You work as an enterprise administrator at ABC.com. The ABC.com has a domain named ABC.com. All servers on the domain run Microsoft Windows Server 2008 and all client computers run Microsoft Windows Vista. ABC.com has configured ABC-SR12 and ABC-SR13 with event subscription to forward the events to ABC-SR12. During the course of the day ABC.com configures the event subscription to utilize the HTTP protocol using the normal delivery optimization settings.
How will you ensure that the servers support event collectors?
A.
By running the wecutil qc command on ABC-SR12. And then the winrm quickconfig command on ABC-SR13.
By adding the ABC-SR12 account to the Network Configuration Operators group on ABC-SR12 to ABC-SR13.
B.
By running the wecutil qc command on ABC-SR12.
By adding the ABC-SR12 account to the Remote Desktop Users group on ABC-SR12 to ABC- SR13.
C.
By running the wecutil qc command on ABC-SR12. And then the winrm quickconfig command on ABC-SR13.
By adding the ABC-SR12 account to the administrators group on ABC-SR12 to ABC-SR13.
D.
By running the winrm quickconfig command on ABC-SR13.
By adding the ABC-SR13 account to the administrators group on ABC-SR13 to ABC-SR12.
Explanation:
To collect events from ABC-SR13 and transfer them to ABC-SR12, you need to first run the wecutil qc command on ABC-SR12. This command enables you to create and manage subscriptions to events that are forwarded from remote computers.Then you need to run the winrm quickconfig command on ABC-SR13. WinRM is required by Windows Event Forwarding as WS-Man is the protocol used by WS-Eventing. Group Policy can be used to enable and configure Windows Remote Management (WinRM or WS-Man) on the Source Computers. With WinRM, Group Policy can be used to configure Source Computers (Clients) to forward events to a collector (or set of collectors).
Finally, you need to add the ABC-SR12 account to the administrators group on ABC-SR13 so that access rights can be granted to the collector system on f the forwarding computer.
Reference: Quick and Dirty Large Scale Eventing for Windows
http://blogs.technet.com/otto/archive/2008/07/08/quick-and-dirty-enterprise-eventing-for- windows.aspx
Reference: Collect Vista Events
http://www.prismmicrosys.com/newsletters_june2007.php