Group Policy : Enable Remote Event Viewer

 

Please check out our video on how to enable remote event logs via group policy. If you find this video helpful please subscribe to our channel. 


An important tool in an administrators toolbox is the ability to access event logs on a Windows server or workstation. More importantly, it's best if a user is not having to be disrupted to do so. In this post, we will look at how to enable remote event logs using group policy.

Have you ever gotten the following message? In the next few setups, we will give you step by step instructions on how to enable remote event viewer. 


“Computer ‘AL-EP1.itlumberjack.net’ cannot be connected. Verify that the network path is correct, the computer is available on the network, and that the appropriate Windows Firewall rules are enabled on the target computer.
To enable the appropriate Windows Firewall rules on the remote computer, open the Windows Firewall with Advanced Security snap-in and enable the following inbound rules:
COM+ Network Access (DCOM-In)
All rules in the Remote Event Log Management group
You can also enable these rules by using Group Policy settings for Windows Firewall with Advanced Security. For servers that are running the Server Core installation option, run the Netsh AdvFirewall command, or the Windows PowerShell NetSecurity module.”


Step 1

Navigate to Computer Configuration -> Windows Settings -> Security Settings -> Windows Firewall and Advanced Security
Right click on Inbound Rules and select New Rule.


 Step 2

Select the Predefined button and select Remote Event Log Management from the dropdown. 
Click Next. 

 On the Predefined Rules page, the new rules being created be displayed for us to verify. If the rules to your liking click next. 

 On the Actions page, select the Allow the Connections option. 
Select Finish.


Troubleshooting
Once you select finished the new inbound rules will be displayed. 

Run gpupdate /force on the workstation to update the policy. To verify that the policy has been applied run gpresult /r as administrator at the command line.