mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00

Vinay Pamnani e25ccc0fb0 Update 2009 to 20H2

2024-08-06 13:15:20 -06:00

title, description, ms.date

title	description	ms.date
ADMX_EventLogging Policy CSP	Learn more about the ADMX_EventLogging Area in Policy CSP.	08/06/2024

Policy CSP - ADMX_EventLogging

EnableProtectedEventLogging

Scope	Editions	Applicable OS
✅ Device ❌ User	✅ Pro ✅ Enterprise ✅ Education ✅ Windows SE ✅ IoT Enterprise / IoT Enterprise LTSC	✅ Windows 10, version 2004 with KB5005101 [10.0.19041.1202] and later ✅ Windows 10, version 20H2 with KB5005101 [10.0.19042.1202] and later ✅ Windows 10, version 21H1 with KB5005101 [10.0.19043.1202] and later ✅ Windows 11, version 21H2 [10.0.22000] and later

./Device/Vendor/MSFT/Policy/Config/ADMX_EventLogging/EnableProtectedEventLogging

This policy setting lets you configure Protected Event Logging.

If you enable this policy setting, components that support it will use the certificate you supply to encrypt potentially sensitive event log data before writing it to the event log. Data will be encrypted using the Cryptographic Message Syntax (CMS) standard and the public key you provide. You can use the Unprotect-CmsMessage PowerShell cmdlet to decrypt these encrypted messages, provided that you have access to the private key corresponding to the public key that they were encrypted with.
If you disable or don't configure this policy setting, components won't encrypt event log messages before writing them to the event log.

Description framework properties:

Property name	Property value
Format	`chr` (string)
Access Type	Add, Delete, Get, Replace

ADMX mapping:

Name	Value
Name	EnableProtectedEventLogging
Friendly Name	Enable Protected Event Logging
Location	Computer Configuration
Path	Windows Components > Event Logging
Registry Key Name	Software\Policies\Microsoft\Windows\EventLog\ProtectedEventLogging
Registry Value Name	EnableProtectedEventLogging
ADMX File Name	EventLogging.admx