Windows notes: Difference between revisions
From Federal Burro of Information
Jump to navigationJump to search
No edit summary |
No edit summary |
||
| (One intermediate revision by the same user not shown) | |||
| Line 33: | Line 33: | ||
* Event ID 1074: "The process X has initiated the restart / shutdown of computer on behalf of user Y for the following reason: Z." Indicates that an application or a user initiated a restart or shutdown. | * Event ID 1074: "The process X has initiated the restart / shutdown of computer on behalf of user Y for the following reason: Z." Indicates that an application or a user initiated a restart or shutdown. | ||
* Event ID 1076: "The reason supplied by user X for the last unexpected shutdown of this computer is: Y." Records when the first user with shutdown privileges logs on to the computer after an unexpected restart or shutdown and supplies a reason for the occurrence. | * Event ID 1076: "The reason supplied by user X for the last unexpected shutdown of this computer is: Y." Records when the first user with shutdown privileges logs on to the computer after an unexpected restart or shutdown and supplies a reason for the occurrence. | ||
== Windows 10 == | |||
how I loath thee, let me count the ways | |||
takeown /f "%WinDir%\System32\GameBarPresenceWriter.exe" /a | |||
icacls "%WinDir%\System32\GameBarPresenceWriter.exe" /grant:r Administrators:F /c | |||
taskkill /im GameBarPresenceWriter.exe /f | |||
move "%WinDir%\System32\GameBarPresenceWriter.exe" "%WinDir%\System32\GameBarPresenceWriter.exe.old" | |||
del "%WinDir%\System32\GameBarPresenceWriter.exe" /s /f /q | |||
== Also See == | |||
* [[Windows]] | |||
Latest revision as of 03:11, 29 January 2020
for a member of a domain to get the latest time from it's pdc
Microsoft Windows [Version 6.0.6002] Copyright (c) 2006 Microsoft Corporation. All rights reserved. C:\Users\administrator.DOM> netdom query pdc Primary domain controller for the domain: GIBDC1 The command completed successfully. C:\Users\administrator.DOM>
system reboot / power on / off from event log
The clearest most succinct answer I could find is:
How To See PC Startup And Shutdown History In Windows which lists these event ids to monitor (quoted but edited and reformatted from article):
- Event ID 6005: “The event log service was started.” This is synonymous to system startup.
- Event ID 6006: “The event log service was stopped.” This is synonymous to system shutdown.
- Event ID 6008: "The previous system shutdown was unexpected." Records that the system started after it was not shut down properly.
- Event ID 6009: Indicates the Windows product name, version, build number, service pack number, and operating system type detected at boot time.
- Event ID 6013: Displays the uptime of the computer. There is no TechNet page for this id.
Add to that a couple more from the Server Fault answers listed in my OP:
- Event ID 1074: "The process X has initiated the restart / shutdown of computer on behalf of user Y for the following reason: Z." Indicates that an application or a user initiated a restart or shutdown.
- Event ID 1076: "The reason supplied by user X for the last unexpected shutdown of this computer is: Y." Records when the first user with shutdown privileges logs on to the computer after an unexpected restart or shutdown and supplies a reason for the occurrence.
Windows 10
how I loath thee, let me count the ways
takeown /f "%WinDir%\System32\GameBarPresenceWriter.exe" /a icacls "%WinDir%\System32\GameBarPresenceWriter.exe" /grant:r Administrators:F /c taskkill /im GameBarPresenceWriter.exe /f move "%WinDir%\System32\GameBarPresenceWriter.exe" "%WinDir%\System32\GameBarPresenceWriter.exe.old" del "%WinDir%\System32\GameBarPresenceWriter.exe" /s /f /q
