How To: Redirect Event Viewer Log File Location to a thawed partition
Posted by Panagiotis Mantzouranis on 27 December 2013 11:33 AM
In the event of troubleshooting an application error or crash (e.g. Gizmo client's) one of the things you will be looking for is errors in Windows Application and System Log.
By default, these logs are stored inside
When using an automatic recovery software (such as Deep Freeze) for the OS partition, the errors are not saved after a system reboot, making the use of these diagnostics impossible.
The best way to handle this is by re-locating the Event Viewer Log Files to a thawed partition.
One way to do it is by modifying Windows Registry.
A second way to achieve the same result is by using the wevtutil Utility (Vista and above)
To change the location of the System Log, enter the command below in a command line prompt:
Replace D:\Windows_Logs with your preferred Log location
To do the same for Application log, enter:
Verify that the directory exists or else the logs will not be created.
You can then use event viewer: http://technet.microsoft.com/en-us/library/cc766401.aspx to open the log files on another computer.