Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4051
  • Last Modified:

winlogon.exe initiated a shutdown

All of my desktop computers (all running XP), and my server randomly have the OS shutdown occur without warning.  It starts happening in the early afternoon around 1:30-ish.  I have done malware and virus scans on all of the computers.  The OS is shutting down.  This is not a power loss issue/power supply problem.  

I have also re-installed XP on two of the computers and did not join them back to the domain.  The also performed unprovoked shutdown of the OS.

I modified the Local Policy to not allow Shutdown from any user.  It still happens.
Since the clean computers are doing the same, I assume that this is happening from a remote entity (LAN or WAN).  

I'm looking for suggestions as to where to go from here.
0
VMaxDawg05
Asked:
VMaxDawg05
  • 4
  • 3
1 Solution
 
Pradeep DubeyConsultantCommented:
Enable shutdown tracker to findout the cause of this shutdown:

Click Start, and then click Run.
Type gpedit.msc, and then click OK.
Expand Computer Configuration, expand Administrative Templates, and then expand System.
Double-click Display Shutdown Event Tracker.
Click Enabled.
In the Shutdown Event Tracker should be displayed box, click Always, and then click OK.

http://support.microsoft.com/kb/293814
0
 
VMaxDawg05Author Commented:
I turned on shutdown tracker on the computers.  One of them shut down anyway.
Log Entry:
Event Type:     Information
Event Source:   USER32
Event Category: None
Event ID:       1074
Date:           06/19/2013
Time:           4:01:34 PM
User:           CLEARVIEW\Julie
Computer:       OPTICAL-DESK
Description:
The process winlogon.exe has initiated the restart of OPTICAL-DESK for the following reason: Other (Unplanned)
 Minor Reason: 0x0
 Shutdown Type: power off
 Comment:

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00               ....  

Interesting.
0
 
Pradeep DubeyConsultantCommented:
So you know who is doing this
User:           CLEARVIEW\Julie

and for why contact her?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
VMaxDawg05Author Commented:
That is the local user that was logged on and using the computer when the shutdown happened.  It was not physically initiated by the user logged in.  The user was talking on the phone when the OS just shut down on her.  I witnessed it happen.   Also, I notice that the log entry says "initiated a restart", but it was actually a shutdown.  Interesting.
0
 
Pradeep DubeyConsultantCommented:
The process winlogon.exe has initiated the restart of OPTICAL-DESK for the following reason: Other (Unplanned)
Shutdown Type: power off

Shutdown type was power off so machine shutdown.

I have a question here:

This type of behavior we have seen when the OS is not activated with the proper license.
OS keep shutting down the machine in specific interval.

Can you find out the interval of these shutdown?
and also check the OS license.
0
 
VMaxDawg05Author Commented:
I will verify the OS on that machine.  It is happening on seemingly all of their desktops randomly.
0
 
VMaxDawg05Author Commented:
all operating systems are activated and are xp except for the server which is server 2008 r2. The interval is random. some days by the time you start up one computer another one or two shut down. then for no reason you can keep all computers up. 20 minutes later a computer shuts down.
0
 
Jakob DigranesSenior ConsultantCommented:
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now