Configuring the Event Viewer

to display passwork events in the event viewer, you must additionally configure access rights to do this, you need to open powershell as "administrator" using the start context menu right click on the start icon in the lower left corner of the screen select "windows powershell (administrator)" from the context menu using the start menu left click on the start icon in the lower left corner of the screen write powershell open powershell as "administrator" with the combination — ctrl + shift + enter get security identifiers (sids) for accounts powershell $objuser = new object system security principal ntaccount("group name") $strsid = $objuser translate(\[system security principal securityidentifier]) $strsid value standard user accounts iusr (sid s 1 5 17); iis iusrs (sid s 1 5 32 568); network service (sid s 1 5 20) get access rights configured using cmd cmd wevtutil gl application > temp txt a temp txt file will be created in the directory to be executed in the temp txt file, edit the channelaccess line remove items beginning with (d;;; and containing one of the received sid ; each received sid is inserted by an element in the format (a;;0x3;;;sid) ; example for standard sids written at the end of the channelaccess string sid (a;;0x3;;;s 1 5 17)(a;;0x3;;;s 1 5 32 568)(a;;0x3;;;s 1 5 20) full string with standard security identifiers (sid) channelaccess channelaccess o\ bag\ syd (a;;0x2;;;s 1 15 2 1)(a;;0xf0007;;;sy)(a;;0x7;;;ba)(a;;0x7;;;so)(a;;0x3;;;iu)(a;;0x3;;;su)(a;;0x3;;;s 1 5 3)(a;;0x3;;;s 1 5 33)(a;;0x1;;;s 1 5 32 573)(a;;0x3;;;s 1 5 17)(a;;0x3;;;s 1 5 32 568)(a;;0x3;;;s 1 5 20) change the permissions settings using cmd cmd wevtutil sl application /ca\ o bag\ syd (a;;0x2;;;s 1 15 2 1)(a;;0xf0007;;;sy)(a;;0x7;;;ba)(a;;0x7;;;so)(a;;0x3;;;iu)(a;;0x3;;;su)(a;;0x3;;;s 1 5 3)(a;;0x3;;;s 1 5 33)(a;;0x1;;;s 1 5 32 573)(a;;0x3;;;s 1 5 17)(a;;0x3;;;s 1 5 32 568)(a;;0x3;;;s 1 5 20) after /ca substitute the value of the channelaccess parameter from temp txt in powershell, execute the following script to display php events correctly note to self in the variable $eventsource write php number version , to get the php version, you need to execute — php v in powershell in the variable $phpeventmessagefile write the location of php8 dll extension, located in the root directory of the php obtained during installation powershell # variable definition $eventsource = "php 8 3 19" $phpeventmessagefile = "c \program files\php8 3\php8 dll" $eventlogpath = "hklm \system\currentcontrolset\services\eventlog\application\\$eventsource" $typessupported = 7 \# checking and creating a key for the event source if ( not (test path $eventlogpath)) { new item path "hklm \system\currentcontrolset\services\eventlog\application" name $eventsource force } \# configuring parameters for the event source set itemproperty path $eventlogpath name "eventmessagefile" value $phpeventmessagefile type expandstring set itemproperty path $eventlogpath name "typessupported" value $typessupported type dword after the steps are completed, passwork events will be displayed in event view — windows logs → application