Sorry, I wasn't paying close attention, but they should be backed up by anything that does a SysState backup and anything that does a VSS backup.
Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Thursday, February 17, 2011 2:16 PM To: NT System Admin Issues Subject: Re: Looking for logon/logoff times in old event logs On Thu, Feb 17, 2011 at 9:48 AM, Mike Leone <[email protected]> wrote: > But I don't see any event log files (*.evt) in the location > c:\windows\system32\config. I don't have a solution for you, but IIRC, the active Event Log files are opened by the EventLog service at startup and stay that way as long as the system is running. So unless you use an "open file agent" on your DC, they would be found to be open and skipped during the backup. They might (*MIGHT* -- I dunno) be included in a "System State" backup/restore, but you'll want to restore to an isolated lab environment (you'll be restoring a 6 month old copy of your AD database, and while it shouldn't be accepted as authoritative by the other DCs if you don't say so, it will still be a mess). -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
