Home
  •  

Recopilación del servicio de apagado agregado de Vista

Microsoft.Windows.Client.Vista.Computer.ShutdownService.Collection (Rule)

Knowledge Base article:

Resumen

Esta regla recopila eventos sobre las causas raíz de los problemas de rendimiento de apagado detectados por Windows Vista.

Causas

El tiempo de ejecución de los servicios es una de las causas raíz de la degradación.

Element properties:

TargetMicrosoft.Windows.Client.Vista.Aggregate.Computer
CategoryEventCollection
EnabledTrue
Event_ID203
Event SourceMicrosoft-Windows-Diagnostics-Performance
Alert GenerateFalse
RemotableTrue
Event LogMicrosoft-Windows-Diagnostics-Performance/Operational

Member Modules:

ID Module Type TypeId RunAs 
EventDS DataSource Microsoft.Windows.EventProvider System.PrivilegedMonitoringAccount
PublishToClientPerfRootCauseChannel WriteAction Microsoft.Windows.Client.Vista.Computer.PublishBaseData Default

Source Code:

<Rule ID="Microsoft.Windows.Client.Vista.Computer.ShutdownService.Collection" Enabled="true" Target="Microsoft.Windows.Client.Vista.Aggregate.Computer">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="EventDS" RunAs="System!System.PrivilegedMonitoringAccount" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$</ComputerName>

      <LogName>Microsoft-Windows-Diagnostics-Performance/Operational</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>Microsoft-Windows-Diagnostics-Performance</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>203</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="PublishToClientPerfRootCauseChannel" TypeID="Microsoft.Windows.Client.Vista.Computer.PublishBaseData">

      <ChannelId>02F14C7F-751D-4D6E-88C0-A7D7B2E590F3</ChannelId>

    </WriteAction>

  </WriteActions>

</Rule>