Windows notes

From Federal Burro of Information
Jump to navigationJump to search

for a member of a domain to get the latest time from it's pdc 

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Users\administrator.DOM> netdom query pdc
Primary domain controller for the domain:

GIBDC1
The command completed successfully.


C:\Users\administrator.DOM>


system reboot / power on / off from event log

The clearest most succinct answer I could find is:

How To See PC Startup And Shutdown History In Windows which lists these event ids to monitor (quoted but edited and reformatted from article):

  • Event ID 6005: “The event log service was started.” This is synonymous to system startup.
  • Event ID 6006: “The event log service was stopped.” This is synonymous to system shutdown.
  • Event ID 6008: "The previous system shutdown was unexpected." Records that the system started after it was not shut down properly.
  • Event ID 6009: Indicates the Windows product name, version, build number, service pack number, and operating system type detected at boot time.
  • Event ID 6013: Displays the uptime of the computer. There is no TechNet page for this id.

Add to that a couple more from the Server Fault answers listed in my OP:

  • Event ID 1074: "The process X has initiated the restart / shutdown of computer on behalf of user Y for the following reason: Z." Indicates that an application or a user initiated a restart or shutdown.
  • Event ID 1076: "The reason supplied by user X for the last unexpected shutdown of this computer is: Y." Records when the first user with shutdown privileges logs on to the computer after an unexpected restart or shutdown and supplies a reason for the occurrence.

Windows 10

how I loath thee, let me count the ways 

takeown /f "%WinDir%\System32\GameBarPresenceWriter.exe" /a
icacls "%WinDir%\System32\GameBarPresenceWriter.exe" /grant:r Administrators:F /c
taskkill /im GameBarPresenceWriter.exe /f
move "%WinDir%\System32\GameBarPresenceWriter.exe" "%WinDir%\System32\GameBarPresenceWriter.exe.old"
del "%WinDir%\System32\GameBarPresenceWriter.exe" /s /f /q

Also See

Retrieved from "https://wiki.quadratic.net/index.php?title=Windows_notes&oldid=4610"