On Thu, Feb 17, 2011 at 9:48 AM, Mike Leone <[email protected]> wrote: > But I don't see any event log files (*.evt) in the location > c:\windows\system32\config.
I don't have a solution for you, but IIRC, the active Event Log files are opened by the EventLog service at startup and stay that way as long as the system is running. So unless you use an "open file agent" on your DC, they would be found to be open and skipped during the backup. They might (*MIGHT* -- I dunno) be included in a "System State" backup/restore, but you'll want to restore to an isolated lab environment (you'll be restoring a 6 month old copy of your AD database, and while it shouldn't be accepted as authoritative by the other DCs if you don't say so, it will still be a mess). -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
