Event Viewer: Windows health check doctor

Source: Internet
Author: User

Source: xiaoxin Technology Network

In Windows and Windows XP, there is a loyal recording of the operating status of the system. every event that occurs from startup, running to shutdown will be recorded, it is the "Event Viewer ". You can use this system maintenance tool to collect information about hardware, software, and system problems, monitor system security events, and record errors or warning events in system and other application programs, it is easy to diagnose and correct system errors and problems. The following describes the practical application of "Event Viewer" through several examples.

  Use Event Viewer

There are two ways to quickly open the Event Viewer:

1. Open it on my computer. Right-click my computer and choose manage. The computer management window is displayed. Under the System Tools tab, click event viewer ".

2. Open the console. Select Start/Control Panel. In the control panel window, click Administrative Tools. In the displayed window, double-click the Event Viewer icon to open the Event Viewer window.

1 shows the system log information of the Event Viewer.


   Monitor access to files and folders

In the office environment, sometimes we need to know whether other users on the computer have accessed the files or folders we restrict. At this time, we use group policies to cooperate, use Event Viewer to monitor user access without affecting users' normal use. Select Start/control panel/Administrative Tools/Local Security Settings/Local Policies/audit policies, right-click Audit object access in the information window on the right and choose security ", in "Local Security Policy Settings", click the required options and confirm. Right-click "start" on the taskbar and choose "Resource Manager", right-click the file or folder to be reviewed, and select "properties ". Then, select "Security/advanced/audit/Add". In the "Select User, computer, or group" dialog box, click the user name or group name of the operation to be reviewed and click OK.

Note: You must log on as an administrator or a member of the Management Group to set file and folder review. Only Administrators can use the Group Policy"

   Monitor System on/off status

When we come out, we sometimes need to know the computer switch situation and whether it is normal to switch the machine. We can use the system logs of the Event Viewer to view the computer's on/off records, because the Log Service will start or shut down along with the computer and leave a record in the log. There are two major event IDs: 6006 and 6005 ". 6005 indicates that the event log service has been started. If the event ID 6005 event is detected in the event viewer, the Windows system is started normally on this day. 6006 indicates that the event log service has stopped (figure 2). If the event ID 6006 is not found in the event viewer, it indicates that the computer has not been shut down normally on this day, it may be because of a system problem or the power supply is directly cut off, and the normal shutdown operation is not performed.



If you are a network administrator, these records are even more important. If you accidentally switch on or off the server, your machine may be attacked.

  Solve the error Prompt window when the machine is started

If you have recently installed or uninstalled some programs or disabled some services for security reasons, you will find that an error Prompt window will pop up each time you start the system, the system prompts "at least one service or driver has an error since the system was started. For more information, use Event Viewer to view event logs ". This type of problem generally occurs when the system cannot find the service program when loading the relevant service and cannot start the service. You can use the Event Viewer to check which service encountered a problem during startup, there are two solutions: one is to understand which programs the service is generated by, whether these services are generated by the operating system or applications, you can solve this problem by uninstalling related applications. Another method is to simply go to the service manager and set the corresponding service to "disabled.

  Analyze the cause of the crash

Compared with Windows 98, Windows 2000 and Windows XP are much more stable and are not prone to crashes. Theoretically, 32-bit Windows 2000 won't crash, but this is only theoretical. Windows 2000 crashes due to virus, hardware, and hardware driver mismatch. When Windows 2000 crashes, the screen turns blue, and a message indicating a crash occurs. View the cause of the problem through the event. If a hardware device fails, you can reinstall the hardware driver or uninstall the hardware. If a software fault occurs, you can unload the corresponding driver, if the warning shows that the disk driver can only read or write data to a certain sector after several retries, the hard disk may be faulty.

Even if your system does not crash, running some programs may pause, or the hard disk of your computer may fail, you can still check the event viewer, check whether there are logs that cannot respond to the hard disk. If the hard disk is damaged, update it as soon as possible to avoid significant data loss.

  Check the reason for the connection failure.

There are many reasons for the inability to access the Internet. The inability to obtain data from the lan dhcp server and the inability to obtain an Internet IP address is one of the most common failures that LAN users cannot access the Internet, through the "Event Viewer", we can easily find that the error event ID number is 1007. You can first check your network cable to see if the connection is normal, if the network line is normal. You can call the network administrator to check whether the DHCP server has stopped working.

If the IP address you are using is the same as the IP address used by others on the network, the network interface will be disabled by the system and cannot be accessed. The error event ID number is 1006, if you find this situation, contact your network administrator.

 Troubleshooting Solution

The above describes the solutions to the problems found in several common event managers, but in practice there may be a variety of problems, for other difficult problems, you can also solve them through two main approaches: "Microsoft online technical support knowledge base" and "Eventid.net Website.

1. Microsoft Knowledge Base

An article in the Microsoft Knowledge Base is composed of official Microsoft documents and technical articles written by Microsoft MVP. It mainly solves Microsoft Product problems and faults. When the Bug and error-prone application points of Microsoft products are discovered, there will be a corresponding KB article to analyze this error solution. The address of Microsoft Knowledge Base is: http://support.microsoft.com, in the "Search (Knowledge Base)" on the left of the web page to enter the relevant keywords for query, event source and ID information. Of course, it is also a good way to enter keywords in the detailed description. If there is an error number in the log, it is also a good idea to enter this error number for query.

2.Eventid.net

To query the solution to the error event, there is actually a better place, that is, Eventid.net website (figure 3), the address is: http://www.eventid.net. This website is hosted by many Microsoft MVPs (most valuable experts) and contains solutions for almost all system events. After logging on to the website, click the Search Events link to display the event Search page. Enter the Event ID and Event Source as prompted, and click the Search button. The Eventid.net system will find all relevant resources and solutions. Most importantly, it is completely free to enjoy these solutions. Of course, paying Eventid.net users can enjoy better services, such as directly accessing the Knowledge Base Article set for an event.


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.