Microsoft-Windows-DCLocator

9 events across 1 channel

EventTitleChannel
1task_0Debug
2task_02Debug
3task_03Debug
4task_04Debug
5task_05Debug
6task_06Debug
7task_07Debug
8task_08Debug
9task_09Debug

Event ID 1: task_0

#
Provider
Microsoft-Windows-DCLocator
Channel
Debug

Fields #

NameDescription
Message UnicodeString

Event ID 2: task_02

#
Provider
Microsoft-Windows-DCLocator
Channel
Debug

Fields #

NameDescription
Message UnicodeString

Event ID 3: task_03

#
Provider
Microsoft-Windows-DCLocator
Channel
Debug

Fields #

NameDescription
Message UnicodeString

Event ID 4: task_04

#
Provider
Microsoft-Windows-DCLocator
Channel
Debug

Fields #

NameDescription
Message UnicodeString

Event ID 5: task_05

#
Provider
Microsoft-Windows-DCLocator
Channel
Debug

Fields #

NameDescription
Message UnicodeString

Event ID 6: task_06

#
Provider
Microsoft-Windows-DCLocator
Channel
Debug

Fields #

NameDescription
Message UnicodeString

Event ID 7: task_07

#
Provider
Microsoft-Windows-DCLocator
Channel
Debug

Fields #

NameDescription
Message UnicodeString

Event ID 8: task_08

#
Provider
Microsoft-Windows-DCLocator
Channel
Debug

Fields #

NameDescription
Message UnicodeString

Event ID 9: task_09

#
Provider
Microsoft-Windows-DCLocator
Channel
Debug

Fields #

NameDescription
Message UnicodeString

Provenance

Where this provider's schema came from, and which Windows build it was observed on. Windows can change a provider's event schema between builds, so use this to judge whether it matches the build you collect from.

ETW provider GUID cfaa5446-c6c4-4f5c-866f-31c9b55b962d

Defined in logoncli.dll, which carries the event manifest.

Observed on:

  • WS2022-20348.4893 · schema read from the registered manifest · binary version 10.0.20348.2849 · captured 2026-06-02
  • Win11-26200.6584 · schema read from the registered manifest · binary version 10.0.26100.4946 · captured 2026-06-02

Downloads

Credits

  • Microsoft - authored the ETW manifests and PDBs the schema comes from
  • jdu2600 - the event-schema TSV format this catalog adopted
  • nasbench - the tool that dumps registered providers and manifests