Solved

How to log when user restarts PC

Posted on 2008-06-19
2
218 Views
Last Modified: 2010-04-11
I need to log when users reboot this certain PC.  I believe I should go under admin tools - local security policy - local policy - audit policy...but I'm not sure which event to start loging and I don't want to log more than I need.  Is there any documentation on what exacly each of these policies track?  If not, can someone tell me which policy I should log to trap the "restart" or "shutdown" of the PC?
0
Comment
Question by:j_donald_c
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 23

Accepted Solution

by:
Danny Child earned 125 total points
ID: 21822584
you can check your System EventLog for event 6005 which shows the Event Log starting up.  This is a good indicator of a reboot.  Also check for 6006 - Event Log Stopping.

Event Type:      Information
Event Source:      EventLog
Event Category:      None
Event ID:      6005
Date:            18/06/2008
Time:            09:12:51
User:            N/A
Computer:      <YourPCname>
Description:
The Event log service was started.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 

Author Comment

by:j_donald_c
ID: 21829855
Thanks.  That will work.  And now I don't have to worry about loging one of these other areas.
0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Suggested Courses

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question