Search code examples

Group Policy Event Forwarding through PowerShell - Windows

On windows server, when you open group policy setting (gpedit.msc in System32), I can set up Event Forwarding by following steps here: under section Configuring the event source computer

I was wondering if I could use PowerShell to do the same thing with setting up the Collector Address and Enabling the Subscription Manager Configuration (Steps 3 and 4 in the provided link under the specified section above).

I came across this doc: for group policy cmdlets but I am not sure how to use these cmdlets to do the same thing I can do by using the gpedit UI.

If you have any hints or good pointers on how to start or which cmdlets to use, I would appreciate that.



  • you will find in another answer the roadmap to create a GPO based on a registry key on a W2K8 R2 computer using PowerShell.

    To find thes you fave tochange have a look to : C:\Windows\PolicyDefinitions\EventForwarding.admx

    <?xml version="1.0"?>
    <policyDefinitions xmlns:xsd="" xmlns:xsi="" revision="1.0" schemaVersion="1.0" xmlns="">
                    <target prefix="eventforwarding" namespace="Microsoft.Policies.EventForwarding" />
                    <using prefix="windows" namespace="Microsoft.Policies.Windows" />
        <supersededAdm fileName="EventForwarding.adm"/>
        <resources minRequiredRevision="1.0"/>
            <category name="EventForwarding" displayName="$(string.EventForwarding)">
                <parentCategory ref="windows:WindowsComponents"/>
            <policy name="SubscriptionManager" class="Machine" displayName="$(string.SubscriptionManager)" explainText="$(string.Subscription_Help)" presentation="$(presentation.SubscriptionManager)" key="Software\Policies\Microsoft\Windows\EventLog\EventForwarding">
                <parentCategory ref="EventForwarding"/>
                            <supportedOn ref="windows:SUPPORTED_WindowsVista" />  
                    <list id="SubscriptionManager_Listbox" key="Software\Policies\Microsoft\Windows\EventLog\EventForwarding\SubscriptionManager" valuePrefix=""/>
            <policy name="ForwarderResourceUsage" class="Machine" displayName="$(string.ForwarderResourceUsage)" explainText="$(string.ForwarderResourceUsage_Help)" presentation="$(presentation.ForwarderResourceUsage)" key="Software\Policies\Microsoft\Windows\EventLog\EventForwarding">
                <parentCategory ref="EventForwarding"/>
                            <supportedOn ref="windows:SUPPORTED_WindowsVista" />  
                                    <decimal id="MaxForwardingRate" valueName="MaxForwardingRate"/>