Windows Server - Setup and Boot Event Collection

What is Setup and Boot Event Collection?

Setup and Boot Event Collection is a new feature starting in Windows Server 2016 Technical Preview that allows you to designate a “collector” computer that can gather a variety of important events that occur on other computers when they boot or go through the setup process. You can then later analyze the collected events with Event Viewer, Message Analyzer, Wevtutil, or Windows PowerShell cmdlets.

What can the collector monitor?

Previously, these events have been impossible to monitor because the infrastructure needed to collect them doesn’t exist until a computer is already set up. The kinds of setup and boot events you can monitor include:

• Loading of kernel modules and drivers.
• Enumeration of devices and initialization of their drivers (including “devices” such as CPU type).
• Verification and mounting of file systems.
• Starting of executable files.
• Starting and completions of system updates.
• The points when the system becomes available for logon, establishes connection with a domain controller, completion of service starts, and availability of network shares.