This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI- enabled event sources. The service stores forwarded events in a local Event Log In a high security environment, remote connections to secure workstations should be minimized, and management functions should be done locally. Default: Manual. Counter Measure: The recommended state for this setting is Disabled. Potential Impact: If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Windows Event Collector (2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wecsvc!Start