Solved

How to log when user restarts PC

Posted on 2008-06-19
2
213 Views
Last Modified: 2010-04-11
I need to log when users reboot this certain PC.  I believe I should go under admin tools - local security policy - local policy - audit policy...but I'm not sure which event to start loging and I don't want to log more than I need.  Is there any documentation on what exacly each of these policies track?  If not, can someone tell me which policy I should log to trap the "restart" or "shutdown" of the PC?
0
Comment
Question by:j_donald_c
2 Comments
 
LVL 23

Accepted Solution

by:
DanCh99 earned 125 total points
ID: 21822584
you can check your System EventLog for event 6005 which shows the Event Log starting up.  This is a good indicator of a reboot.  Also check for 6006 - Event Log Stopping.

Event Type:      Information
Event Source:      EventLog
Event Category:      None
Event ID:      6005
Date:            18/06/2008
Time:            09:12:51
User:            N/A
Computer:      <YourPCname>
Description:
The Event log service was started.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 

Author Comment

by:j_donald_c
ID: 21829855
Thanks.  That will work.  And now I don't have to worry about loging one of these other areas.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Is KairosPlanet a fraud? 6 39
Symantec enterprise client 5 33
Windows 7 Share with XP 22 62
Mobile penetration testing 2 65
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now