Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.
View products that this article applies to.
| Description | File name |
| Event log � Application� � text, csv, and evtx formats | {Computername}_evt_Application.* |
| Event log � System � text, csv, and evtx formats | {Computername}_evt_System.* |
| Event logs � Other | {Computername}_evt_*.* |
| Description | File name |
| File version information from %windir%\cluster\*.* | {Computername}_sym_Cluster.* |
| File version information from %windir%\system32\*.dll | {Computername}_sym_System32_dll.* |
| File version information from %windir%\system32\*.exe | {Computername}_sym_System32_exe.* |
| File version information from %windir%\system32\*.sys | {Computername}_sym_System32_sys.* |
| File version information from %windir%\system32\drivers folder | {Computername}_sym_Drivers.* |
| File version information from %windir%\system32\drivers\*.* | {Computername}_sym_SysWOW64_sys.* |
| File version information from {Program Files (x86}}\*.sys | {Computername}_sym_ProgramFilesx86_sys.* |
| File version information from {Program Files}\*.sys | {Computername}_sym_ProgramFiles_sys.* |
| File version information from {Program Files}\Microsoft iSNS Server\*.* and %windir%\system32\iscsi*.* | {Computername}_sym_MS_Iscsi.* |
| File version information from all drivers currently running on computer | {Computername}_sym_RunningDrivers.* |
| File version information from all processes currently running on computer | {Computername}_sym_Process.* |
| File version information from print spooler folder %windir%\system32\Spool\*.* | {Computername}_sym_PrintSpooler.* |
| File version information from Windows\Cluster | {Computername}_sym_Cluster.* |
| Description | File name |
| Devices and connection information that is generated by Devcon utility | {Computername}_Devcon.log |
| Minifilter drivers enumeration by using Fltmc.exe utility | {Computername}_Fltmc.TXT |
| MS-DOS device names by using Dosdev utility | {Computername}_DosDev.txt |
| Output from Driver Verifier Manager (Verifier.exe) utility | {Computername}_Verifier.txt |
| Upper and lower filters information by using Fltrfind.exe utility | {Computername}_FltrFind.txt |
| Information about driver signature by using Driverquery.exe | {Computername}_SignedDrivers.txt |
| Description | File name |
| Fibre Channel Information Tool information that is collected by FCInfo utility | {Computername}_fcinfo.txt |
| Information from computer disk sectors that is generated by SecInspect.exe utility | {Computername}_Secinspect.txt |
| iSCSI-related information that is generated by Iscsicli.exe utility | {Computername}_iSCSIInfo.txt |
| Parsing of storage-related event logs (events 6, 7, 9, 11, 15, 50, 51, 57, and 389) on System log by using Evparse.exe utility | {Computername}_StorageEventLogs.htm |
| Fibre Channel Information tool (fcinfo) output to obtain SAN resources and configuration information | {Computername}_FCInfo.txt |
| Dispart SAN policy information | {Computername}_DiskpartSANPolicy.TXT |
| Description | File name |
| Information about computer memory dump files, user memory dump files, and memory dump configuration | {Computername}_DumpReport.* |
| Compressed version of mini-machine memory dump files that are located at %windir%\minidumps | {Computername}_dmp_*.cab |
| Windows Error Reporting mini-dump files that were generated in past 30 days | {Computername}_dmp_*.cab |
| Description | File name |
| Installed updates and hotfixes | {Computername}_Hotfixes.* |
| Description | File name |
| Basic information about machine virtual environment | {Computername}_Virtualization.* |
| Description | File name |
| Basic IP networking configuration information, such as TCP/IP registry key, ipconfig, netstat, nbtstat, and netsh output | {Computername}_TcpIp-Info.txt |
| Basic SMB configuration information based on output of Net.exe utility | {Computername}_SMB-Info.txt |
| Information about TCP Offload from the registry and netsh | {Computername}_TCPIP-Info-Offload.TXT |
| Networking Setup information about attempts to join domains | {Computername}_netsetup.log |
| Network Diagnostic tool (Netdiag.exe) output | {Computername}_netdiag.txt |
| Description | File name |
| Printers and print driver information, including drivers, print monitors, print processors | {Computername}_PrintInfo.* |
| Description | File name |
| HKLM\Software\Microsoft\Windows NT\CurrentVersion HKLM\Software\Microsoft\Windows\CurrentVersion | {Computername}_reg_CurrentVersion.TXT |
| HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | {Computername}_reg_Uninstall.TXT |
| HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions | {Computername}_reg_ProductOptions.TXT |
| HKLM\System\MountedDevices | {Computername}_reg_MountedDevices.* |
| HKLM\System\CurrentControlSet\Control\CrashControl HKLM\System\CurrentControlSet\Control\Session Manager HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options HKLM\Software\Microsoft\Windows\Windows Error Reporting HKLM\Software\Policies\Microsoft\Windows\Windows Error Reporting | {Computername}_reg_Recovery.TXT |
| HKCU\Software\Microsoft\Windows\CurrentVersion\Run HKCU\Software\Microsoft\Windows\CurrentVersion\Runonce HKCU\Software\Microsoft\Windows\CurrentVersion\RunonceEx HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKLM\ Software\Microsoft\Windows\CurrentVersion\Run HKLM\Software\Microsoft\Windows\CurrentVersion\Runonce HKLM\Software\Microsoft\Windows\CurrentVersion\RunonceEx HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" HKCU\Software\Microsoft\Windows NT\CurrentVersion\Load HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit | {Computername}_reg_Startup.TXT |
| HKLM\SYSTEM\CurrentControlSet\Control\Print | {Computername}_reg_Print.HIV |
| HKCU\Software\Policies HKLM\Software\Policies HKCU\Software\Microsoft\Windows\CurrentVersion\Policies HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies | {Computername}_reg_Policies.txt |
| HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones | {Computername}_reg_TimeZone.txt |
| HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server Web Access HKLM\SYSTEM\CurrentControlSet\Services\TermService HKLM\SYSTEM\CurrentControlSet\Services\TermDD | {Computername}_reg_TermServices.txt |
| HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation HKLM\SYSTEM\CurrentControlSet\Services\MRxSmb HKLM\SYSTEM\CurrentControlSet\Services\SMB HKLM\SYSTEM\CurrentControlSet\Services\MRxSmb10 HKLM\SYSTEM\CurrentControlSet\Services\MRxSmb20 | {Computername}_reg_SMB.txt |
| HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters | {Computername}_reg_TCPIPParameters |
| HKLM\SYSTEM\CurrentControlSet\Services\VSS | {Computername}_reg_VSS.TXT |
| HKLM\SYSTEM\CurrentControlSet\Services\iScsiPrt HKLM\SOFTWARE\Microsoft\iSCSI Target HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\iSCSI | {Computername}_reg_iSCSI.TXT |
| HKLM\System\CurrentControlSet\Control\MPDev HKLM\System\CurrentControlSet\Control\iSCSIPrt HKLM\System\CurrentControlSet\Services\MSiSCSI HKLM\System\CurrentControlSet\Services\MSDsm HKLM\System\CurrentControlSet\Services\MPIO HKLM\System\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318} HKLM\System\CurrentControlSet\Services\Tcpip | {Computername}_reg_Storage.TXT |
| HKLM\SYSTEM\CurrentControlSet\Enum | {Computername}_reg_Enum.TXT |
| Description | File name |
| Resultant Set of Policy (RSoP) information that is generated by Gpresult.exe utility | {Computername}_GPResult.* |
| Schedule tasks information (csv and txt)�that is generated by Schtasks.exe utility | {Computername}_schtasks.* |
| System information - MSInfo32 tool output � txt and nfo formats | {Computername}_msinfo32.* |
| Volume Shadow Copy Service (VSS) information | {Computername}_VSSAdmin.txt |
| Windows basic activation information through %windir%\system32\slmgr.vbs | {Computername}_KMSActivation.txt |
| Operating system boot options file (Boot.ini) | {Computername}_BOOT.INI |
| Hyperthread capable processor information | {Computername}_HyperThread.txt |
| Information about process and threads by using Pstat.exe tool | {Computername}_PStat.txt |
| SP Catalog Logging file (Windows\System32\catroot2 \DBErr.txt) | {Computername}_DBErr.txt |
| Windows Update reporting events log file (from WINDOWS\SoftwareDistribution) | {Computername}_ReportingEvents.log |
| Windows Update log file (from Windows folder) | {Computername}_WindowsUpdate.log |
| List Performance information from top processes, such as memory usage, handle count, and number of threads; also kernel memory allocation information | {Computername}_ProcessPerfInfo.* |
| Description������ | File name |
| Cluster MPS tool (Clusmps.exe) output | {Computername} _Cluster_MPS_Information.txt |
| Cluster resource properties from Cluster.exe utility | {Computername}_Cluster_Properties.txt |
| Cluster resources information from Cluster.exe utility | {Computername}_Cluster_Resources.txt |
| Chkdsk utility log files from \Windows\Cluster folder | {Computername}_Chkdsk*.log |
| Cluster Service Setup log | {Computername}_ClCfgSrv.log |
| Cluster log file | {Computername}_Cluster.log |
| Description������ | File name |
| User environment debug log (UserEnv.*) from \windows\debug\usermode | {Computername}_userenv.log |
| Service pack installation log file (from Windows folder) | {Computername}_Svcpack.log |
| Update installation logs (KB*.log located on Windows folder)� | {Computername}_KB*.log |
| Description������ | File name |
| Event log - Hyper-V-related event logs (Microsoft-Windows-Hyper-V*) � Text, csv and evtx formats | {Computername}_evt_HyperV*.* |
| Hyper-V configuration and virtual machine information | {Computername}_HyperV-Info.htm |
| Hyper-V virtual machine definition files from %ProgramData%\Microsoft\Windows\Hyper-V\Virtual Machines\*.xml | {Computername}_{VirtualMachineGUID}.xml |
| Description | File name |
| All files from the windows\cluster\reports folder | {Computername}_ClusterReports*.* |
| Server manager log file that is located at %windir%\logs\ServerManager.log | {Computername}_ServerManager.log |
| Registry key HKLM\System\CurrentControlSet\Services\ClusDisk | {Computername}_Clusdisk.txt |
| Registry key HKLM\System\CurrentControlSet\Services\ClusSvc | {Computername}_ClussvcRegistry.txt |
| Output from "Cluster . RES" command-line utility, listing resources and properties | {Computername}_Cluster_Res_Properties_All.txt |
| Cluster log files that are generated by running the "cluster.exe log" utility | {Computername}_Cluster.Log |
| Cluster MPS tool (Clusmps.exe) output | {Computername} _Cluster_MPS_Information.txt |
| Description | File name |
| Information that is generated by Servermanagercmd.exe about server roles that are installed on a server | {Computername}_ServerManagerCmdQuery.* |
| Server manager log file that is located at %windir%\logs\ServerManager.log | {Computername}_ServerManager.log |
| Description | File name |
| Output from Bcdedit.exe utility | {Computername}_BCDEdit.txt {Computername}_BCD-Backup.bak |
| Description | File name |
| Setupact.log from folders: %windir% %windir%\Panther %windir%\Panther\UnattendedGC | {Computername}_Setupact-*.log |
| Setupapi logs that are located in %windir%\inf folder | {Computername}_SetupApi.app.log {Computername}_SetupApi.evt.log {Computername}_SetupApi.offline.log |
| Setuperr.log that are located in Windows folder | {Computername}_Setuperr.log |
| Upgrade log � SetupReport.txt from windows\panther folder | {Computername}_SetupReport.txt |
| Description | File name |
| Component-Based Servicing logs that are located�at %windir%\Logs\CBS | {Computername}_CBS*.log |
| DPX Setup Act log that are located at %windir%\logs\DPX | {Computername}_setupact.log" |
| Pending Operations Queue Exec log that is located at %windir%\winsxs | {Computername}_poqexec.log |
| Windows Side-by-Side Pending Bad log that is located at %windir%\ winsxs | {Computername}_pending.xml.bad |
| Windows Side-by-Side Pending log that is located at %windir%\ winsxs | {Computername}_pending.xml |
| Description | File name |
| Installed roles and component (output from Oclist.exe command) | {Computername}_OCList*.log |
| Windows Update, Remote Desktop, and other information that is configured by Scregedit.wsf script | {Computername}_Scregedit.txt |
| Description������ | File name |
| Windows Recovery Environment (WinRE) log file that is located in system32\logfiles\srt folder | {Computername}_SrtTrail.TXT |
| Windows Server Backup log files from Windows\Logs\WindowsServerBackup | {Computername}_Bkplogs_*.log |
| SetupApi event log files from Windows\inf | {Computername}_SetupAPI*.ev* |
| Device driver installation INF mapping information by Pnputi.exe | {Computername}_PnpUtil.txt |
Keywords: KB2224427