Windows 7 Enable WMI Trace Logging via Registry File
I'm currently working on a problem where I have had to enable WMI trace logging on a series of machines, rather than enable the WMI trace logging functionality on each machine seperately - I used Mark Russinoviches Process Monitor tool to determine exactly what registry keys to include in the following reg frag. The trace logging wont start until the registry fragment has been applied and the machine has been rebooted.
Copy the following text into notepad and save as wmiTraceLogging.reg the file can then be applied to multiple machines either through script or GPO.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WMI-Activity/Trace]
"OwningPublisher"="{1418ef04-b0b4-4623-bf7e-d74ab47bbdaa}"
"Enabled"=dword:00000001
"Isolation"=dword:00000000
"ChannelAccess"="O:BAG:SYD:(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573)"
"Type"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-Microsoft-Windows-WMI-Activity-Trace]
"Start"=dword:00000001
"BufferSize"=dword:00000004
"MinimumBuffers"=dword:00000000
"MaximumBuffers"=dword:0000000a
"FlushTimer"=dword:00000005
"MaxFileSize"=dword:00000001
"FileName"="%SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-WMI-Activity%4Trace.etl"
"Age"=dword:00000001
"LogFileMode"=dword:00001281
"ClockType"=dword:00000002
"Guid"="{abc58df8-50d2-e31c-7acd-d171296d7628}"
"OwningChannel"="Microsoft-Windows-WMI-Activity/Trace"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-Microsoft-Windows-WMI-Activity-Trace\1418ef04-b0b4-4623-bf7e-d74ab47bbdaa}]
"Enabled"=dword:00000001
"EnableLevel"=dword:00000000
"LoggerName"="EventLog-Microsoft-Windows-WMI-Activity-Trace"
"MatchAnyKeyword"=hex(b):00,00,00,00,00,00,00,00
"MatchAllKeyword"=hex(b):00,00,00,00,00,00,00,80
"EnableProperty"=dword:00000001
Stevie