Home
  •  

Collecte de service d'extinction d'agrégat Vista

Microsoft.Windows.Client.Vista.Computer.ShutdownService.Collection (Rule)

Knowledge Base article:

Résumé

Cette règle collecte les événements détaillant les causes principales des problèmes de performance d'arrêt détectés par Windows Vista.

Causes

L'exécution des services constitue l'une des causes principales de la dégradation.

Element properties:

TargetMicrosoft.Windows.Client.Vista.Aggregate.Computer
CategoryEventCollection
EnabledTrue
Event_ID203
Event SourceMicrosoft-Windows-Diagnostics-Performance
Alert GenerateFalse
RemotableTrue
Event LogMicrosoft-Windows-Diagnostics-Performance/Operational

Member Modules:

ID Module Type TypeId RunAs 
EventDS DataSource Microsoft.Windows.EventProvider System.PrivilegedMonitoringAccount
PublishToClientPerfRootCauseChannel WriteAction Microsoft.Windows.Client.Vista.Computer.PublishBaseData Default

Source Code:

<Rule ID="Microsoft.Windows.Client.Vista.Computer.ShutdownService.Collection" Enabled="true" Target="Microsoft.Windows.Client.Vista.Aggregate.Computer">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="EventDS" RunAs="System!System.PrivilegedMonitoringAccount" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$</ComputerName>

      <LogName>Microsoft-Windows-Diagnostics-Performance/Operational</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>Microsoft-Windows-Diagnostics-Performance</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>203</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="PublishToClientPerfRootCauseChannel" TypeID="Microsoft.Windows.Client.Vista.Computer.PublishBaseData">

      <ChannelId>02F14C7F-751D-4D6E-88C0-A7D7B2E590F3</ChannelId>

    </WriteAction>

  </WriteActions>

</Rule>