A review of the Windows Event Viewer

webr00t

porno

Hanging up on when Windows phones home

An ongoing and daunting topic continues to be managing the information our PCs send back to Microsoft.

Windows 10 has taken “instrumentation” to a new level, but it happens in Windows 7, too, as discussed in a popular forum post. Fellow members offer suggestions for third-party solutions.

The following links are this week’s most interesting Lounge threads, including several other new questions for which you might have answers:

Office Applications
General Productivity	What is “Microsoft Office Single Image 2010?”
Word Processing	Limit the font list in Word 2010?
Spreadsheets	Looking for charting suggestions
	Updating files from the Internet
Databases	Access added to Office 365 Business/Business Premium
Visual Basic for Apps	Help needed: Remove space after footnote
Microsoft Outlook	RSS Feeds duplicate posts
Non-Outlook E-mail	Outlook.com ignores rules
Windows
General Windows	Reliable deep uninstaller
Windows 10	Wireless networking disappeared
	Becoming a self-sufficient computer user
	Insider Preview build 10.0.14965.1000 released
Windows 7	Stop sending info to Microsoft?
	NAS is not listed among network computers
	Ongoing: More on Oct. updating change
Windows Servers	Windows Server 2008 restore problem
Internet/Connectivity
Third-Party Browsers	Replacements for Win Firewall/Defender in Vista
Networking	Best way to connect a router?
Other Technologies
Security & Scams	Can the BIOS become infected?
Hardware	Wireless-module failure after update
Other Applications	DVD-RW erasing problem

Starred posts are particularly useful

If you’re not already a Lounge member, use the quick registration form to sign up for free. The ability to post comments and take advantage of other Lounge features is available only to registered members.

If you’re already registered, you can jump right into today’s discussions in the Lounge.

A review of the Windows Event Viewer

For many Windows 10 users, the relatively rapid changes to the OS have been a frustrating experience — especially with major upgrades such as the Anniversary Update.

Fortunately Win10 has extensive administrative tools that are virtually unchanged from Win7 and Win8.1.

Some of these tools are too deep for the average Windows user. But others such as Event Viewer are both excellent and approachable. Here’s a quick review of how to use the app.

Also, unless you’re a full-time Windows tech, it can be difficult to recall needed diagnostics tools when the unexpected crops up. At the bottom of this column, look for a summary of past Windows Secrets articles on built-in and downloadable troubleshooting tools from Microsoft.

Digging into Windows’ logs of significant events

Event Viewer is used to examine Windows’ many event logs — it doesn’t actually create the logs, it’s simply used to view and filter log information. (System logs are typically stored in the C:\Windows\System32\winevt folder. If you click one of the logs directly, Event Viewer opens.)

It’s important to note that logged events have different levels of “significance”; In truth, many of the items marked “Warning” or “Error” can be and should be ignored — they are minor system errors that don’t really affect the function of Windows or your apps. Of course, there can be logged events that are critical and reflect some sort of obviously bad System behavior. In other words, you’ve turned to Event Viewer because something has clearly broken.

Ironically, Event Viewer’s propensity to log minor problems has involved the tool in tech-support scams. As we’ve reported before, nefarious “support techs” have used Event Viewer to trick PC users into unneeded repairs. The “tech” has the user open the tool; he then claims that the many warnings and errors listed (ones that almost always show up in Event Viewer) are “proof” that the system is in dire need of fixing.

An easy way to launch Event Viewer is to enter it into the Windows search box and click it in the results. But Win10 makes it even easier: simply right-click the Start menu icon and select it from the power-tools list.

The utility opens to a summary screen (Figure 1) of logged application, security, and system events. It’s best to start with Administrative Events — that’s where you’re most likely to find any useful troubleshooting information. You can try the Summary section, but it’s better to click Event Viewer (Local)/Custom Views/Administrative Events in the left nav column. That’ll open a long list of warnings and errors logged over the past few months.

Figure 1. Event Viewer opens with a simple summary screen of notable Windows incidents.

It helps to know approximately when a problem first started. You can then look for warnings and errors listed in that general time frame. If an item looks like it might be related to what’s gone wrong, select it and read the description in the box below the list (Figure 2). The “Source” information can also help. (The “Event Log Online Help” link in the description appears to be broken. On my systems, it went to a generic Microsoft site.)

Figure 2. Event Viewer includes a brief description for each event.

Note that Event Viewer typically won’t state how or why something failed, and the language in the description can be cryptic. So you’ll probably have to go online with what information you’re given. At a minimum, the logged errors and warnings can point you in the right direction for further troubleshooting steps.

To manage what’s shown in the events lists, use the Create Custom View option in the right-hand column. It’ll let you select the event level, time range, log, source, and other criteria.

Figure 3. This custom view will show only critical errors in the Windows Update system.

For more advanced users, Event Viewer can be integrated with Task Scheduler. You can, for example, have a task run automatically in response to a logged event. Check Event Viewer’s local help for details.

Over time, the various logs recorded by Windows can take up a fair amount of space. For example, the Security log on one of my systems was 20MB. You can set the size limit for each log shown in Event Viewer by right-clicking it in the left nav column and selecting Properties. Just keep in mind that the smaller the log-file limit, the fewer events will be retained. By default, the system works on a first-in, first-out basis.

Event Viewer is just as useful for Win10 issues as it has been for Win7. There’s lots of information about the tool online — most of it a repeat of what’s here. But if you use careful searches, you can find ways to use Event Viewer to solve specific problems.

Accessing Windows Update logs in Windows 10

One of the more advanced methods of troubleshooting Windows Update problems is to view the WU log files. But Microsoft made this option considerably more difficult in Windows 10. To create a readable file, you now have to use a PowerShell command.

To do so, open PowerShell and enter Get-WindowsUpdateLog at the command prompt. There are a few switches for this command, described on a TechNet page.

By default, the process creates a text-based .log file on the Windows desktop that you can read in Notepad or some similar app. But you’re probably better off importing the file into Excel, where it’s easier to filter through a possible mountain of useless “GUID=” entries. (This problem seems to vary from system to system.) A TechNet PowerShell forum post has a discussion about running the command and its current usefulness.

If you’re not an expert on the inner workings of Windows, it’s still good to know how to create this file in the event a support (legitimate) tech asks for it.

WS articles on Windows administrator tools

Here’s more information on advanced troubleshooting tools:

• “Exploring Windows’ Administrative Tools: Part 5” (Nov. 15, 2012, Top Story) – The final installment in a five-part series, this article includes links to the other parts.
• “A tour through Windows Process Explorer: Part 2” (Feb. 12, 2015, Best Utilities) — A free Sysinternals tool for digging deep into what’s running on your PC.
• “Solving complex OS issues with Process Monitor” (June 3, 2015, Best Utilities – Another Sysinternals utility for logging Windows activity.
• “A tour through the powerful Autoruns utility” (March 19, 2015, Best Utilities) – A free app that can help find malware that automatically runs on Windows boot.
• “Revisiting MS TechNet’s updated Autoruns utility” (Jan. 21, 2016, Best Utilities) – A description of the new VirusTotal option.