Q62. SIMULATION Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time. When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design. Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task. Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided. Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab. Username and password Use the following login credentials as needed: To enter your password, place your cursor in the Enter password box and click on the password below. Username: Contoso/Administrator Password: Passw0rd! The following information is for technical support purposes only: Lab Instance: 11145882 You have already prepared Client1 for remote management. You need to forward all events from the Application event log on Client1 to DC1. To complete this task, sign in to the required computer or computers.
Configuring the event source computer 1. Run the following command from an elevated privilege command prompt on the Windows Server domain controller to configure Windows Remote Management: winrm qc -q 2. Start group policy by running the following command: %SYSTEMROOT%System32gpedit.msc 3. Under the Computer Configuration node, expand the Administrative Templates node, then expand the Windows Components node, then select the Event Forwarding node. 4. Right-click the SubscriptionManager setting, and select Properties. Enable the SubscriptionManager setting, and click the Show button to add a server address to the setting. Add at least one setting that specifies the event collector computer. The SubscriptionManager Properties window contains an Explain tab that describes the syntax for the setting. 5. After the SubscriptionManager setting has been added, run the following command to ensure the policy is applied: gpupdate /force Configuring the event collector computer 1. Run the following command from an elevated privilege command prompt on the Windows Server domain controller to configure Windows Remote Management: winrm qc -q 2. Run the following command to configure the Event Collector service: wecutil qc /q 3. Create a source initiated subscription. This can either be done programmatically, by using the Event Viewer, or by using Wecutil.exe. If you use Wecutil.exe, you must create an event subscription XML file and use the following command: wecutil cs configurationFile.xml
Configuring the event source computer 1. Run the following command from an elevated privilege command prompt on the Windows Server domain controller to configure Windows Remote Management: winrm qc -p 2. Start group policy by running the following command: %SYSTEMROOT%System32gpedit.msc 3. Under the Computer Configuration node, expand the Administrative Templates node, then expand the Windows Components node, then select the Event Forwarding node. 4. Right-click the SubscriptionManager setting, and select Properties. Enable the SubscriptionManager setting, and click the Show button to add a server address to the setting. Add at least one setting that specifies the event collector computer. The SubscriptionManager Properties window contains an Explain tab that describes the syntax for the setting. 5. After the SubscriptionManager setting has been added, run the following command to ensure the policy is applied: gpupdate /force Configuring the event collector computer 1. Run the following command from an elevated privilege command prompt on the Windows Server domain controller to configure Windows Remote Management: winrm qc -p 2. Run the following command to configure the Event Collector service: wecutil qc /p 3. Create a source initiated subscription. This can either be done programmatically, by using the Event Viewer, or by using Wecutil.exe. If you use Wecutil.exe, you must create an event subscription XML file and use the following command: wecutil cs configurationFile.xml