none
Changing group policy through scripting.

    Question

  • One member in this social site suggested posting my issue in this forum since there is no group policy setting do solve it, and it seems scripting is the only solution, here is what I want to do:

    In Windows 7 Enterprise, if you want to enable print history, you have to do the following:

    EventViewer go to Application and Services->Microsoft->Windows->PrintService->Operational(right click and choose enable).

    Simply I want to enable that feature for over 500 Windows 7 Ent domain workstations (Windows 2008 R2 domain), so could you please show me a simple script to do this.

    P.S., I'm not a script guy at all, so please step by step.

     

    Wednesday, February 15, 2012 4:43 AM

Answers

  • I think the easiest way to automate this for 500 pc's would be to generate a batch file to execute this on all computers. I like using Excel for this. If you paste this is column B:

    =CONCATENATE("psexec \\",A1," c:\windows\system32\wevtutil.exe sl Microsoft-Windows-PrintService/Operational /e:true")

    And the computer names in Column A you can easily generate a batch file to execute these commands remotely within 30 seconds.

    If you prefer to run it locally you use runas, using this or a similar script: http://gallery.technet.microsoft.com/scriptcenter/9bda53d7-ec2e-4bc2-8e97-4487233bc55b. If you chose to include an administrative password it could leave your administrative account compromised.

    Wednesday, February 15, 2012 10:53 AM
    Moderator
  • Sorry, but I have to disagree here. The question was:

    EventViewer go to Application and Services->Microsoft->Windows->PrintService->Operational(right click and choose enable)

    This can be accomplished by running:

    wevtutil sl Microsoft-Windows-PrintService/Operational /e:true

    Or when you want to automate it for multiple computers you could use psexec/powershell remote/win rm to run this on multiple computers. Here's an example of how to automate it using psexec:

    psexec \\computer1 c:\windows\system32\wevtutil.exe sl Microsoft-Windows-PrintService/Operational /e:true
    psexec \\computer2 c:\windows\system32\wevtutil.exe sl Microsoft-Windows-PrintService/Operational /e:true
    ...

    And to verify the results you could use something like:

    echo computer1 >> verifyeventenable.log & psexec \\computer1 c:\windows\system32\wevtutil.exe gl Microsoft-Windows-PrintService/Operational >> verifyeventenable.log
    
    echo computer2 >> verifyeventenable.log & psexec \\computer2 c:\windows\system32\wevtutil.exe gl Microsoft-Windows-PrintService/Operational >> verifyeventenable.log

    Unless I'm missing something this would satisfy the request by CHQM.

    Wednesday, February 15, 2012 8:52 AM
    Moderator
  • You can also use wevutil for configuring event logs, it's a Server 2008 tool that allows you to configure the event logs:

    http://technet.microsoft.com/en-us/library/cc732848(v=ws.10).aspx

    Wednesday, February 15, 2012 6:28 AM
    Moderator

All replies

  • One member in this social site suggested posting my issue in this forum since there is no group policy setting do solve it, and it seems scripting is the only solution, here is what I want to do:

    In Windows 7 Enterprise, if you want to enable print history, you have to do the following:

    EventViewer go to Application and Services->Microsoft->Windows->PrintService->Operational(right click and choose enable).

    Simply I want to enable that feature for over 500 Windows 7 Ent domain workstations (Windows 2008 R2 domain), so could you please show me a simple script to do this.

    P.S., I'm not a script guy at all, so please step by step.

    I believe this is a function of Group Policy since Windows 2000.

    You call it print history but it is really called printer auditing.

    On the print server select properties/advanced  and set 'Log information Events'.

    There is noo way to set this globally at this time.  You could use a Grou Policy Preference to set the registry on all machines for this however, inmost environments there are only one or two print servers so using a GP or script to do this is not necessary.

    This is a one time setting.  It is not necessary to set this via script or Group Policy.


    ¯\_(ツ)_/¯

    Wednesday, February 15, 2012 6:20 AM
  • You can also use wevutil for configuring event logs, it's a Server 2008 tool that allows you to configure the event logs:

    http://technet.microsoft.com/en-us/library/cc732848(v=ws.10).aspx

    Wednesday, February 15, 2012 6:28 AM
    Moderator
  • You can also use wevutil for configuring event logs, it's a Server 2008 tool that allows you to configure the event logs:

    http://technet.microsoft.com/en-us/library/cc732848(v=ws.10).aspx

    Actually you can't.

    The utility is called WEVTUTIL and it can manage the logs but it does not enable logging levels.  This is the in the domain of the application.  It can be set at the spooler on the 'print server' properties.

    Any questions about this should be posted in the appropriate Windows Server forum.


    ¯\_(ツ)_/¯

    Wednesday, February 15, 2012 6:51 AM
  • Sorry, but I have to disagree here. The question was:

    EventViewer go to Application and Services->Microsoft->Windows->PrintService->Operational(right click and choose enable)

    This can be accomplished by running:

    wevtutil sl Microsoft-Windows-PrintService/Operational /e:true

    Or when you want to automate it for multiple computers you could use psexec/powershell remote/win rm to run this on multiple computers. Here's an example of how to automate it using psexec:

    psexec \\computer1 c:\windows\system32\wevtutil.exe sl Microsoft-Windows-PrintService/Operational /e:true
    psexec \\computer2 c:\windows\system32\wevtutil.exe sl Microsoft-Windows-PrintService/Operational /e:true
    ...

    And to verify the results you could use something like:

    echo computer1 >> verifyeventenable.log & psexec \\computer1 c:\windows\system32\wevtutil.exe gl Microsoft-Windows-PrintService/Operational >> verifyeventenable.log
    
    echo computer2 >> verifyeventenable.log & psexec \\computer2 c:\windows\system32\wevtutil.exe gl Microsoft-Windows-PrintService/Operational >> verifyeventenable.log

    Unless I'm missing something this would satisfy the request by CHQM.

    Wednesday, February 15, 2012 8:52 AM
    Moderator
  • You could use a Grou Policy Preference to set the registry on all machines for this however,


    ¯\_(ツ)_/¯

    Hi jrv,

    Do you know the registry path in Windows 7 for that?

    Wednesday, February 15, 2012 10:03 AM
  • Sorry, but I have to disagree here. The question was:

    EventViewer go to Application and Services->Microsoft->Windows->PrintService->Operational(right click and choose enable)

    This can be accomplished by running:

    wevtutil sl Microsoft-Windows-PrintService/Operational /e:true

    Or when you want to automate it for multiple computers you could use psexec/powershell remote/win rm to run this on multiple computers. Here's an example of how to automate it using psexec:

    psexec \\computer1 c:\windows\system32\wevtutil.exe sl Microsoft-Windows-PrintService/Operational /e:true
    psexec \\computer2 c:\windows\system32\wevtutil.exe sl Microsoft-Windows-PrintService/Operational /e:true
    ...

    And to verify the results you could use something like:

    echo computer1 >> verifyeventenable.log & psexec \\computer1 c:\windows\system32\wevtutil.exe gl Microsoft-Windows-PrintService/Operational >> verifyeventenable.log
    
    echo computer2 >> verifyeventenable.log & psexec \\computer2 c:\windows\system32\wevtutil.exe gl Microsoft-Windows-PrintService/Operational >> verifyeventenable.log

    Unless I'm missing something this would satisfy the request by CHQM.

    Thank you very much JBrasser, that wevtutil utility was very useful, it solved 50% of my problem. The only issue I have now that it requires administrative privilege, and since domain users do not have such privilege, I got "Access is denied" when I pushed that to the clients, however, I know it can be accomplished remotely through psexec as you mentioned, but it's hard to do it for over 500 PCs.

    Wednesday, February 15, 2012 10:34 AM
  • I think the easiest way to automate this for 500 pc's would be to generate a batch file to execute this on all computers. I like using Excel for this. If you paste this is column B:

    =CONCATENATE("psexec \\",A1," c:\windows\system32\wevtutil.exe sl Microsoft-Windows-PrintService/Operational /e:true")

    And the computer names in Column A you can easily generate a batch file to execute these commands remotely within 30 seconds.

    If you prefer to run it locally you use runas, using this or a similar script: http://gallery.technet.microsoft.com/scriptcenter/9bda53d7-ec2e-4bc2-8e97-4487233bc55b. If you chose to include an administrative password it could leave your administrative account compromised.

    Wednesday, February 15, 2012 10:53 AM
    Moderator
  • I think the easiest way to automate this for 500 pc's would be to generate a batch file to execute this on all computers. I like using Excel for this. If you paste this is column B:

    =CONCATENATE("psexec \\",A1," c:\windows\system32\wevtutil.exe sl Microsoft-Windows-PrintService/Operational /e:true")

    And the computer names in Column A you can easily generate a batch file to execute these commands remotely within 30 seconds.

    If you prefer to run it locally you use runas, using this or a similar script: http://gallery.technet.microsoft.com/scriptcenter/9bda53d7-ec2e-4bc2-8e97-4487233bc55b. If you chose to include an administrative password it could leave your administrative account compromised.

    Thank you again JBrasser, I will look into your solution, but I still prefer a solution through group policy since that will be applied to all new PCs which will join the domain in the future, so we don't have to remember to re-run that script each time we join a PC.

    Wednesday, February 15, 2012 11:34 AM
  • I agree, if you have the ability to arrange this by Group Policy this would be the best route to go. Good luck!
    Wednesday, February 15, 2012 11:46 AM
    Moderator
  • Sorry, but I have to disagree here. The question was:

    EventViewer go to Application and Services->Microsoft->Windows->PrintService->Operational(right click and choose enable)

    This can be accomplished by running:

    wevtutil sl Microsoft-Windows-PrintService/Operational /e:true

    Or when you want to automate it for multiple computers you could use psexec/powershell remote/win rm to run this on multiple computers. Here's an example of how to automate it using psexec:

    psexec \\computer1 c:\windows\system32\wevtutil.exe sl Microsoft-Windows-PrintService/Operational /e:true psexec \\computer2 c:\windows\system32\wevtutil.exe sl Microsoft-Windows-PrintService/Operational /e:true ...

    And to verify the results you could use something like:

    echo computer1 >> verifyeventenable.log & psexec \\computer1 c:\windows\system32\wevtutil.exe gl Microsoft-Windows-PrintService/Operational >> verifyeventenable.log echo computer2 >> verifyeventenable.log & psexec \\computer2 c:\windows\system32\wevtutil.exe gl Microsoft-Windows-PrintService/Operational >> verifyeventenable.log

    Unless I'm missing something this would satisfy the request by CHQM.

    It does not eneble detailed logging which, by default, is disabled or unselected in the print service.  This just enebles the OPerational log itself.  This is automatically enebled whenever the print server role is added to a WS2008 server. 

    The log does not exists on non-WS2008 servers (XP/WS2003)


    ¯\_(ツ)_/¯

    Wednesday, February 15, 2012 3:41 PM
  • I think the easiest way to automate this for 500 pc's would be to generate a batch file to execute this on all computers. I like using Excel for this. If you paste this is column B:

    =CONCATENATE("psexec \\",A1," c:\windows\system32\wevtutil.exe sl Microsoft-Windows-PrintService/Operational /e:true")

    And the computer names in Column A you can easily generate a batch file to execute these commands remotely within 30 seconds.

    If you prefer to run it locally you use runas, using this or a similar script: http://gallery.technet.microsoft.com/scriptcenter/9bda53d7-ec2e-4bc2-8e97-4487233bc55b. If you chose to include an administrative password it could leave your administrative account compromised.

    Thank you again JBrasser, I will look into your solution, but I still prefer a solution through group policy since that will be applied to all new PCs which will join the domain in the future, so we don't have to remember to re-run that script each time we join a PC.

    Are these printers physically attached to the win 7 machines or are they network printers.

    Network printers do not create local event log records. They only record that a job was sent to the remote spooler.  The remote spooler will have the deatils of the print job if it is set to record informationaal events.


    ¯\_(ツ)_/¯


    • Edited by jrv Wednesday, February 15, 2012 4:01 PM
    Wednesday, February 15, 2012 3:48 PM
  • It does not eneble detailed logging which, by default, is disabled or unselected in the print service.  This just enebles the OPerational log itself.  This is automatically enebled whenever the print server role is added to a WS2008 server. 

    The log does not exists on non-WS2008 servers (XP/WS2003)


    ¯\_(ツ)_/¯

    I am not sure what you mean by detailed logging. If I enable the Operational log the way I described it, every time I use print something 5 events will be logged to this eventlog.

    Also I think you mean that this log does not exist in older than windows kernel 6? Because as far as I know Vista/7/2008/2008R2 all have these log files.

    Wednesday, February 15, 2012 3:58 PM
    Moderator
  • Are these printers physically attached to the win 7 machines or are they network printers.

    Network printers do not create local event log records. They only record that a job was sent to the remote spooler.  The remote spooler will have the deatils of the print job if it is set to record informationaal events.


    ¯\_(ツ)_/¯


    Hi jrv,

    I don't think there is a big difference between a local printer logging and a network one....

    I tested both scenarios and the same log events are showing under:Application and Services->Microsoft->Windows->PrintService->Operational.

    However, my environment is only Windows 7 Enterprise plus 2008 R2 domain, so other OSs were not tested.

    Actually, we have a new requirement to monitor users prints, and we started enabling that for the new PCs prior to join them to the domain, but we have to find away to enable it in the existing 500 PCs we have.

    Wednesday, February 15, 2012 4:38 PM
  • Are these printers physically attached to the win 7 machines or are they network printers.

    Network printers do not create local event log records. They only record that a job was sent to the remote spooler.  The remote spooler will have the deatils of the print job if it is set to record informationaal events.


    ¯\_(ツ)_/¯


    Hi jrv,

    I don't think there is a big difference between a local printer logging and a network one....

    I tested both scenarios and the same log events are showing under:Application and Services->Microsoft->Windows->PrintService->Operational.

    However, my environment is only Windows 7 Enterprise plus 2008 R2 domain, so other OSs were not tested.

    Actually, we have a new requirement to monitor users prints, and we started enabling that for the new PCs prior to join them to the domain, but we have to find away to enable it in the existing 500 PCs we have.

    There is a huge differnece.

    A network attached printer does not log its information to teh local event log.  It only logs that 'Job1' was sent to teh spooler.  The other information such as the document name and user informatio, documents size and options are all logged at the print spooler. If the printer is locally attached (by a wire or TSPIP port) then the local event log will contain that information.

    I have had two admins screaming that hthey cannot get print information from workstations.  After showing them that it is all in teh spooler server they are happier.  Only one machine to query and report on.

    Ther are issues wit WIndows 7 printing.  If you are trying to trouble shoot lost documents or spooler crrashes then yuo do not need detailed logging as those messages will be logged.

    If a local printer is attached the 'Operational' log is automatically enabled.  If it is not eneabled htere are no local printers and the local spooleris not the issue.  If there are lost documents then they are being lost due to one or more buugs afecting teh Win 7 machine or a WS2008 print server.


    ¯\_(ツ)_/¯

    Wednesday, February 15, 2012 5:07 PM
  • It does not eneble detailed logging which, by default, is disabled or unselected in the print service.  This just enebles the OPerational log itself.  This is automatically enebled whenever the print server role is added to a WS2008 server. 

    The log does not exists on non-WS2008 servers (XP/WS2003)


    ¯\_(ツ)_/¯

    I am not sure what you mean by detailed logging. If I enable the Operational log the way I described it, every time I use print something 5 events will be logged to this eventlog.

    Also I think you mean that this log does not exist in older than windows kernel 6? Because as far as I know Vista/7/2008/2008R2 all have these log files.

    If this is a localally attached pruinter you will see a detail entry with teh name of the file or document and with much other information. If it is a shared printer on a network print server then you will not see these messages. 

    If you physically attache a printer (install) on teh local machine the operational log will be enable but these detail items will not be placed in the log.  You hav e to go to the spooler properties 'advanced' page and explicitly select the item 'Save detailed information'

    Detailed logging is and has always been optional as it can produce a very large amount of information on a large corporate print sever with thousands of printers attached.  We can generate thousands of records per second.  On most newer systems this is not an issue and is required by some print accounting software packages.


    ¯\_(ツ)_/¯

    Wednesday, February 15, 2012 5:39 PM
  • If a local printer is attached the 'Operational' log is automatically enabled. 


    ¯\_(ツ)_/¯

    jrv,

    I double checked that on two Windows 7 Enterprise 32Bit+SP1 and latest patches, local HP printer is connected via USB cable, the "Operational" log is not enabled, I had to enable it manually!


    Saturday, February 18, 2012 7:59 AM
  • If a local printer is attached the 'Operational' log is automatically enabled. 


    ¯\_(ツ)_/¯

    jrv,

    I double checked that on two Windows 7 Enterprise 32Bit+SP1 and latest patches, local HP printer is connected via USB cable, the "Operational" log is not enabled, I had to enable it manually!


    On the systems I checked it was enabled. 

    It will still not record detailed info without going to the print serber manager and setting the option to save detailed information which I though was the original request.


    ¯\_(ツ)_/¯

    Saturday, February 18, 2012 3:54 PM