I have strange problem using WinRM collecting method from one Win 2008 AD controller - I can collect successfully Application and System logs but Security logs is something which I never managed to get. So far I tried everything from known documentation:
- I use doman account with administrators privileges
- That account is in "Event Log readers" group
- Channel subscription changed with known "S-1-5-20" form
I think there must be some privileges level problem but I don't know which one...status during "wineventsvc -v++" is always "Event count = 0".
If somebody have any idea ...