Solved

Windows 7 Shutdown Tracking ?

Posted on 2014-09-30
9
224 Views
Last Modified: 2014-10-07
At a site there is a user complaining that the Windows 7 machine they are using reboots periodically throughout the day (usually when they are out to lunch). Is there some way, perhaps through extended logging to the event logs or some type of Windows 7 Shutdown Event Tracker that one could track the frequency of the shutdowns as well as the cause of the shutdown ? In other words, if a GPO or Windows Update caused the shutdown have it detail that, or if there was a user-initiated interactive Shut Down from the Start Button to log and detail that as well ?  If the Event Logs and Auditing can be used for this, what specific Auditing features must be enabled and what events should be tracked in the Event Logs (assuming the System Event Log) ?  TIA
0
Comment
Question by:LGroup1
  • 2
  • 2
  • 2
  • +2
9 Comments
 
LVL 94

Assisted Solution

by:John Hurst
John Hurst earned 167 total points
ID: 40352034
I would first look in Windows Event Viewer at time when the restart occurs and see what errors are there.

Second, look in Action Center, Maintenance, Review Reliability History. What errors are occurring when the restart occurs.

Are there updates waiting to occur?  Check Windows Update.

So first, use the tools Windows has, see what they say and then let's go from there.
0
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40352036
Run the following powershell scripts:

get-eventlog -logname system -message "*restart*" | out-file restart.txt
get-eventlog -logname system -message "*shutdown*" | out-file shutdown.txt

Analyze the content of both files to see what might be the cause.
0
 
LVL 8

Assisted Solution

by:Acosta Technology Services
Acosta Technology Services earned 166 total points
ID: 40352041
There are a couple of options for this:

To log shutdown and startup times you can watch for 6006 which is the event log shutting down.  6005 will be logged when the event log service starts back up.

Using a basic remote tool like TurnedOnTimesView can show you exact shutdown and startup times for a remote PC on your network.  This doesn't provide detailed information, but can give you quick access to the information.


This won't give you the ability to see who/what caused the shutdown, but it's the first step in getting there.
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 25

Accepted Solution

by:
Mohammed Khawaja earned 167 total points
ID: 40352044
Modify the script to following to get more details:

get-eventlog -logname system -message "*restart*" | fl* | out-file restart.txt
get-eventlog -logname system -message "*shutdown*" | fl* | out-file shutdown.txt
0
 

Author Closing Comment

by:LGroup1
ID: 40352060
All great answers, thanks all !
0
 
LVL 6

Expert Comment

by:Sir Learnalot
ID: 40352065
There is a registry tweak that enables Shutdown Tracking for Windows 7 (the feature in Windows Server). Would this help? If so, enable shutdown tracking by following these steps:

Using Group Editor:
Type gpedit.msc in start search and hit Enter

Click on Computer Configuration -> Administrative Templates -> System -> Double-click the  "Display Shutdown Event Tracker" policy. Select "Enabled" and pick "Always" from the drop down menu.

If you enable this setting and choose “Always” from the drop-down menu, the Shutdown Event Tracker is displayed when you shut down.

If you don't configure this setting, the default behavior for the Shutdown Event Tracker occurs; it is only displayed on the Windows Server family.

Using the Registry Editor

Type regedit in start search and hit Enter

Navigate to the following key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Reliability

Double click on each of the following values and change them to 1.

    ShutdownReason
    OnShutdownReasonUI

Done :) You now have a dialogue box prompting for a reason for shutdown and a log where this is all tracked every time a shutdown is commenced.
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 40352068
@LGroup1  - Thank you and I was happy to help.
0
 
LVL 6

Expert Comment

by:Sir Learnalot
ID: 40352069
wow lol by the time i finished writing my answer you have like 5 answers above me. Hope you got it done!
0
 

Author Comment

by:LGroup1
ID: 40365734
Sorry I missed that one before I closed the post Sir Learnalot,
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: Lee
Windows 7 Ultimate and Enterprise (and 2008 R2) introduced a new feature you may not be aware of - Boot from VHD.   Boot from VHD (or what Microsoft refers to asNative Boot allows you to install Windows to a VHD (Virtual Hard Disk) file that is t…
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question