WEC and Local Group Policy

Local Group Policy configuration can be used for configuring individual Windows machines.

1. Open Local Group Policy Editor

Press Win+R and type: gpedit.msc

2. Navigate to:

Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Event Forwarding

3. Configure Target Subscription Manager policy

4. Add a new Server entry

For Kerberos authentication and Active Directory authentication (port tcp/5985):

Server=http://<WEC_HOSTNAME>:5985/wsman/SubscriptionManager/WEC,Refresh=<Refresh interval in seconds>

For HTTPS authentication (port tcp/5986):

Server=https://<WEC_HOSTNAME>:5986/wsman/SubscriptionManager/WEC,Refresh=<Refresh interval in seconds>,IssuerCA=<Thumbprint of the issuing CA certificate>

Recommended Refresh interval is 60 seconds.

Thumbprint of the certificate is a SHA-1, lowercase string., eg. d6986fef2104f21ab0c7ccb279217abe29c0808a.

If intermediate CA is present, then IssuerCA must point to the issuing intermediate CA, NOT to the Root CA.

5. Hit "Apply" to save changes

6. Run gpupdate /force at the command line.

7. Enable Security log (see below)

For more information, see: https://docs.microsoft.com/en-us/windows/win32/wec/setting-up-a-source-initiated-subscription