Configuring a group policy for a collector server running Windows Server 2012 with a "Source computer initiated" subscription
To configure a group policy for the collector server:Open the Windows Control Panel.Select Administrative Tools → Group Policy Management.In the left pane, select a group policy.On the main menu, click Action → Edit.The Group Policy Management Editor window opens.In the left pane, select the node <Policy name> Policy → Computer Configuration → Policies → Administrative Templates → Windows Components → Event Forwarding.Select the Configure target Subscription Manager setting.
Selecting the Configure target Subscription Manager setting
On the main menu, click Action → Edit.
Configuring the target Subscription Manager
In the window that opens, select Enabled.Click Show.In the window that opens, enter the collector server name in FQDN format, depending on the protocol used:
If HTTP is used:
Server=http://<collector server name>:5985/wsman/SubscriptionManager/WEC
If HTTPS is used:
Server=http://<collector server name>:5986/wsman/SubscriptionManager/WEC
Click OK.Click OK.Select the Configure forwarder resource usage setting.On the main menu, click Action → Edit.
Configuring forwarder resource usage
In the window that opens, select Enabled.In The maximum forwarding rate ( events/sec ) allowed for the forwarder box, enter the maximum number of events to forward per second.
You can find out the average number of events saved per day to the OS security log (Security) by executing the following command in Windows PowerShell: (Get-WinEvent -FilterXML "<QueryList><Query><Select Path='Security'>*[System[TimeCreated[timediff(@SystemTime)<= 86400000]]]</Select></Query></QueryList>").count
Click OK.In the left pane, select the node <Policy name> Policy → Computer Configuration → Policies → Windows Settings → Security Settings → System Services.Select Windows Remote Management (WS-Management).
Selecting Windows Remote Management (WS-Management)
On the main menu, click Action → Properties.In the window that opens, select the Define this policy setting check box.Select automatic service startup mode.
Configuring the Windows Remote Management (WS-Management) startup