Ko je restartovao WIN 2003/2008 server?

Ili, gde gledati u logovima, i šta tačno tražiti da bi se našla informacija o tome ko je, i kada resetovao server.

1. Gde gledati : “Event Viewer”, pod “System” event log
2. System event log filterovati po : “Event ID” 1074, i “Source” : user32. Time će se videti ko (ili šta) je resetovao server.

U logu će pisati ovako nešto :
“The process C:\Windows\system32\winlogon.exe (PSWAPPSRV) has initiated the restart of computer TESTNISERVER on behalf of user MOJDOMEN\mojnalog for the following reason: No title for this reason could be found
Reason Code: 0x500ff
Shutdown Type: restart
Comment: “

Ima i drugi metod, pogledati direktno u Shutdown log na lokaciji : C:\WINDOWS\system32\LogFiles\Shutdown

Dobri linkovi : link1, link2

This entry was posted in Windows and tagged , , , . Bookmark the permalink.

Comments are closed.