptions">0x40810010</Data> <Data Name="Status">0x12</Data> <Data Name="TicketEncryptionType">0xffffffff</Data> <Data Name="PreAuthType">-</Data> <Data Name="IpAddress">::ffff:192.168.240.79</Data> <Data Name="IpPort">50126</Data> <Data Name="CertIssuerName" /> <Data Name="CertSerialNumber" /> <Data Name="CertThumbprint" /> </EventData> </Event> Here is a task trigger that includes everything but the result code: <QueryList> <Query Id="0" Path="Security"> <Select Path="Security">*[System[band(Keywords,4503599627370496) and (EventID=4768)]]</Select> </Query> </QueryList> Not sure where to put the Result Code 0x12 <Data Name="Status">0x12</Data>Thanks for joining us for Windows Office Hours - March 17, 2022
Office hours are now closed. We hope we were able to answer your questions and provide tips and resources to help you more easily manage Windows updates and your Windows device estate. The experts and engineers who supported today's session were: Windows 365: Christian Montoya Windows commercial: Rob York and Dune Desormeaux Device management in Microsoft Endpoint Manager: Joe Lurie Microsoft Endpoint Manager (public sector, CMG, tenant attach, etc.): Jason Sandys Expediting updates in Microsoft Endpoint Manager: David Guyer Public sector: Sani Sheikh Windows deployment: Steve Thomas Cloud-based update management, Windows Update for Business: Aria Carley Save the date for future events Our next office hours event will take place on Thursday, April 21st, 8:00-9:00 a.m. Pacific Time. Add it to your calendar (note, you may have to manually configure the reminder). See you next time!
