Policy selection for ADMX packs

Policy overview

Key metadata and intent for this policy.

ClassComputer

CategoryWindows Components > Event Logging

Supported onAt least Windows Server 2016, Windows 10

Supported OS tags: Windows10, Windows10RT, Windows11, WindowsServer2016

This policy setting lets you configure Protected Event Logging. If you enable this policy setting, components that support it will use the certificate you supply to encrypt potentially sensitive event log data before writing it to the event log. Data will be encrypted using the Cryptographic Message Syntax (CMS) standard and the public key you provide. You can use the Unprotect-CmsMessage PowerShell cmdlet to decrypt these encrypted messages, provided that you have access to the private key corresponding to the public key that they were encrypted with. If you disable or do not configure this policy setting, components will not encrypt event log messages before writing them to the event log.

Internal name

EnableProtectedEventLogging

Policy ID

cae51b78a521

Elements

Registry values

How enabled and disabled states update the registry.

Registry location	Type	Enabled value	Disabled value
HKLM\Software\Policies\Microsoft\Windows\EventLog\ProtectedEventLogging\EnableProtectedEventLogging	REG_DWORD	1	0

Policy elements

Inputs and configuration options exposed by this policy.

Element	Type	Registry mapping	Constraints & behavior
EncryptionCertificate ID EncryptionCertificate	list	HKLM\Software\Policies\Microsoft\Windows\EventLog\ProtectedEventLogging\EncryptionCertificate Type REG_MULTI_SZ	None