Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.
View products that this article applies to.
| Description | File Name |
| Event Log – System – text, csv and evtx formats | {Computername}_evt_System.* |
| Event Log – Application – text, csv and evtx formats | {Computername}_evt_Application.* |
| Event Log – Security – text, csv and evtx formats | {Computername}_evt_Security.* |
| Description | File Name | |
| User Logon Information (user identity, user status, logon authentication method, domain controller and global catalog used, and logon computer details) | {Computername}_UserLogonInfo.txt and in ResultReport.xml | |
| Active Directory Domain Information (details about the current domain including a list of all domain controllers in the domain) | {Computername}_CurrentDomainInfo.txt and in ResultReport.xml | |
| Active Directory Forest Information (details about domains in the current forest) | {Computername}_ForestInfo.txt and in ResultReport.xml | |
| Active Directory Forest Trusts List (created trusted for the current forest) | {Computername}_TrustList.txt and in ResultReport.xml | |
| Active Directory Site Domain Controller List | {Computername}_SiteDCList.txt and in ResultReport.xml |
| Description | File Name |
| Winlogon debug log %systemroot%\security\logs\winlogon.log | {Computername}_winlogon.log |
| Description | File Name |
| Output from the Whoami.exe utility, with the /all switch. | {Computername}_whoami.txt |
| Description | File Name |
| Currently configured user rights for the local computer. | {Computername}_UserRights.txt |
| Description | File Name |
| Domain functional level information and built in Administrators group membership. | {Computername}_DSMisc.txt |
| Description | File Name |
| AuditPol Configuration | {Computername}_ AuditPol_Configuration.* |
| AuditPol Per-User | {Computername}_ AuditPol_Per-User.* |
| AuditPol User Policy | {Computername}_ AuditPol_UserPolicy.* |
| Audit Policy Events | {Computername}_ AuditPolPolicy.* |
| Description | File Name |
| Local domain secure channel information on domain member computers and trust secure channel information from domain controllers. Also gathers basic domain and forest info. | {Computername}_Secure_Channels.txt |
| Description | File Name |
| Authentication related registry entries for effective settings. Claims information if present. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w32time HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\Kerberos\Parameters DCs Only: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\KDC\Parameters HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS | {Computername}_AuthnSettings.txt |
| Description | File Name |
| User session ticket information from Klist.exe. | {Computername}_Klist.txt |
| Description | File Name |
| Group policy results for the logged on user and computer. | {Computername}_gpresult.txt |
| Group policy results for the logged on user and computer. | {Computername}_gpresult.htm |
| Description | File Name |
| User Token Details (security groups, group scopes, SIDHistory and token sizing information) | {Computername}_TokenDetails.txt |
| Description | File Name |
| W32Time Reg Key | {Computername}_W32Time_Reg_Key.txt |
| W32Time Reg Key Perms | {Computername}_W32Time_Reg_Key_Perms.txt |
| W32Time Service Status | {Computername}_W32Time_Service_Status.txt |
| W32Time Service Perms | {Computername}_W32Time_Service_Perms.txt |
| W32TM /Monitor | {Computername}_W32TM_Monitor.txt |
| W32TM /TestIf /QPS | {Computername}_W32TM_TestIf_QPS.txt |
| W32TM Query Status | {Computername}_W32TM_Query_Status.txt |
| W32TM Stripchart | {Computername}_W32TM_Stripchart.txt |
| Description | File Name |
| WINS Client nbtstat output | {Computername}_ WinsClient_nbtstat-output.TXT |
| Description | File Name |
| Netlogon.log located in %windir%\debug | {Computername}_Netlogon.log |
| Netlogon.bak located in %windir%\debug | {Computername}_Netlogon.bak |
| Description | File Name |
| DHCP Client Registry Key | {Computername}_ DhcpClient_reg_.TXT |
| Description | File Name |
| IPsec Powershell Cmdlets | {Computername}_ IPsec_info_pscmdlets.TXT |
| IPsec Registry keys | {Computername}_IPsec_reg_.TXT |
| IPsec netsh dynamic show all | {Computername}_IPsec_netsh_dynamic.TXT |
| IPsec netsh static show all | {Computername}_IPsec_netsh_static.TXT |
| IPsec Local Policy Export (.ipsec): | {Computername}_netsh_LocalPolicyExport.ipsec |
| Description | File Name |
| DnsClient Registry Keys | {Computername}_ DnsClient_reg_.TXT |
| Ipconfig /displaydns | {Computername}_ DnsClient_ipconfig-displaydns.TXT |
| DNS Client - HOSTS file | {Computername}_ DnsClient_HostsFile.TXT |
| DNS Client Powershell Cmdlets | {Computername}_ DnsClient_info_pscmdlets.TXT |
| DNS Client netsh show state (for DirectAccess) | {Computername}_ DnsClient_netsh_dnsclient-show-state.TXT |
| Description | File Name |
| Firewall PowerShell Cmdlets | {Computername}_Firewall_info_pscmdlets.txt |
| Firewall Registry Keys | {Computername}_Firewall_reg.txt |
| NETSH Advanced Firewall | {Computername}_netsh_advFirewall.txt |
| NETSH Advanced Firewall Export | {Computername}_netsh_advFirewall-export.wfw |
| NETSH Advanced Firewall Rules ConSec | {Computername}_netsh_advFirewall-consec-rules.txt |
| NETSH Advanced Firewall Rules ConSec Active | {Computername}_netsh_advFirewall-consec-rules-active.txt |
| NETSH Advanced Firewall Rules | {Computername}_netsh_advFirewall-firewall-rules.txt |
| NETSH Advanced Firewall Rules Active | {Computername}_netsh_advFirewall-firewall-rules-active.txt |
| NETSH WFP Show Events | {Computername}_netsh_wfp_show_netevents.xml |
| NETSH WFP Show BootTimePolicy | {Computername}_netsh_wfp_show.boottimepolicy.xml |
| NETSH WFP Show Filters | {Computername}_netsh_wfp-show-filters.xml |
| NETSH WFP Show Options OptionsForNetEvents | {Computername}_netsh_wfp-show-options-optionsfornetevents.txt |
| NETSH WFP Show Options OptionsForKeyWords | {Computername}_netsh_wfp-show-options-optionsforkeywords.txt |
| NETSH WFP Show Security Net Events | {Computername}_netsh_wfp-show-security-netevents.txt |
| NETSH WFP Show State | {Computername}_netsh_wfp-show-state.xml |
| NETSH WFP Show Sysports | {Computername}_netsh_wfp-show-sysports.xml |
| Microsoft-Windows-Windows Firewall With Advanced Security/Firewall | {Computername}_evt_WindowsFirewallWithAdvancedSecurity-Firewall_evt_.* |
| Description | File Name |
| TCPIP Info | {Computername}_ TCPIP_info.TXT |
| TCPIP registry output | {Computername}_ TCPIP_reg_output.TXT |
| TCP OFFLOAD | {Computername}_TCPIP_OFFLOAD.TXT |
| TCPIP Services File | {Computername}_TCPIP_ServicesFile.TXT |
| TCPIP Net Powershell Cmdlets | {Computername}_TCPIP_info_pscmdlets_net.TXT |
| TCPIP IPv6 Transition Technology Info | {Computername}_TCPIP_info_pscmdlets_IPv6Transition.TXT |
| TCPIP netsh output | {Computername}_TCPIP_netsh_info.TXT |
| Microsoft-Windows-Iphlpsvc/Operational | {Computername}_evt_Iphlpsvc-Operational_evt_.* |
| Description | File Name |
| RPC netsh output | {Computername}_ RPC_netsh_output.TXT |
| RPC registry output | {Computername}_ RPC_reg_output.TXT |
| Description | File Name |
| SMB Client registry output | {Computername}_SmbClient_reg_output.TXT |
| SMB Client Information from Net.exe | {Computername}_SmbClient_info.TXT |
| SMB Server registry output | {Computername}_SmbServer_reg_output.TXT |
| SMB Server Information from tools like net.exe | {Computername}_SmbServer_info.txt |
Keywords: kb