Windows VistaInside Out :Windows VistaInside Out Chapter 22 - Monitoring System Activities with Event Viewer Last modified 10-22-07 11 am


Editions :Editions Event Viewer works exactly the same way in all Windows Vista editions


Event Log Service :Event Log Service Records noteworthy occurrences in these log files Application Security Setup System Forwarded Events


Event Viewer :Event Viewer In Computer Management EVENTVWR from an elevated Command Prompt


New Features :New Features View events from multiple logs simultaneously Create and save filtered selections as custom views Create a task to run automatically when a particular event occurs Create a subscription to specified events on other networked computers


Types of Events :Types of Events Application Generated by programs, selected by the developer Security Logon attempts Attempts to use secured resources, such as an attempt to create, modify, or delete a file


Types of Events :Types of Events Setup Application installation System Generated by Windows itself For example, a driver fails to load when you start Windows Forwarded Events Events gathered from other computers


Types of Events :Types of Events Applications And Services Logs for individual applications


Analytic And Debug Logs :Analytic And Debug Logs View, Show Analytic And Debug Logs Rarely used


Auditing Security Events :Auditing Security Events In Windows Vista Business, Enterprise, and Ultimate editions An administrator can choose events to record With Audit Policies (Local Policies\Audit Policy) in the Local Security Policy console (Secpol.msc) The monitored objects must be specified in the Auditing tab in Advanced Security Settings


Event Levels :Event Levels Error Possible loss of data or functionality Such as a malfunctioning network adapter Warning Less significant then errors Such as a nearly full disk Information Other events Such as someone using a printer


Event Logs Summary :Event Logs Summary Click Event Viewer in the left pane For details, click an Event Type, then click "View all instances" in right pane


Viewing Individual Logs and Events :Viewing Individual Logs and Events Level Information, Warning, or Error Date And Time Source The application or system component that generated the event Event ID A very important number to define the event Task Category May give further information about the event


Event Details :Event Details Double-click an event Link at the bottom gives you Microsoft's Web info Eventid.net gives you much better information


Creating a Task to Run When a Specific Event Occurs :Creating a Task to Run When a Specific Event Occurs Connects Task Scheduler to Events


Monitoring Other Computers’ Events with Subscriptions :Monitoring Other Computers’ Events with Subscriptions One Vista computer can gather events from several other Vista computers You have to create special user accounts on the target machines, and open a firewall exception on each machine


Working with Log Files :Working with Log Files By default, logs have a limited size, and eventually overwrite old events Adjust this behavior in a log's Properties


Windows VistaInside Out :Windows VistaInside Out Chapter 23 - Troubleshooting Windows Errors


Editions :Editions These troubleshooting techniques work exactly the same way in all Windows Vista editions


Configuring and Using Windows Error Reporting :Configuring and Using Windows Error Reporting Windows Error Reporting's new features Can automatically transmit information about errors to Microsoft To help them improve Windows Can notify you automatically when an error occurs for which a solution is available Maintains a history of errors on your system


Application Recovery and Restart :Application Recovery and Restart New functions for developers to use in applications Responds to a crash by restarting and reopening the document you were working on Implemented in Microsoft Office 2007


Privacy Concerns :Privacy Concerns Some of the information sent to Microsoft could contain personal information


Windows Error Reporting :Windows Error Reporting Windows Error Reporting gathers the basic information Sends it to Microsoft if you have approved that The Microsoft server tries to find a solution The application restarts, if it can


Setting Windows Error Reporting Options :Setting Windows Error Reporting Options Control Panel System And Maintenance Problem Reports And Solutions Choose How To Check For Solutions


Advanced Error Reporting Options :Advanced Error Reporting Options Advanced Settings


Reviewing the Problem History :Reviewing the Problem History Control Panel System And Maintenance Problem Reports And Solutions View Problem History


Checking for Solutions :Checking for Solutions Control Panel System And Maintenance Problem Reports And Solutions Check For New Solutions


Reliability Monitor :Reliability Monitor Logo, REL


Rolling Back to a Stable State with System Restore :Rolling Back to a Stable State with System Restore System Restore is helpful when You install a program that conflicts with other software or drivers on your system You install a driver that causes performance or stability problems Your system develops performance or stability problems for no apparent reason


System Restore and Viruses :System Restore and Viruses System Restore doesn't remove infections Use antivirus software for that After cleaning a virus, delete your System Restore points to prevent re-infection


Using System Restore :Using System Restore Logo, SYS


System Restore Do’s and Don’ts :System Restore Do’s and Don’ts Newly created user accounts may vanish System Restore does not uninstall programs, although it does remove executable files and DLLs Uninstalling recently installed applications before the restore is best Changes made to your system configuration using the Windows Recovery Environment are not monitored by System Protection (System Restore)


System Restore and Safe Mode :System Restore and Safe Mode You can restore your system to a previous configuration from Safe Mode BUT you cannot create a new restore point in Safe Mode Therefore, you cannot undo a restore operation that you perform in Safe Mode Avoid restoring in Safe Mode


Dealing with Stop Errors :Dealing with Stop Errors Blue Screen of Death (BSOD) Image from link Ch 23a


How Windows Handles Stop Errors :How Windows Handles Stop Errors Displays a STOP error (BSOD) Writes debugging information to the page file When the system restarts, this information is saved as a crash dump file By default, the system restarts


Customizing STOP Error Behavior :Customizing STOP Error Behavior Start Right-click Computer, Properties Advanced System Settings Advanced tab In "Startup and Recovery" section, click Settings


How to Read a Stop Error :How to Read a Stop Error Symbolic error name At the top – here it is BUGCODE_USB_DRIVER Troubleshooting recommendations Error number and parameters After the word STOP


Advice for Dealing with Stop Errors :Advice for Dealing with Stop Errors Look for a driver name Don’t rule out hardware problems Check your memory Logo, MEM for Memory Diagnostics Ask yourself, “What’s new?” Search the Knowledge Base


Advice for Dealing with Stop Errors :Advice for Dealing with Stop Errors Check your system BIOS for updates Are you low on system resources? Check RAM and disk space Try starting in Safe Mode If that works, it's probably a driver problem Try an alternative driver Even one made for a different hardware model in the same family