archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
 
 
 
 
 
 
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/base/eventlog/server/event_log_{b0106027-9388-46...

2325 lines
159 KiB
Raw Blame History

<?xml version="1.0" encoding="UTF-16"?>
<!DOCTYPE DCARRIER SYSTEM "Mantis.DTD">
<DCARRIER
CarrierRevision="1"
DTDRevision="16"
>
<TASKS
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
> </TASKS>
<PLATFORMS
Context="1"
> </PLATFORMS>
<REPOSITORIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
> </REPOSITORIES>
<GROUPS
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
> </GROUPS>
<COMPONENTS
Context="0"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<COMPONENT
ComponentVSGUID="{05899140-B4CE-42C7-B80E-4F2AB3AF25D9}"
ComponentVIGUID="{37AE8550-B062-42F3-9580-3565190510CF}"
Revision="620"
RepositoryVSGUID="{8E0BE9ED-7649-47F3-810B-232D36C430B4}"
Visibility="1000"
MultiInstance="False"
Released="False"
Editable="True"
HTMLFinal="False"
IsMacro="False"
Opaque="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<HELPCONTEXT
src="D:\Beta3\base\eventlog\server\Event_Log_.htm"
><![CDATA[<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML DIR="LTR"><HEAD>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE TYPE="text/css">
<!--
BODY { font: normal 8pt Tahoma; background-color: #FFFFFF; }
P { font: normal 8pt Tahoma; }
.showhide { color: blue; text-decoration: underline; cursor: hand; }
.callout { font: normal 8pt Tahoma; background-color: #E0E0E0; padding: 10pt; }
.code { font: normal 8pt Courier New; }
UL { font: normal 8pt Tahoma; list-style: square outside; margin-left: 0.25in; }
OL { font: normal 8pt Tahoma; list-style: decimal outside; margin-left: 0.25in; }
H1 { font: bold 12pt Tahoma; margin-bottom: -12pt; }
H2 { font: bold 10pt Tahoma; margin-bottom: -12pt; }
H3 { font: bold 8pt Tahoma; margin-bottom: -12pt; }
H4 { font: italic 8pt Tahoma; margin-bottom: -12pt; }
TABLE { font: normal 8pt Tahoma; text-align: left; padding: 2px; }
CAPTION { font: bold 8pt Tahoma; text-align: left; padding: 2px; }
THEAD { font: bold 8pt Tahoma; text-align: left; padding: 2px; background-color: #F0F0F0 }
TH { font: bold 8pt Tahoma; text-align: left; padding: 2px; background-color: #F0F0F0 }
TBODY { font: normal 8pt Tahoma; text-align: left; padding: 2px; }
TD { font: normal 8pt Tahoma; text-align: left; padding: 2px; }
TR { font: normal 8pt Tahoma; text-align: left; padding: 2px; }
CODE { font-family: Courier New; }
TT { font-family: Courier New; }
KBD { font-family: Courier New; font-weight: bold; }
VAR { font-family: Courier New; font-style: italic; }
EM { font-style: italic; }
I { font-style: italic; }
STRONG { font-weight: bold; }
B { font-weight: bold; }
-->
</STYLE></HEAD>
<BODY TOPMARGIN="0">
The Event Log component is a dynamic-link library (.dll) that runs as part of Services.exe. Event Log stores and retrieves events that can be viewed through the event viewer. By default, there are three types of logs: Security, System, and Application. </P>
<H3>Component Configuration</H3>
<P>There are no configuration requirements for this component.</P>
<H3>Special Notes</H3>
<P>The event log service implements the following APIs:</P>
<P class="fineprint"></P>
<TABLE>
<TR VALIGN="top">
<TH width=50%>Function</TH>
<TH width=50%>Description</TH>
</TR>
<TR VALIGN="top">
<TD width=50%><B>BackupEventLog</B></TD>
<TD width=50%>Saves the specified event log to a backup file.</TD>
</TR>
<TR VALIGN="top">
<TD width=50%><B>ClearEventLog</B></TD>
<TD width=50%>Clears the specified event log, and optionally saves the current copy of the logfile to a backup file.</TD>
</TR>
<TR VALIGN="top">
<TD width=50%><B>CloseEventLog</B></TD>
<TD width=50%>Closes a read handle to the specified event log.</TD>
</TR>
<TR VALIGN="top">
<TD width=50%><B>DeregisterEventSource</B></TD>
<TD width=50%>Closes a write handle to the specified event log.</TD>
</TR>
<TR VALIGN="top">
<TD width=50%><B>GetEventLogInformation</B></TD>
<TD width=50%>Retrieves information about the specified event log.</TD>
</TR>
<TR VALIGN="top">
<TD width=50%><B>GetNumberOfEventLogRecords</B></TD>
<TD width=50%>Retrieves the number of records in the specified event log.</TD>
</TR>
<TR VALIGN="top">
<TD width=50%><B>GetOldestEventLogRecord</B></TD>
<TD width=50%>Retrieves the absolute record number of the oldest record in the specified event log.</TD>
</TR>
<TR VALIGN="top">
<TD width=50%><B>NotifyChangeEventLog</B></TD>
<TD width=50%>Enables an application to receive notification when an event is written to the specified event logfile.</TD>
</TR>
<TR VALIGN="top">
<TD width=50%><B>OpenBackupEventLog</B></TD>
<TD width=50%>Opens a handle to a backup event log.</TD>
</TR>
<TR VALIGN="top">
<TD width=50%><B>OpenEventLog</B></TD>
<TD width=50%>Opens a handle to an event log.</TD>
</TR>
<TR VALIGN="top">
<TD width=50%><B>ReadEventLog</B></TD>
<TD width=50%>Reads a whole number of entries from the specified event log.</TD>
</TR>
<TR VALIGN="top">
<TD width=50%><B>RegisterEventSource</B></TD>
<TD width=50%>Retrieves a registered handle to an event log.</TD>
</TR>
<TR VALIGN="top">
<TD width=50%><B>ReportEvent</B></TD>
<TD width=50%>Writes an entry at the end of the specified event log.</TD>
</TR>
</TABLE><BR>
<P class="fineprint"></P>
<H3>For More Information</H3>
<P>For more information on this component, see the chapter on Debugging and Error Handling in the Platform Software Development Kit (SDK) at this <A HREF="http://msdn.microsoft.com">Microsoft Web site</A>.</P>
</BODY>
</HTML>
]]></HELPCONTEXT>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
> </PROPERTIES>
<RESOURCES
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<RESOURCE
Name="RawDep(273):&quot;File&quot;,&quot;USER32.DLL&quot;"
ResTypeVSGUID="{90D8E195-E710-4AF6-B667-B1805FFC9B8F}"
BuildTypeMask="273"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="ComponentVSGUID"
Format="GUID"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>{00000000-0000-0000-0000-000000000000}</PROPERTY>
<PROPERTY
Name="RawType"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>File</PROPERTY>
<PROPERTY
Name="Value"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>USER32.DLL</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RawDep(273):&quot;File&quot;,&quot;RPCRT4.DLL&quot;"
ResTypeVSGUID="{90D8E195-E710-4AF6-B667-B1805FFC9B8F}"
BuildTypeMask="273"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="ComponentVSGUID"
Format="GUID"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>{00000000-0000-0000-0000-000000000000}</PROPERTY>
<PROPERTY
Name="RawType"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>File</PROPERTY>
<PROPERTY
Name="Value"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>RPCRT4.DLL</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="File(819):&quot;%11%&quot;,&quot;eventlog.dll&quot;"
ResTypeVSGUID="{E66B49F6-4A35-4246-87E8-5C1A468315B5}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="DstPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>%11%</PROPERTY>
<PROPERTY
Name="DstName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>eventlog.dll</PROPERTY>
<PROPERTY
Name="NoExpand"
Format="Boolean"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>False</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RawDep(819):&quot;File&quot;,&quot;NTDLL.DLL&quot;"
ResTypeVSGUID="{90D8E195-E710-4AF6-B667-B1805FFC9B8F}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="RawType"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>File</PROPERTY>
<PROPERTY
Name="Value"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>NTDLL.DLL</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RawDep(819):&quot;File&quot;,&quot;KERNEL32.DLL&quot;"
ResTypeVSGUID="{90D8E195-E710-4AF6-B667-B1805FFC9B8F}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="RawType"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>File</PROPERTY>
<PROPERTY
Name="Value"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>KERNEL32.DLL</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RawDep(819):&quot;File&quot;,&quot;MSVCRT.DLL&quot;"
ResTypeVSGUID="{90D8E195-E710-4AF6-B667-B1805FFC9B8F}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="RawType"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>File</PROPERTY>
<PROPERTY
Name="Value"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>MSVCRT.DLL</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog&quot;,&quot;DisplayName&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>DisplayName</PROPERTY>
<PROPERTY
Name="RegValue"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>Event Log</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog&quot;,&quot;Description&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>Description</PROPERTY>
<PROPERTY
Name="RegValue"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>Logs event messages issued by programs and Windows. Event Log reports contain information that can be useful in diagnosing problems. Reports are viewed in Event Viewer.</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog&quot;,&quot;Type&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>Type</PROPERTY>
<PROPERTY
Name="RegValue"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>32</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>4</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog&quot;,&quot;Start&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>Start</PROPERTY>
<PROPERTY
Name="RegValue"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>2</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>4</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog&quot;,&quot;PlugPlayServiceType&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>PlugPlayServiceType</PROPERTY>
<PROPERTY
Name="RegValue"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>3</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>4</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog&quot;,&quot;ObjectName&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>ObjectName</PROPERTY>
<PROPERTY
Name="RegValue"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>LocalSystem</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog&quot;,&quot;ImagePath&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>ImagePath</PROPERTY>
<PROPERTY
Name="RegValue"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>%SystemRoot%\system32\services.exe</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>2</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog&quot;,&quot;Group&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>Group</PROPERTY>
<PROPERTY
Name="RegValue"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>Event log</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog&quot;,&quot;ErrorControl&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>ErrorControl</PROPERTY>
<PROPERTY
Name="RegValue"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>4</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RawDep(819):&quot;File&quot;,&quot;netevent.dll&quot;"
ResTypeVSGUID="{90D8E195-E710-4AF6-B667-B1805FFC9B8F}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="RawType"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>File</PROPERTY>
<PROPERTY
Name="Value"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>netevent.dll</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application&quot;,&quot;DisplayNameFile&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>DisplayNameFile</PROPERTY>
<PROPERTY
Name="RegValue"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>%SystemRoot%\system32\els.dll</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>2</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application&quot;,&quot;DisplayNameID&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>DisplayNameID</PROPERTY>
<PROPERTY
Name="RegValue"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>256</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>4</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application&quot;,&quot;File&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>File</PROPERTY>
<PROPERTY
Name="RegValue"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>%SystemRoot%\system32\config\AppEvent.Evt</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>2</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application&quot;,&quot;MaxSize&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>MaxSize</PROPERTY>
<PROPERTY
Name="RegValue"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>5046272</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>4</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application&quot;,&quot;PrimaryModule&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>PrimaryModule</PROPERTY>
<PROPERTY
Name="RegValue"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>Application</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application&quot;,&quot;Retention&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>Retention</PROPERTY>
<PROPERTY
Name="RegValue"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>0</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>4</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security&quot;,&quot;DisplayNameFile&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>DisplayNameFile</PROPERTY>
<PROPERTY
Name="RegValue"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>%SystemRoot%\system32\els.dll</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>2</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security&quot;,&quot;DisplayNameID&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>DisplayNameID</PROPERTY>
<PROPERTY
Name="RegValue"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>257</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>4</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security&quot;,&quot;File&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>File</PROPERTY>
<PROPERTY
Name="RegValue"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>%SystemRoot%\System32\config\SecEvent.Evt</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>2</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security&quot;,&quot;MaxSize&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>MaxSize</PROPERTY>
<PROPERTY
Name="RegValue"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>5046272</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>4</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security&quot;,&quot;PrimaryModule&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>PrimaryModule</PROPERTY>
<PROPERTY
Name="RegValue"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>Security</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security&quot;,&quot;Retention&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>Retention</PROPERTY>
<PROPERTY
Name="RegValue"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>0</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>4</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System&quot;,&quot;DisplayNameFile&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>DisplayNameFile</PROPERTY>
<PROPERTY
Name="RegValue"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>%SystemRoot%\system32\els.dll</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>2</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System&quot;,&quot;DisplayNameID&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>DisplayNameID</PROPERTY>
<PROPERTY
Name="RegValue"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>258</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>4</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System&quot;,&quot;File&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>File</PROPERTY>
<PROPERTY
Name="RegValue"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>%SystemRoot%\system32\config\SysEvent.Evt</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>2</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System&quot;,&quot;MaxSize&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>MaxSize</PROPERTY>
<PROPERTY
Name="RegValue"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>5046272</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>4</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System&quot;,&quot;PrimaryModule&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>PrimaryModule</PROPERTY>
<PROPERTY
Name="RegValue"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>System</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RegKey(819):&quot;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System&quot;,&quot;Retention&quot;"
ResTypeVSGUID="{2C10DB69-39AB-48A4-A83F-9AB3ACBA7C45}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="KeyPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System</PROPERTY>
<PROPERTY
Name="ValueName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>Retention</PROPERTY>
<PROPERTY
Name="RegValue"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>0</PROPERTY>
<PROPERTY
Name="RegType"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>4</PROPERTY>
<PROPERTY
Name="RegOp"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
<PROPERTY
Name="RegCond"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>1</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RawDep(819):&quot;File&quot;,&quot;els.dll&quot;"
ResTypeVSGUID="{90D8E195-E710-4AF6-B667-B1805FFC9B8F}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="RawType"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>File</PROPERTY>
<PROPERTY
Name="Value"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>els.dll</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RawDep(819):&quot;File&quot;,&quot;advapi32.dll&quot;"
ResTypeVSGUID="{90D8E195-E710-4AF6-B667-B1805FFC9B8F}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="RawType"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>File</PROPERTY>
<PROPERTY
Name="Value"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>advapi32.dll</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RawDep(819):&quot;File&quot;,&quot;WS2_32.dll&quot;"
ResTypeVSGUID="{90D8E195-E710-4AF6-B667-B1805FFC9B8F}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="RawType"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>File</PROPERTY>
<PROPERTY
Name="Value"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>WS2_32.dll</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RawDep(819):&quot;File&quot;,&quot;PSAPI.DLL&quot;"
ResTypeVSGUID="{90D8E195-E710-4AF6-B667-B1805FFC9B8F}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="RawType"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>File</PROPERTY>
<PROPERTY
Name="Value"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>PSAPI.DLL</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RawDep(819):&quot;File&quot;,&quot;NETAPI32.dll&quot;"
ResTypeVSGUID="{90D8E195-E710-4AF6-B667-B1805FFC9B8F}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="RawType"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>File</PROPERTY>
<PROPERTY
Name="Value"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>NETAPI32.dll</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="RawDep(819):&quot;File&quot;,&quot;netmsg.dll&quot;"
ResTypeVSGUID="{90D8E195-E710-4AF6-B667-B1805FFC9B8F}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="RawType"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>File</PROPERTY>
<PROPERTY
Name="Value"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>netmsg.dll</PROPERTY>
</PROPERTIES>
</RESOURCE>
<RESOURCE
Name="File(819):&quot;%18%&quot;,&quot;evconcepts.chm&quot;"
ResTypeVSGUID="{E66B49F6-4A35-4246-87E8-5C1A468315B5}"
BuildTypeMask="819"
BuildOrder="1000"
Localize="False"
Disabled="False"
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
>
<PROPERTIES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>
<PROPERTY
Name="ComponentVSGUID"
Format="GUID"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>{00000000-0000-0000-0000-000000000000}</PROPERTY>
<PROPERTY
Name="DstName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>evconcepts.chm</PROPERTY>
<PROPERTY
Name="DstPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>%18%</PROPERTY>
<PROPERTY
Name="NoExpand"
Format="Boolean"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>False</PROPERTY>
<PROPERTY
Name="SrcFileCRC"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>0</PROPERTY>
<PROPERTY
Name="SrcFileSize"
Format="Integer"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>64982</PROPERTY>
<PROPERTY
Name="SrcName"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
>evcon.chm</PROPERTY>
<PROPERTY
Name="SrcPath"
Format="String"
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
></PROPERTY>
</PROPERTIES>
<DISPLAYNAME>evconcepts.chm</DISPLAYNAME>
<DESCRIPTION></DESCRIPTION>
</RESOURCE>
</RESOURCES>
<GROUPMEMBERS
>
<GROUPMEMBER
GroupVSGUID="{E01B4103-3883-4FE8-992F-10566E7B796C}"
></GROUPMEMBER>
<GROUPMEMBER
GroupVSGUID="{833CB665-7185-4457-B756-D698ECFBD288}"
></GROUPMEMBER>
</GROUPMEMBERS>
<DEPENDENCIES
Context="1"
PlatformGUID="{B784E719-C196-4DDB-B358-D9254426C38D}"
> </DEPENDENCIES>
<DISPLAYNAME>Event Log</DISPLAYNAME>
<VERSION>1.0</VERSION>
<DESCRIPTION>Logs event messages issued by programs and Windows.</DESCRIPTION>
<COPYRIGHT>2000 Microsoft Corp.</COPYRIGHT>
<VENDOR>Microsoft Corp.</VENDOR>
<OWNERS>drbeck</OWNERS>
<AUTHORS>drbeck; shbrown</AUTHORS>
<DATECREATED>12/18/2000</DATECREATED>
<DATEREVISED>10/16/2001 12:13:47 AM</DATEREVISED>
</COMPONENT>
</COMPONENTS>
<RESTYPES
Context="1"
PlatformGUID="{00000000-0000-0000-0000-000000000000}"
> </RESTYPES>
</DCARRIER>