@raptorddd For both of your questions, there are some keys where these values are missing. I think the default (when not present) is not 3, so I think they should be added everywhere on the same level. For example: In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-Application\{0888E5EF-9B98-4695-979D-E92CE4247224} there is EnableLevel=dword:5, while in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-Application\{09608C12-C1DA-4104-A6FE-B959CF57560A} there is no EnableLevel present. I would set them both to 3 (create the second one). Same for the other (undocumented and unproven) value Level, which might not even exist anywhere on a clean installation, but I see with ProcMon (boot logging) that it is queried for every event log. So I create it in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System etc., and on all other keys on that level (pun intended ). And yet again, the same for TypesSupported, it might be present under, for example, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Chkdsk (but with value other than 3), but not present under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\COM. I would set the first one to 3, and create the second one, also setting it to 3. These are just examples, the actual situation in any or all of the above keys might be different on a clean installation. And yes, I also have seen some very high values of EnableLevel, I can not find documentation about that anywhere. I have set these also to 3, with no ill effects so far. GL
a script is really needed.. to edit all entries to "TypesSupported"=dword:00000003 "EnableLevel"=dword:00000003 and create one for entries that dont have it. took me 2 days to do it.. manually is way too much.. got a headache.. eyestrain and very anxious...
It's hard and boring to spot mistakes looking on a big txt file. I suggest you to keep a copy of the original exported .reg(s), import the new ones and look/test if the behavior is the expected one. If not just delete your modded key and re-import the original. Alternatively you can import in a dummy key just to see how it looks. Say replace all strings from HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\AutologgerTEST So you will get a new AutologgerTEST key (that does nothing) to compare with the untouched original. If everything looks correct delete the AutologgerTEST key and import the reg made for the correct place
i asked because i thought you might know a faster easier way to check.. as i said we need a script you said no need just use text edito and modify the line.. that is too many entries. just found out that notepad++ can replace text.. even using that its boring and lot of work.. am about to clean install yes i was going to clean install and make back up of registries key... thanks
I say it again, replace strings is pretty straightforward, and takes a couple of seconds. Adding a missing key is a different matter, but often can be accomplished using cleverly the search/replace function That's the whole point of search and replace, not caring about many entries there are, I don't understand where the problem is supposed to be. Replacing 15000 entries takes the same effort of replacing 2 of them Well... search and replace is a so basic feature that took for granted that you were aware of its existence. I think that the win 3.1 notepad or the dos editor has it, obviously notepad++ is faster and has a bounch of additional features (like regular expressions or search and replace in all opened tabs) That's pretty overkill. Just take your installation media, copy the registry file somewhere, mount it as hive, export the key(s) you need, adjust the path using search and replace. 2 minutes needed over one hour.
Now that you mention the registry searchers, If I remember correctly "Registry workshop" has the search and replace feature, so launching it as TI should do the job w/o even exporting and importing. That said, I still don't understand where the problem is, using a text editor and searching for (say) "TypesSupported"=dword:00000001 then "TypesSupported"=dword:00000002 or "TypesSupported"=dword: (to get the total number of the instances, N++ has the feature)