<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">* [EventData[Data[@Name='TargetUserName']='administrator']]</Select>
</Query>
</QueryList>
server1.dk
Tech Tips
<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">* [EventData[Data[@Name='TargetUserName']='administrator']]</Select>
</Query>
</QueryList>