A: Microsoft released the mechanism for Windows event forwarding and collection as part of the Windows Eventing 6.0 code in Windows Vista and Windows Server 2008. Only Vista, Server 2008, Server 2008 R2, and Windows 7 platforms can be configured as event collectors for the built-in Windows event forwarding mechanism. The event collector computer is used as the central repository for all events that are collected and forwarded from different event source computers. Microsoft recommends you use Server 2008 or Server 2008 R2 computers as event collectors because a Windows server OS scales better in high-volume event collection scenarios.

The minimum Windows OS level required for event source computers is Windows XP SP2. Every event source computer must have Windows Remote Management (WinRM) 1.1 or later installed. WinRM implements the Web Services for Management (WS-Management) protocol standards specification for remote management. The event exchanges between a collector and source computer leverage WinRM and the WS-Management protocols. The WinRM logic and code is available out of the box on all Vista, Server 2008, and later Windows platforms. On Windows XP and Windows Server 2003, you must explicitly add and install the WinRM logic and code, which you can download from the Microsoft Download Center.

Microsoft recommends that you deploy WinRM 2.0 to your Windows event source and event collection computers. WinRM 2.0 is included by default in Server 2008 R2 and Windows 7. It's available as a separate download from the Microsoft Download Center for Windows Server 2008 SP2, Windows Server 2003 SP2, Vista SP1, Vista SP2, and Windows XP SP3. The WinRM 2.0 package includes Windows PowerShell 2.0. For a complete overview of what's new in WinRM 2.0, take a look at the Microsoft Support article "Windows Management Framework (Windows PowerShell 2.0, WinRM 2.0, and BITS 4.0)."