Thursday, August 29, 2013

Manage Windows printer event log settings from command line (i.e. GPO scripts)

Just a quick note to self that to enable/disable/query event log registration from the command line on Windows releases greater than XP and Server 2003 you can use the wevutil tool.

For example to enable logging of print requests on Windows 7 for auditing purposes:

wevtutil sl Microsoft-Windows-PrintService/Operational /e:true

The equivalent command for the the above on Windows XP is the following:

reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers /v EventLog /t REG_DWORD /d 7 /f
net stop spooler
net start spooler