Windows Embedded Standard (NT4e, XPe and beyond) : Tip of the Day: Moving Event Viewer logs to an unprotected volume

Recent Posts

News

E-Mail Us!

Learn Windows Embedded Standard 2009

Learn Windows Embedded Products

Find answers at the Forum

Get more help resources here!

Meet the mascot: 'Stomp'. He's a Mantis shrimp

Download Goodies here!

Embedded Blogs

Other Links

Popular Posts

Archives

Tip of the Day: Moving Event Viewer logs to an unprotected volume

This tip is applicable to Enhanced Write Filter (EWF-RAM) users. To move Event Viewer logs to a volume unprotected by EWF, modify the following three registry keys as shown in the following example. The example uses drive D as the unprotected volume.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application

File=D:\\AppEvent.evt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security

File=D:\\SecEvent.evt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System

File=D:\\SysEvent.evt

Technorati Tags: XPe,Embedded

Posted: Monday, August 25, 2008 11:00 AM by Embedded

Filed under: Tips 'n Tricks

Comments

Architecture & Stuff said:

I don't ordinarily just copy stuff that someone else sends me into my blog, but this is an exception. 

# September 1, 2008 1:47 PM

Leave a Comment

Title (required)

Name (required)

Your URL (optional)

Comments (required)

Enter Code Here: Required

Remember Me?

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS