• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 867
  • Last Modified:

Windows Event Viewer ID Numbers for Shutdown and Restart

Hi guys!

Would love your help.

Ive been accused of shutting down a Windows 2003 Server instead of pressing the Restart button.
Im wondering if any of you gurus out there can quickly tell me what event ids are for Restart and which for Shutdown so "hopefully" I can clear my name?

Thanks guys.

Any help in providing some evidence that i restarted instead of shut down would be greatly appreciated.

Simon
0
Simon336697
Asked:
Simon336697
  • 4
  • 3
  • 3
  • +1
3 Solutions
 
Jay_Jay70Commented:
Hi Simon336697,

do you not use the shutdown event tracker?
0
 
Simon336697Author Commented:
My Apologies.......it is a Windows 2000 Server.

Simon
0
 
Jay_Jay70Commented:
ahhh i see i see, there is no event ID's that i am aware of, it is simply  "the service started successfully" compare that to the time you shutdown/restarted i guess
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
Pete LongTechnical ConsultantCommented:
Correct in 2003 and XP you have systeminfo that would tell you straight away, Server 2000 you have a couple of other options to find out how long a server has been "Up"


1.      Install http://www.lencom.com/desc/indexN15496.html and click the Environmental button.
2.      In the windows Resource kit there’s a small tool called uptime (in the NT resource kit its called uptimei)
3.      From command line issue the following commands

i.      net statistics workstation | more
ii.      net statistics server | more

4.      Click Start >Run >perfmon {enter} Click the + button on the toolbar, under “Performance Object” scroll down to “system”. Then under the “Select Counters from list” option select “System Uptime” look at the bottom of the graph and it will be shown in the duration box.

Also see

PSInfo http://www.sysinternals.com/ntw2k/freeware/psinfo.shtml



NOTE: System shutdown and restarts WOULD be entered into the event log if it was set to audit system events and use of priveledge - but this is disabled by defaulr
0
 
Simon336697Author Commented:
Guys thanks for all your help.

So basically what you are saying is that there is no way to tell whether it was shut down or restarted in its current configuration?

0
 
Jay_Jay70Commented:
pretty much mate
0
 
Pete LongTechnical ConsultantCommented:
The commands above will tell you how long it has been up but not who shut it down :(
0
 
SkUllbloCkCommented:
Hi Simon

Yes unfortunately this is true.
As Jay suggested, you can try go through the event logs, noting the time of other activities from the time you would have restarted the system.
If there is a large "time gap" between the time stamps, then this might mean that the system was shutdown. A way you can check this, is to compare what time the system was "so called" turned back on.
If you are recieving timestamps from between when you restarted the system, and the time the system was rebooted, then the chances are of another cuase in the system shutdown again... Power failure, cords unplugged, another shutdown command.

I hope this helps.
0
 
Simon336697Author Commented:
Thanks everyone for your help!!!

Simon
0
 
Pete LongTechnical ConsultantCommented:
ThanQ
0
 
Jay_Jay70Commented:
:)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now