M
martin.tolan
Hi All,
I have been going around in circles for a long time with this issue
and can't see any end to it!
Problem:
I am using HORM so I unmount all other drives in the system (except
the primary that is protected with EWF) and create the HORM image.
When the system boots from the HORM image I mound the other drives (in
my case just one other drive, D
, starts my applications and runs as
expected. My problem is I need to persist the event logs so when power
is cut I lose all the event logs (and anything else that was protected
by EWF). If I change the path to the event log files to the D: drive
(not protected by EWF) I can't create the HORM image as I will never
be able to unmount the drive!
Ideally I would like to change the location of the event log files to
D: then stop the Event Log service, create the HORM image and after
resuming from HORM restart the service! Event Log service is not a
self contained .exe and doesn't support the Stop, Pause & Continue
commands.
I was @ MEDC in Berlin in June and the XPe team suggested stopping the
service but to quote MS tech net
http://technet2.microsoft.com/windo...2796-4253-8fb1-b25329ddf35f1033.mspx?mfr=true
"Some services, such as Remote Procedure Call (RPC), Event Log, and
Plug and Play, cannot be stopped by using the Service snap-in or the
net stop command. These services are required for the operating system
to function properly."
I have also tried to use Junction (the MS version of symbolic links
for NTFS) but to no avail. It seems that the event log service has a
handle to the event logs that even Junction can't mess with!
Has anybody out there ever heard of someone being able to move the
event logs and use HORM?
Any help is much appreciated as this is doing my nut in!
Cheers,
Martin.
I have been going around in circles for a long time with this issue
and can't see any end to it!
Problem:
I am using HORM so I unmount all other drives in the system (except
the primary that is protected with EWF) and create the HORM image.
When the system boots from the HORM image I mound the other drives (in
my case just one other drive, D
, starts my applications and runs asexpected. My problem is I need to persist the event logs so when power
is cut I lose all the event logs (and anything else that was protected
by EWF). If I change the path to the event log files to the D: drive
(not protected by EWF) I can't create the HORM image as I will never
be able to unmount the drive!
Ideally I would like to change the location of the event log files to
D: then stop the Event Log service, create the HORM image and after
resuming from HORM restart the service! Event Log service is not a
self contained .exe and doesn't support the Stop, Pause & Continue
commands.
I was @ MEDC in Berlin in June and the XPe team suggested stopping the
service but to quote MS tech net
http://technet2.microsoft.com/windo...2796-4253-8fb1-b25329ddf35f1033.mspx?mfr=true
"Some services, such as Remote Procedure Call (RPC), Event Log, and
Plug and Play, cannot be stopped by using the Service snap-in or the
net stop command. These services are required for the operating system
to function properly."
I have also tried to use Junction (the MS version of symbolic links
for NTFS) but to no avail. It seems that the event log service has a
handle to the event logs that even Junction can't mess with!
Has anybody out there ever heard of someone being able to move the
event logs and use HORM?
Any help is much appreciated as this is doing my nut in!
Cheers,
Martin.