win_event_col.xml

<?xml version="1.0" encoding="UTF-8"?>
<packages:packages xmlns:packages="http://www.wpkg.org/packages">

<!-- install the Event Viewer Subscriptions settings for the Event Log Collecter Server.  Along with the GPO for the Collector Server the firewall needs tweaking, see below.  This is all that is needed to make a Event Log Server.  Another GPO is used for all of the clients, this tells them the name of the Server to send events to. -->

<package id="win_event_col" name="Windows Event Collector Service" revision="%VERSION%" priority="50" reboot="false">

	<variable name="VERSION"  value="1" />
	<variable name="CONFIG1"  value="GPO" />
	<variable name="CONFIG2"  value="power on-off-sleep" />
	<variable name="CONFIG3"  value="RDS Servers" />
	<variable name="CONFIG4"  value="Logon logoff" />
	<variable name="CONFIG5"  value="Smartd" />
	<variable name="CONFIG6"  value="Windows Updates" />

	<check type='registry' condition='equals' path='HKLM\software\ucam_wpkg.cam.ac.uk\event_collector\version' value="%version%"/>

	<install cmd='cmd /c wecutil cs "%WPKGSHAREBASE%\%WPKGINSTITUTION%-config\windows_event_collector_service\%CONFIG1%.xml"' />
	<install cmd='cmd /c wecutil cs "%WPKGSHAREBASE%\%WPKGINSTITUTION%-config\windows_event_collector_service\%CONFIG2%.xml"' />
	<install cmd='cmd /c wecutil cs "%WPKGSHAREBASE%\%WPKGINSTITUTION%-config\windows_event_collector_service\%CONFIG3%.xml"' />
	<install cmd='cmd /c wecutil cs "%WPKGSHAREBASE%\%WPKGINSTITUTION%-config\windows_event_collector_service\%CONFIG4%.xml"' />
	<install cmd='cmd /c wecutil cs "%WPKGSHAREBASE%\%WPKGINSTITUTION%-config\windows_event_collector_service\%CONFIG5%.xml"' />
	<install cmd='cmd /c wecutil cs "%WPKGSHAREBASE%\%WPKGINSTITUTION%-config\windows_event_collector_service\%CONFIG6%.xml"' />
	<install cmd='reg add HKLM\software\ucam_wpkg.cam.ac.uk\event_collector /t reg_sz /v version /d %version% /f'/>
	<install cmd='cmd /c netsh http add urlacl url=http://+:5985/wsman/ sddl="D:(A;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147-412116970)(A;;GX;;;S-1-5-80-4059739203-877974739-1245631912-527174227-2996563517)"' />

	<upgrade include='remove' />
	<upgrade include='install' />

	<remove cmd='cmd /c wecutil ds "%CONFIG1%"' />
	<remove cmd='cmd /c wecutil ds "%CONFIG2%"' />
	<remove cmd='cmd /c wecutil ds "%CONFIG3%"' />
	<remove cmd='cmd /c wecutil ds "%CONFIG4%"' />
	<remove cmd='cmd /c wecutil ds "%CONFIG5%"' />
	<remove cmd='cmd /c wecutil ds "%CONFIG6%"' />
	<remove cmd='reg delete HKLM\software\ucam_wpkg.cam.ac.uk\event_collector /f'>
		<condition>
			<check type='registry' condition='exists' path='HKLM\software\ucam_wpkg.cam.ac.uk\event_collector' />
		</condition>
	</remove>
	<remove cmd='cmd /c netsh http delete urlacl url=http://+:5985/wsman/' />

</package>
</packages:packages>

<!--
Run the following in an admin cmd window on the server - open up the firewall:

netsh http show urlacl
netsh http delete urlacl url=http://+:5985/wsman/
netsh http add urlacl url=http://+:5985/wsman/ sddl="D:(A;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147-412116970)(A;;GX;;;S-1-5-80-4059739203-877974739-1245631912-527174227-2996563517)"
			-->