Udostępnij za pośrednictwem


Wevtutil Error

I just found out today that the command listed to view all audit events for Vista and Windows Server 2008 does not work on installations if using a language other than English USA. The following command will result in an error as follows.

C:\Windows\system32>wevtutil gp Microsoft-Windows-Security-Auditing /ge /gm:true

name: Microsoft-Windows-Security-Auditing
guid: 54849625-5478-4994-a5ba-3e3b0328c30d
helpLink: https://go.microsoft.com/fwlink/events.asp?CoName=Microsoft%20Corporati
on&ProdName=Microsoft%c2%ae%20Windows%c2%ae%20Operating%20System&ProdVer=6.0.600
0.16386&FileName=adtschema.dll&FileVer=6.0.6000.16386
resourceFileName: %SystemRoot%\system32\adtschema.dll
parameterFileName: %SystemRoot%\system32\msobjs.dll
messageFileName: %SystemRoot%\system32\adtschema.dll
message:
channels:
  channel:
    name: Security
    id: 10
    flags: 1
    message:
levels:
  level:
    name: win:Informational
    value: 4
    message:
opcodes:
  opcode:
    name: win:Info
    value: 0
      task: 0
      opcode: 0
    message:
tasks:
  task:
    name: SE_ADT_SYSTEM_SECURITYSTATECHANGE
    value: 12288
    eventGUID: 00000000-0000-0000-0000-000000000000
Failed to get message property. the message resource is present but the message
is not found in the string/message table

The Windows Events Development team is aware and will address this in the near future.

HTH

M