There are three types of Vista/Server 2008 events which are written to various channels in the event log.
1. The ‘pure’ Vista/Server 2008 event
These events are logged using the new Vista/Server 2008 APIs which means they were written specifically for this platform. As such most of these events are not backwards compatible with events from a similar application on downlevel platforms. These events are mostly written to a channel under the “Applications and Services Logs” in the event viewer, though a few creep into the “Windows Logs”.
Example:
<Event xmlns=" http://schemas.microsoft.com/win/2004/08/events/event ">
<System>
<Provider Name=" Microsoft-Windows-GroupPolicy " Guid=" {aea1b4fa-97d1-45f2-a64c-4d69fffd92c9} " />
<EventID> 8007 </EventID>
<Version> 0 </Version>
<Level> 4 </Level>
<Task> 0 </Task>
<Opcode> 2 </Opcode>
<Keywords> 0x4000000000000000 </Keywords>
<TimeCreated SystemTime=" 2008-01-21T19:42:41.009Z " />
<EventRecordID> 397142 </EventRecordID>
<Correlation ActivityID=" {86F2A78B-6A45-4E77-A34C-2809C9AAC658} " />
<Execution ProcessID=" 976 " ThreadID=" 3516 " />
<Channel> Microsoft-Windows-GroupPolicy/Operational </Channel>
<Computer> christow-dev.wingroup.windeploy.ntdev.microsoft.com </Computer>
<Security UserID=" S-1-5-18 " />
</System>
<EventData>
<Data Name=" PolicyElaspedTimeInSeconds "> 5 </Data>
<Data Name=" ErrorCode "> 0 </Data>
<Data Name=" PrincipalSamName "> WINGROUPchristow </Data>
<Data Name=" IsMachine "> false </Data>
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.