A Windows System Admin's Blog

Covering Server Administration, Endpoint Management, Scripting and Network Management

Get the last Reboot or Shutdown reason and user from the Windows Event Log

Start by going into Event Viewer (Windows+R or the Start Menu and type eventvwr.msc).  Navigate to the System Log under Windows, we then want to use Filter Current Log to allow us to only show Events with certain attributes (such as Source or IDs).

In our case, we want to filter on Event Source: USER32.  Then for Event IDs we want to see only 1074.  If you are after unexpected shutdowns, use 6008.  Once that’s in (like the pic on the right), click OK and this will filter the event log based on our requirements. You can scroll through and see what and who initiated a shutdown.

Leave a Reply

More Posts

An error occurred while attempting to start the selected virtual machine(s) The security ID structure is invalid (0x80070539)

So I was recently working with some really old Virtual machines in a development environment that came across from another organisation. One particular virtual machine gave me an error message when I tried to start it up “An error occurred while attempting to start the selected virtual machine(s)… The security ID structure is invalid (0x80070539)”.  When this happens, […]

Backup MySQL Databases running on a Windows Server using Systems Center Data Protection Manager (DPM) 2012.

Running MySQL on a Windows machine is pretty straight forward.  One of the down sides though is that MySQL is not VSS aware and may mis-behave when back up software such as Data Protection Manager or ShadowProtect.  Data Protection Manager (DPM) has the ability (basically called Pre-Backup and Post-Backup Scripts) to perform actions before and after […]

Renaming a Hyper-V Failover Cluster

If you find yourself taking over a cluster with a name that is silly or doesn’t make sense, you can rename it without much issue. Your main thing to watch out for are backup software that target the cluster (such as Veeam or DPM). You just need to ensure they are reconfigured to use the […]