38:
2629:
2640:
429:
624:
on a configurable schedule. Event logs can also be remotely viewed from other computers or multiple event logs can be centrally logged and monitored without an agent and managed from a single computer. Events can also be directly associated with tasks, which run in the redesigned
414:
expression, and custom views can be created for one or more events. Using XPath as the query language allows viewing logs related only to a certain subsystem or an issue with only a certain component, archiving select events and sending traces on the fly to support technicians.
138:
to trick the victim into thinking that their computer contains critical errors requiring immediate technical support. An example is the "Administrative Events" field under "Custom Views" which can have over a thousand errors or warnings logged over a month's time.
399:
Analytic and Debug events which are high frequency are directly saved into a trace file while Admin and
Operational events are infrequent enough to allow additional processing without affecting system performance, so they are delivered to the Event Log service.
928:
166:
added the capability for applications to create their own log sources in addition to the three system-defined "System", "Application", and "Security" log-files. Windows 2000 also replaced NT4's Event Viewer with a
908:
370:
log-format and a designated log type to allow applications to more precisely log events and to help make it easier for support technicians and developers to interpret the events.
127:
and operating-system components can use this centralized log service to report events that have taken place, such as a failure to start a component or to complete an action. In
134:
Due to the Event Viewer's routine reporting of minor start-up and processing errors (which do not, in fact, harm or damage the computer), the software is frequently used by
3612:
1644:
349:– a command to create event driven tasks. Discontinued after XP, replaced by the "Attach task to this event" feature, that is, from within the list of events,
1659:
2677:
1824:
901:
702:
3356:
1481:
388:
There are a large number of different types of event logs including
Administrative, Operational, Analytic, and Debug log types. Selecting the
3702:
2515:
894:
150:
The Event Viewer uses event IDs to define the uniquely identifiable events that a
Windows computer can encounter. For example, when a user's
2644:
917:
644:
439:
1894:
1534:
1118:
953:
790:
771:
752:
3310:
2066:
1975:
1491:
1123:
533:<QueryList><Query Path="Security"><Select Path="Security">*="JUser"]]</Select></Query></QueryList>
573:<QueryList><Query Path="Application"><Select Path="Application">*]]</Select></Query></QueryList>
563:<QueryList><Query Path="Security"><Select Path="Security">*] and *]</Select></Query></QueryList>
3806:
1814:
1794:
1757:
1719:
1704:
559:
Select all events in the
Security Event Log where any Data node of the EventData section is "JUser" and the Event ID is "4471"
29:
300:
3607:
3330:
2670:
2560:
2142:
1669:
553:<QueryList><Query Path="Security"><Select Path="Security">*]</Select></Query></QueryList>
543:<QueryList><Query Path="Security"><Select Path="Security">*]</Select></Query></QueryList>
1684:
407:
application. Event attributes are also much more detailed and show EventID, Level, Task, Opcode, and
Keywords properties.
160:
added support for defining "event sources" (i.e. the application which created the event) and performing backups of logs.
3436:
2525:
2394:
2081:
2071:
1945:
1849:
1709:
1066:
1021:
649:
168:
3796:
3747:
3351:
2933:
2633:
2001:
1960:
1859:
1714:
1511:
1226:
1176:
2223:
2103:
1809:
1308:
948:
941:
936:
3801:
3791:
3476:
3471:
3411:
2663:
2555:
2520:
1950:
1940:
1879:
1789:
1679:
1649:
1298:
996:
196:) no longer have a 300-megabyte limit to their total size. Prior to NT 6.0, the system opened on-disk files as
1920:
1864:
1844:
1689:
1458:
1343:
808:
585:
539:
Select all events in the
Security Event Log where any Data node of the EventData section is the string "JUser"
1233:
677:
549:
Select all events in the
Security Event Log where any Data node of the EventData section is "JUser" or "JDoe"
185:
API calls so that applications could register with the security-event logs, and write security-audit entries.
377:
tab in an event's properties. It is also possible to view all potential events, their structures, registered
2505:
2500:
2344:
2339:
2299:
2259:
2209:
1955:
1699:
1694:
1569:
1544:
1506:
1476:
1426:
1238:
1161:
1086:
1006:
981:
3325:
3064:
2782:
2689:
2485:
2449:
2061:
2046:
1804:
1762:
1654:
1584:
1501:
1486:
1081:
654:
638:
327:
135:
3770:
3275:
2897:
2892:
2887:
2882:
2614:
2434:
2379:
2319:
2304:
2113:
1784:
1739:
1596:
1549:
529:
Select all events in the
Security Event Log where the account name involved (TargetUserName) is "JUser"
112:
37:
612:
2.0. The Event
Collector service can automatically forward event logs to other remote systems, running
3765:
3760:
3658:
3426:
3176:
3166:
3069:
2599:
2594:
2439:
2409:
2374:
2264:
1970:
1965:
1869:
1819:
1777:
1747:
1634:
1221:
1186:
1133:
1071:
337:– Official script to query, filter and output results based on the event logs. Discontinued after XP.
286:
124:
3557:
3335:
3280:
2787:
2655:
2540:
2399:
2354:
2329:
2284:
2230:
2029:
1884:
1767:
1216:
1201:
1141:
1061:
1031:
621:
617:
289:
274:
269:
193:
178:
84:
3262:
3252:
3003:
2545:
2495:
2269:
2188:
2174:
2093:
1799:
1639:
1606:
1579:
1574:
1248:
1151:
1146:
1046:
363:
204:
197:
396:
pane reveals numerous new subcategorized event logs, including many labeled as diagnostic logs.
3527:
2928:
2845:
2834:
2686:
2609:
2535:
2490:
2389:
2384:
2359:
2314:
2279:
2149:
1453:
1263:
1096:
866:
682:
262:
65:
3732:
3270:
3115:
3110:
3100:
2973:
2719:
2550:
2459:
2294:
2237:
2195:
2056:
2024:
1980:
1935:
1854:
1614:
1411:
1288:
1278:
1041:
1036:
875:
281:
257:
108:
89:
60:
3692:
3666:
3421:
3320:
3247:
3196:
3186:
3161:
3074:
3059:
2983:
2907:
2586:
2469:
2444:
2429:
2419:
2369:
2364:
2118:
1752:
1468:
1333:
1323:
1268:
1253:
1111:
1001:
720:
3722:
3502:
3315:
3290:
3237:
3217:
3181:
3156:
3146:
3136:
3044:
3039:
2824:
2792:
2756:
2751:
2746:
2076:
1619:
1431:
1421:
1406:
1338:
1206:
1181:
1156:
1106:
1076:
986:
626:
609:
157:
151:
450:
3785:
3697:
3386:
3222:
3191:
3013:
3008:
2902:
2839:
2797:
2741:
2693:
2565:
2424:
2324:
1664:
1624:
1401:
1376:
1368:
1303:
1171:
971:
613:
200:
in kernel memory space, which used the same memory pools as other kernel components.
189:
128:
3717:
3712:
3232:
3034:
2735:
2334:
2289:
2216:
2181:
1889:
1839:
1629:
1381:
1328:
1293:
1211:
1191:
991:
163:
839:
3537:
3366:
3018:
2958:
2704:
2404:
2349:
2254:
2108:
1996:
1874:
1729:
1521:
1496:
1091:
886:
3567:
3466:
3456:
2714:
2309:
2133:
1674:
1564:
1438:
1358:
1283:
1101:
809:"Microsoft's Implementation and Limitations of XPath 1.0 in Windows Event Log"
323:
227:
105:
48:
3742:
3451:
2988:
2829:
1930:
1925:
1559:
1448:
1396:
1166:
818:
730:
703:""I am calling you from Windows": A tech support scammer dials Ars Technica"
687:
592:
411:
403:
Events are published asynchronously to reduce the performance impact on the
232:
101:
53:
28:
3638:
3597:
3577:
3572:
3562:
3547:
3532:
3497:
3492:
3406:
3401:
3376:
3371:
3300:
3295:
3151:
3120:
3084:
3079:
3049:
2993:
2963:
2953:
2948:
2943:
2938:
2856:
2510:
2414:
2274:
2034:
1899:
1529:
1386:
1273:
1258:
1196:
1056:
1016:
525:
Here are examples of simple custom filters for the new Window Event Log:
366:
architecture on
Windows Vista. It has been rewritten around a structured
172:
343:– a command (continued in Vista and 7) to put custom events in the logs.
3737:
3671:
3643:
3633:
3628:
3602:
3592:
3587:
3542:
3522:
3461:
3446:
3441:
3416:
3396:
3381:
3242:
2861:
2803:
2709:
2530:
2464:
2202:
2088:
2051:
2039:
1724:
1443:
1416:
1391:
1353:
1051:
976:
569:
Real-world example for a package called Goldmine which has two @Names
3727:
3676:
3648:
3517:
3431:
3285:
3201:
3171:
3141:
2978:
2923:
2819:
2772:
2604:
2454:
2123:
1904:
1829:
521:
Paste the query into the text box. Sample queries can be found below.
410:
Users can filter event logs by one or more criteria or by a limited
492:
Select the log file that is of interest (In the example below, the
3707:
3582:
3552:
3391:
3227:
3105:
3054:
2998:
2968:
2866:
2850:
2813:
2808:
2777:
2570:
2006:
1834:
1539:
1313:
1026:
629:
and trigger automated actions when particular events take place.
3361:
3305:
2098:
1772:
1591:
1554:
813:
725:
2659:
890:
147:
Windows NT has featured event logs since its release in 1993.
2016:
1348:
1318:
1243:
879:
870:
422:
367:
462:
454:
840:"Powershell script to filter events using an Xpath query"
373:
The XML representation of the event can be viewed on the
458:
188:
Versions of Windows based on the Windows NT 6.0 kernel (
446:
16:
Component of Microsoft's Windows NT operating system
3685:
3657:
3621:
3485:
3344:
3261:
3210:
3129:
3093:
3027:
2916:
2875:
2765:
2728:
2583:
2478:
2247:
2166:
2159:
2132:
2015:
1989:
1913:
1738:
1605:
1520:
1467:
1367:
1132:
962:
295:
280:
268:
256:
238:
226:
83:
71:
59:
47:
353:on a single event and select from the pop-up menu.
678:"New tools for Event Management in Windows Vista"
2671:
902:
154:fails, the system may generate Event ID 672.
8:
221:
111:that lets administrators and users view the
21:
385:utility, even before the events are fired.
2678:
2664:
2656:
2639:
2163:
909:
895:
887:
721:"AuthzInstallSecurityEventSource Function"
672:
670:
222:eventquery.vbs, eventcreate, eventtriggers
220:
20:
131:, Microsoft overhauled the event system.
608:include the Event Collector service and
499:Right-click on the Event Log and select
350:
210:typically appear in a directory such as
666:
440:instructions, advice, or how-to content
588:to Microsoft's implementation of XPath
2516:Next-Generation Secure Computing Base
362:Event Viewer consists of a rewritten
7:
645:List of Microsoft Windows components
1645:Distributed Transaction Coordinator
449:so that it is more encyclopedic or
330:tools, useful to task automation:
1976:User Interface Privilege Isolation
701:Anderson, Nate (October 4, 2012).
381:and their configuration using the
14:
183:AuthzInstallSecurityEventSource()
2638:
2628:
2627:
427:
212:C:\Windows\System32\winevt\Logs\
123:, on a local or remote machine.
36:
27:
1705:Remote Differential Compression
2561:Windows System Assessment Tool
1:
505:Change the selected tab from
1850:Open XML Paper Specification
1710:Remote Installation Services
918:Microsoft Windows components
650:Microsoft Management Console
203:Event Viewer log-files with
169:Microsoft Management Console
115:, typically file extensions
2002:Windows Subsystem for Linux
1961:Mandatory Integrity Control
1715:Windows Deployment Services
1512:Wireless Zero Configuration
3823:
2104:Universal Windows Platform
1810:Kernel Transaction Manager
1795:Hardware Abstraction Layer
1492:Multimedia Class Scheduler
867:Event Viewer - Inside Show
789:LLC), Tara Meyer (Aquent.
770:LLC), Tara Meyer (Aquent.
751:LLC), Tara Meyer (Aquent.
326:introduced a set of three
136:technical support scammers
42:Event Viewer in Windows 10
3756:
2700:
2623:
2556:Windows Services for UNIX
1941:Data Execution Prevention
1790:Graphics Device Interface
1680:Network Access Protection
1299:Remote Desktop Connection
924:
878:(Windows Server 2008) on
419:Filtering using XPath 1.0
364:event tracing and logging
35:
26:
1921:Security and Maintenance
1865:Security Account Manager
1459:Windows XP visual styles
2506:Media Control Interface
2340:Help and Support Center
1956:Kernel Patch Protection
1720:System Resource Manager
1700:Remote Desktop Services
1695:Print Services for UNIX
1477:Service Control Manager
1087:Windows Error Reporting
1007:DirectX Diagnostic Tool
3807:Windows administration
2729:File system navigation
2486:Desktop Cleanup Wizard
2062:COM Structured storage
1763:Desktop Window Manager
1655:Windows Media Services
655:Technical support scam
639:Common Log File System
622:Windows Server 2003 R2
593:XPath string functions
483:Open Windows Event Log
328:command-line interface
244:; 22 years ago
217:Command-line interface
3771:Windows Support Tools
3766:Environment variables
2114:Windows Mixed Reality
1785:Enhanced Write Filter
1635:Roaming user profiles
501:Filter Current Log...
242:October 25, 2001
3761:List of DOS commands
3659:Software development
3486:Maintenance and care
2395:Mobile Device Center
2345:Health & Fitness
2143:Solitaire Collection
1971:User Account Control
1966:Protected Media Path
1870:Server Message Block
1820:Logical Disk Manager
1072:System Policy Editor
1057:System Configuration
595:will result in error
517:Edit query manually'
2541:Virtual DOS machine
1885:System Idle Process
1860:Resource Protection
1768:Portable Executable
1660:Active DRM Services
1062:System File Checker
1032:Performance Monitor
618:Windows Server 2008
447:rewrite the content
290:commercial software
223:
198:memory-mapped files
194:Windows Server 2008
179:Windows Server 2003
75:Windows Event log (
23:
3797:Windows components
2715:Windows PowerShell
2546:Windows on Windows
2270:Backup and Restore
2082:Transaction Server
1800:I/O request packet
1640:Folder redirection
1309:Speech Recognition
1067:System Information
1022:Management Console
863:Official sources:
795:docs.microsoft.com
776:docs.microsoft.com
757:docs.microsoft.com
496:event log is used)
205:filename extension
100:is a component of
3779:
3778:
2653:
2652:
2579:
2578:
2536:Video for Windows
2491:Games for Windows
2360:Internet Explorer
1454:Windows Spotlight
1097:Windows Installer
876:Events and Errors
606:event subscribers
600:Event subscribers
515:Check the box to
480:
479:
321:
320:
313:/windows-commands
263:Microsoft Windows
95:
94:
66:Microsoft Windows
3814:
3802:Computer logging
3792:Windows commands
3130:User environment
2720:Recovery Console
2680:
2673:
2666:
2657:
2642:
2641:
2631:
2630:
2551:Windows SideShow
2330:Food & Drink
2224:Spider Solitaire
2164:
2057:ActiveX Document
2025:Active Scripting
1981:Windows Firewall
1936:Credential Guard
1615:Active Directory
1412:Indexing Service
1042:Resource Monitor
1037:Recovery Console
911:
904:
897:
888:
851:
850:
848:
846:
836:
830:
829:
827:
825:
805:
799:
798:
786:
780:
779:
767:
761:
760:
753:"Eventquery.vbs"
748:
742:
741:
739:
737:
717:
711:
710:
698:
692:
691:
690:. November 2006.
674:
574:
564:
554:
544:
534:
475:
472:
466:
431:
430:
423:
405:event publishing
390:Application Logs
379:event publishers
348:
342:
336:
317:
314:
312:
310:
308:
306:
304:
302:
258:Operating system
252:
250:
245:
224:
213:
209:
184:
122:
118:
109:operating system
90:Utility software
78:
61:Operating system
40:
31:
24:
22:Event Viewer Log
3822:
3821:
3817:
3816:
3815:
3813:
3812:
3811:
3782:
3781:
3780:
3775:
3752:
3681:
3653:
3622:Boot management
3617:
3481:
3340:
3257:
3206:
3125:
3089:
3023:
2917:Disk management
2912:
2871:
2766:File management
2761:
2724:
2696:
2684:
2654:
2649:
2619:
2587:Microsoft Store
2585:
2575:
2521:POSIX subsystem
2501:File Protection
2474:
2445:Program Manager
2430:Phone Companion
2420:Outlook Express
2370:Make Compatible
2300:Desktop Gadgets
2260:Anytime Upgrade
2243:
2155:
2128:
2119:Windows Runtime
2011:
1985:
1951:Family features
1909:
1734:
1690:DFS Replication
1601:
1516:
1507:Error Reporting
1463:
1363:
1239:Mobility Center
1234:Movies & TV
1128:
1112:Windows Insider
1002:Driver Verifier
997:Drive Optimizer
964:
958:
949:Booting process
920:
915:
880:Microsoft Learn
871:Microsoft Learn
860:
855:
854:
844:
842:
838:
837:
833:
823:
821:
807:
806:
802:
791:"Eventtriggers"
788:
787:
783:
769:
768:
764:
750:
749:
745:
735:
733:
719:
718:
714:
700:
699:
695:
676:
675:
668:
663:
635:
602:
572:
562:
552:
542:
532:
476:
470:
467:
444:
432:
428:
421:
360:
352:
346:
340:
334:
311:/administration
309:/windows-server
299:
248:
246:
243:
239:Initial release
219:
211:
207:
182:
145:
120:
116:
76:
43:
17:
12:
11:
5:
3820:
3818:
3810:
3809:
3804:
3799:
3794:
3784:
3783:
3777:
3776:
3774:
3773:
3768:
3763:
3757:
3754:
3753:
3751:
3750:
3745:
3740:
3735:
3730:
3725:
3720:
3715:
3710:
3705:
3700:
3695:
3689:
3687:
3683:
3682:
3680:
3679:
3674:
3669:
3663:
3661:
3655:
3654:
3652:
3651:
3646:
3641:
3636:
3631:
3625:
3623:
3619:
3618:
3616:
3615:
3610:
3605:
3600:
3595:
3590:
3585:
3580:
3575:
3570:
3565:
3560:
3555:
3550:
3545:
3540:
3535:
3530:
3525:
3520:
3515:
3510:
3505:
3500:
3495:
3489:
3487:
3483:
3482:
3480:
3479:
3474:
3469:
3464:
3459:
3454:
3449:
3444:
3439:
3434:
3429:
3424:
3419:
3414:
3409:
3404:
3399:
3394:
3389:
3384:
3379:
3374:
3369:
3364:
3359:
3354:
3348:
3346:
3342:
3341:
3339:
3338:
3333:
3328:
3323:
3318:
3313:
3308:
3303:
3298:
3293:
3288:
3283:
3278:
3273:
3267:
3265:
3259:
3258:
3256:
3255:
3250:
3245:
3240:
3235:
3230:
3225:
3220:
3214:
3212:
3208:
3207:
3205:
3204:
3199:
3194:
3189:
3184:
3179:
3174:
3169:
3164:
3159:
3154:
3149:
3144:
3139:
3133:
3131:
3127:
3126:
3124:
3123:
3118:
3113:
3108:
3103:
3097:
3095:
3091:
3090:
3088:
3087:
3082:
3077:
3072:
3067:
3062:
3057:
3052:
3047:
3042:
3037:
3031:
3029:
3025:
3024:
3022:
3021:
3016:
3011:
3006:
3001:
2996:
2991:
2986:
2981:
2976:
2971:
2966:
2961:
2956:
2951:
2946:
2941:
2936:
2931:
2926:
2920:
2918:
2914:
2913:
2911:
2910:
2905:
2900:
2895:
2890:
2885:
2879:
2877:
2873:
2872:
2870:
2869:
2864:
2859:
2854:
2848:
2843:
2837:
2832:
2827:
2822:
2817:
2811:
2806:
2801:
2795:
2790:
2785:
2780:
2775:
2769:
2767:
2763:
2762:
2760:
2759:
2754:
2749:
2744:
2739:
2732:
2730:
2726:
2725:
2723:
2722:
2717:
2712:
2710:Command Prompt
2707:
2701:
2698:
2697:
2694:shell builtins
2685:
2683:
2682:
2675:
2668:
2660:
2651:
2650:
2648:
2647:
2636:
2624:
2621:
2620:
2618:
2617:
2612:
2607:
2602:
2597:
2591:
2589:
2581:
2580:
2577:
2576:
2574:
2573:
2568:
2563:
2558:
2553:
2548:
2543:
2538:
2533:
2528:
2523:
2518:
2513:
2508:
2503:
2498:
2493:
2488:
2482:
2480:
2476:
2475:
2473:
2472:
2467:
2462:
2457:
2452:
2450:Steps Recorder
2447:
2442:
2437:
2432:
2427:
2422:
2417:
2412:
2407:
2402:
2397:
2392:
2387:
2382:
2377:
2372:
2367:
2362:
2357:
2352:
2347:
2342:
2337:
2332:
2327:
2322:
2317:
2312:
2307:
2302:
2297:
2292:
2287:
2282:
2277:
2272:
2267:
2262:
2257:
2251:
2249:
2245:
2244:
2242:
2241:
2234:
2227:
2220:
2213:
2206:
2199:
2192:
2185:
2178:
2170:
2168:
2161:
2157:
2156:
2154:
2153:
2146:
2138:
2136:
2130:
2129:
2127:
2126:
2121:
2116:
2111:
2106:
2101:
2096:
2091:
2086:
2085:
2084:
2079:
2077:OLE Automation
2074:
2069:
2064:
2059:
2054:
2044:
2043:
2042:
2037:
2032:
2021:
2019:
2013:
2012:
2010:
2009:
2004:
1999:
1993:
1991:
1987:
1986:
1984:
1983:
1978:
1973:
1968:
1963:
1958:
1953:
1948:
1943:
1938:
1933:
1928:
1923:
1917:
1915:
1911:
1910:
1908:
1907:
1902:
1897:
1892:
1887:
1882:
1877:
1872:
1867:
1862:
1857:
1852:
1847:
1845:Object Manager
1842:
1837:
1832:
1827:
1822:
1817:
1812:
1807:
1805:Imaging Format
1802:
1797:
1792:
1787:
1782:
1781:
1780:
1775:
1765:
1760:
1755:
1750:
1744:
1742:
1736:
1735:
1733:
1732:
1727:
1722:
1717:
1712:
1707:
1702:
1697:
1692:
1687:
1682:
1677:
1672:
1667:
1662:
1657:
1652:
1647:
1642:
1637:
1632:
1627:
1622:
1617:
1611:
1609:
1603:
1602:
1600:
1599:
1594:
1589:
1588:
1587:
1582:
1577:
1572:
1567:
1562:
1552:
1547:
1542:
1537:
1532:
1526:
1524:
1518:
1517:
1515:
1514:
1509:
1504:
1502:Task Scheduler
1499:
1494:
1489:
1484:
1479:
1473:
1471:
1465:
1464:
1462:
1461:
1456:
1451:
1446:
1441:
1436:
1435:
1434:
1432:Special folder
1429:
1424:
1419:
1414:
1404:
1399:
1394:
1389:
1384:
1379:
1373:
1371:
1365:
1364:
1362:
1361:
1356:
1351:
1346:
1344:Voice Recorder
1341:
1336:
1331:
1326:
1321:
1316:
1311:
1306:
1301:
1296:
1291:
1286:
1281:
1276:
1271:
1266:
1261:
1256:
1251:
1246:
1241:
1236:
1231:
1230:
1229:
1219:
1214:
1209:
1204:
1199:
1194:
1189:
1184:
1179:
1174:
1169:
1164:
1159:
1154:
1149:
1144:
1138:
1136:
1130:
1129:
1127:
1126:
1121:
1116:
1115:
1114:
1107:Windows Update
1104:
1099:
1094:
1089:
1084:
1079:
1077:System Restore
1074:
1069:
1064:
1059:
1054:
1049:
1044:
1039:
1034:
1029:
1024:
1019:
1014:
1009:
1004:
999:
994:
989:
987:Device Manager
984:
979:
977:Command Prompt
974:
968:
966:
960:
959:
957:
956:
951:
946:
945:
944:
939:
931:
925:
922:
921:
916:
914:
913:
906:
899:
891:
885:
884:
883:
882:
873:
859:
858:External links
856:
853:
852:
831:
800:
781:
762:
743:
712:
693:
665:
664:
662:
659:
658:
657:
652:
647:
642:
634:
631:
627:Task Scheduler
610:Task Scheduler
601:
598:
597:
596:
591:Queries using
589:
578:
577:
576:
575:
567:
566:
565:
557:
556:
555:
547:
546:
545:
537:
536:
535:
523:
522:
519:
513:
503:
497:
490:
484:
478:
477:
435:
433:
426:
420:
417:
359:
356:
355:
354:
344:
338:
335:eventquery.vbs
319:
318:
297:
293:
292:
284:
278:
277:
272:
266:
265:
260:
254:
253:
240:
236:
235:
230:
218:
215:
158:Windows NT 4.0
152:authentication
144:
141:
93:
92:
87:
81:
80:
73:
69:
68:
63:
57:
56:
51:
45:
44:
41:
33:
32:
15:
13:
10:
9:
6:
4:
3:
2:
3819:
3808:
3805:
3803:
3800:
3798:
3795:
3793:
3790:
3789:
3787:
3772:
3769:
3767:
3764:
3762:
3759:
3758:
3755:
3749:
3746:
3744:
3741:
3739:
3736:
3734:
3731:
3729:
3726:
3724:
3721:
3719:
3716:
3714:
3711:
3709:
3706:
3704:
3701:
3699:
3696:
3694:
3691:
3690:
3688:
3686:Miscellaneous
3684:
3678:
3675:
3673:
3670:
3668:
3665:
3664:
3662:
3660:
3656:
3650:
3647:
3645:
3642:
3640:
3637:
3635:
3632:
3630:
3627:
3626:
3624:
3620:
3614:
3611:
3609:
3606:
3604:
3601:
3599:
3596:
3594:
3591:
3589:
3586:
3584:
3581:
3579:
3576:
3574:
3571:
3569:
3566:
3564:
3561:
3559:
3556:
3554:
3551:
3549:
3546:
3544:
3541:
3539:
3536:
3534:
3531:
3529:
3526:
3524:
3521:
3519:
3516:
3514:
3513:eventtriggers
3511:
3509:
3506:
3504:
3501:
3499:
3496:
3494:
3491:
3490:
3488:
3484:
3478:
3475:
3473:
3470:
3468:
3465:
3463:
3460:
3458:
3455:
3453:
3450:
3448:
3445:
3443:
3440:
3438:
3435:
3433:
3430:
3428:
3425:
3423:
3420:
3418:
3415:
3413:
3410:
3408:
3405:
3403:
3400:
3398:
3395:
3393:
3390:
3388:
3385:
3383:
3380:
3378:
3375:
3373:
3370:
3368:
3365:
3363:
3360:
3358:
3355:
3353:
3350:
3349:
3347:
3343:
3337:
3334:
3332:
3329:
3327:
3324:
3322:
3319:
3317:
3314:
3312:
3309:
3307:
3304:
3302:
3299:
3297:
3294:
3292:
3289:
3287:
3284:
3282:
3279:
3277:
3274:
3272:
3269:
3268:
3266:
3264:
3260:
3254:
3251:
3249:
3246:
3244:
3241:
3239:
3236:
3234:
3231:
3229:
3226:
3224:
3221:
3219:
3216:
3215:
3213:
3211:File contents
3209:
3203:
3200:
3198:
3195:
3193:
3190:
3188:
3185:
3183:
3180:
3178:
3175:
3173:
3170:
3168:
3165:
3163:
3160:
3158:
3155:
3153:
3150:
3148:
3145:
3143:
3140:
3138:
3135:
3134:
3132:
3128:
3122:
3119:
3117:
3114:
3112:
3109:
3107:
3104:
3102:
3099:
3098:
3096:
3092:
3086:
3083:
3081:
3078:
3076:
3073:
3071:
3068:
3066:
3063:
3061:
3058:
3056:
3053:
3051:
3048:
3046:
3043:
3041:
3038:
3036:
3033:
3032:
3030:
3026:
3020:
3017:
3015:
3012:
3010:
3007:
3005:
3002:
3000:
2997:
2995:
2992:
2990:
2987:
2985:
2982:
2980:
2977:
2975:
2972:
2970:
2967:
2965:
2962:
2960:
2957:
2955:
2952:
2950:
2947:
2945:
2942:
2940:
2937:
2935:
2932:
2930:
2927:
2925:
2922:
2921:
2919:
2915:
2909:
2906:
2904:
2901:
2899:
2896:
2894:
2891:
2889:
2886:
2884:
2881:
2880:
2878:
2874:
2868:
2865:
2863:
2860:
2858:
2855:
2852:
2849:
2847:
2844:
2841:
2838:
2836:
2833:
2831:
2828:
2826:
2823:
2821:
2818:
2815:
2812:
2810:
2807:
2805:
2802:
2799:
2796:
2794:
2791:
2789:
2786:
2784:
2781:
2779:
2776:
2774:
2771:
2770:
2768:
2764:
2758:
2755:
2753:
2750:
2748:
2745:
2743:
2740:
2737:
2734:
2733:
2731:
2727:
2721:
2718:
2716:
2713:
2711:
2708:
2706:
2703:
2702:
2699:
2695:
2692:programs and
2691:
2688:
2681:
2676:
2674:
2669:
2667:
2662:
2661:
2658:
2646:
2637:
2635:
2626:
2625:
2622:
2616:
2613:
2611:
2608:
2606:
2603:
2601:
2598:
2596:
2593:
2592:
2590:
2588:
2582:
2572:
2569:
2567:
2566:Windows To Go
2564:
2562:
2559:
2557:
2554:
2552:
2549:
2547:
2544:
2542:
2539:
2537:
2534:
2532:
2529:
2527:
2524:
2522:
2519:
2517:
2514:
2512:
2509:
2507:
2504:
2502:
2499:
2497:
2494:
2492:
2489:
2487:
2484:
2483:
2481:
2477:
2471:
2468:
2466:
2463:
2461:
2458:
2456:
2453:
2451:
2448:
2446:
2443:
2441:
2438:
2436:
2435:Photo Gallery
2433:
2431:
2428:
2426:
2423:
2421:
2418:
2416:
2413:
2411:
2408:
2406:
2403:
2401:
2398:
2396:
2393:
2391:
2388:
2386:
2383:
2381:
2380:Meeting Space
2378:
2376:
2373:
2371:
2368:
2366:
2363:
2361:
2358:
2356:
2353:
2351:
2350:HyperTerminal
2348:
2346:
2343:
2341:
2338:
2336:
2333:
2331:
2328:
2326:
2323:
2321:
2320:Easy Transfer
2318:
2316:
2313:
2311:
2308:
2306:
2303:
2301:
2298:
2296:
2293:
2291:
2288:
2286:
2283:
2281:
2278:
2276:
2273:
2271:
2268:
2266:
2263:
2261:
2258:
2256:
2253:
2252:
2250:
2246:
2240:
2239:
2235:
2233:
2232:
2228:
2226:
2225:
2221:
2219:
2218:
2214:
2212:
2211:
2207:
2205:
2204:
2200:
2198:
2197:
2193:
2191:
2190:
2186:
2184:
2183:
2179:
2177:
2176:
2172:
2171:
2169:
2165:
2162:
2158:
2152:
2151:
2147:
2145:
2144:
2140:
2139:
2137:
2135:
2131:
2125:
2122:
2120:
2117:
2115:
2112:
2110:
2107:
2105:
2102:
2100:
2097:
2095:
2092:
2090:
2087:
2083:
2080:
2078:
2075:
2073:
2070:
2068:
2065:
2063:
2060:
2058:
2055:
2053:
2050:
2049:
2048:
2045:
2041:
2038:
2036:
2033:
2031:
2028:
2027:
2026:
2023:
2022:
2020:
2018:
2014:
2008:
2005:
2003:
2000:
1998:
1995:
1994:
1992:
1990:Compatibility
1988:
1982:
1979:
1977:
1974:
1972:
1969:
1967:
1964:
1962:
1959:
1957:
1954:
1952:
1949:
1947:
1944:
1942:
1939:
1937:
1934:
1932:
1929:
1927:
1924:
1922:
1919:
1918:
1916:
1912:
1906:
1903:
1901:
1898:
1896:
1893:
1891:
1888:
1886:
1883:
1881:
1878:
1876:
1873:
1871:
1868:
1866:
1863:
1861:
1858:
1856:
1853:
1851:
1848:
1846:
1843:
1841:
1838:
1836:
1833:
1831:
1828:
1826:
1823:
1821:
1818:
1816:
1815:Library files
1813:
1811:
1808:
1806:
1803:
1801:
1798:
1796:
1793:
1791:
1788:
1786:
1783:
1779:
1776:
1774:
1771:
1770:
1769:
1766:
1764:
1761:
1759:
1756:
1754:
1751:
1749:
1746:
1745:
1743:
1741:
1737:
1731:
1728:
1726:
1723:
1721:
1718:
1716:
1713:
1711:
1708:
1706:
1703:
1701:
1698:
1696:
1693:
1691:
1688:
1686:
1683:
1681:
1678:
1676:
1673:
1671:
1668:
1666:
1663:
1661:
1658:
1656:
1653:
1651:
1648:
1646:
1643:
1641:
1638:
1636:
1633:
1631:
1628:
1626:
1623:
1621:
1618:
1616:
1613:
1612:
1610:
1608:
1604:
1598:
1595:
1593:
1590:
1586:
1583:
1581:
1578:
1576:
1575:Reparse point
1573:
1571:
1568:
1566:
1563:
1561:
1558:
1557:
1556:
1553:
1551:
1548:
1546:
1543:
1541:
1538:
1536:
1533:
1531:
1528:
1527:
1525:
1523:
1519:
1513:
1510:
1508:
1505:
1503:
1500:
1498:
1495:
1493:
1490:
1488:
1485:
1483:
1480:
1478:
1475:
1474:
1472:
1470:
1466:
1460:
1457:
1455:
1452:
1450:
1447:
1445:
1442:
1440:
1437:
1433:
1430:
1428:
1425:
1423:
1420:
1418:
1415:
1413:
1410:
1409:
1408:
1405:
1403:
1400:
1398:
1395:
1393:
1390:
1388:
1385:
1383:
1380:
1378:
1377:Action Center
1375:
1374:
1372:
1370:
1366:
1360:
1357:
1355:
1352:
1350:
1347:
1345:
1342:
1340:
1337:
1335:
1332:
1330:
1327:
1325:
1322:
1320:
1317:
1315:
1312:
1310:
1307:
1305:
1304:Snipping Tool
1302:
1300:
1297:
1295:
1292:
1290:
1287:
1285:
1282:
1280:
1277:
1275:
1272:
1270:
1267:
1265:
1262:
1260:
1257:
1255:
1252:
1250:
1247:
1245:
1242:
1240:
1237:
1235:
1232:
1228:
1225:
1224:
1223:
1220:
1218:
1215:
1213:
1210:
1208:
1205:
1203:
1200:
1198:
1195:
1193:
1190:
1188:
1185:
1183:
1180:
1178:
1175:
1173:
1170:
1168:
1165:
1163:
1162:Character Map
1160:
1158:
1155:
1153:
1150:
1148:
1145:
1143:
1140:
1139:
1137:
1135:
1131:
1125:
1122:
1120:
1117:
1113:
1110:
1109:
1108:
1105:
1103:
1100:
1098:
1095:
1093:
1090:
1088:
1085:
1083:
1080:
1078:
1075:
1073:
1070:
1068:
1065:
1063:
1060:
1058:
1055:
1053:
1050:
1048:
1045:
1043:
1040:
1038:
1035:
1033:
1030:
1028:
1025:
1023:
1020:
1018:
1015:
1013:
1010:
1008:
1005:
1003:
1000:
998:
995:
993:
990:
988:
985:
983:
982:Control Panel
980:
978:
975:
973:
972:App Installer
970:
969:
967:
961:
955:
952:
950:
947:
943:
940:
938:
935:
934:
933:Architecture
932:
930:
927:
926:
923:
919:
912:
907:
905:
900:
898:
893:
892:
889:
881:
877:
874:
872:
868:
865:
864:
862:
861:
857:
845:September 20,
841:
835:
832:
820:
816:
815:
810:
804:
801:
796:
792:
785:
782:
777:
773:
772:"Eventcreate"
766:
763:
758:
754:
747:
744:
732:
728:
727:
722:
716:
713:
708:
704:
697:
694:
689:
685:
684:
679:
673:
671:
667:
660:
656:
653:
651:
648:
646:
643:
640:
637:
636:
632:
630:
628:
623:
619:
615:
614:Windows Vista
611:
607:
599:
594:
590:
587:
583:
582:
581:
571:
570:
568:
561:
560:
558:
551:
550:
548:
541:
540:
538:
531:
530:
528:
527:
526:
520:
518:
514:
512:
508:
504:
502:
498:
495:
491:
489:
485:
482:
481:
474:
464:
460:
456:
452:
448:
442:
441:
436:This section
434:
425:
424:
418:
416:
413:
408:
406:
401:
397:
395:
391:
386:
384:
380:
376:
371:
369:
365:
358:Windows Vista
357:
347:eventtriggers
345:
339:
333:
332:
331:
329:
325:
316:
298:
294:
291:
288:
285:
283:
279:
276:
273:
271:
267:
264:
261:
259:
255:
241:
237:
234:
231:
229:
225:
216:
214:
206:
201:
199:
195:
191:
190:Windows Vista
186:
180:
176:
174:
170:
165:
161:
159:
155:
153:
148:
142:
140:
137:
132:
130:
129:Windows Vista
126:
114:
110:
107:
103:
99:
91:
88:
86:
82:
74:
70:
67:
64:
62:
58:
55:
52:
50:
46:
39:
34:
30:
25:
19:
3512:
3507:
2690:command-line
2600:File Manager
2440:Photo Viewer
2375:Media Center
2335:Groove Music
2265:Address Book
2236:
2229:
2222:
2217:Purble Place
2215:
2208:
2201:
2194:
2187:
2182:Chess Titans
2180:
2173:
2160:Discontinued
2148:
2141:
1840:Ntoskrnl.exe
1748:Boot Manager
1740:Architecture
1630:Group Policy
1522:File systems
1422:Saved search
1329:Sticky Notes
1294:Quick Assist
1222:Media Player
1192:Feedback Hub
1187:Fax and Scan
1082:Task Manager
1012:Event Viewer
1011:
992:Disk Cleanup
843:. Retrieved
834:
822:. Retrieved
812:
803:
794:
784:
775:
765:
756:
746:
734:. Retrieved
724:
715:
707:Ars Technica
706:
696:
681:
605:
603:
579:
524:
516:
510:
506:
500:
493:
488:Windows Logs
487:
468:
445:Please help
437:
409:
404:
402:
398:
393:
392:node in the
389:
387:
382:
378:
374:
372:
361:
322:
315:/eventcreate
228:Developer(s)
202:
187:
177:
164:Windows 2000
162:
156:
149:
146:
133:
125:Applications
98:Event Viewer
97:
96:
72:Service name
49:Developer(s)
18:
3538:pnpunattend
3508:eventcreate
3503:driverquery
3462:ssh-keyscan
2705:COMMAND.COM
2615:Minesweeper
2584:Spun off to
2405:MSN Dial-up
2400:Movie Maker
2305:Diagnostics
2255:ActiveMovie
1997:COMMAND.COM
1875:Shadow Copy
1730:Server Core
1570:Mount Point
1497:Shadow Copy
1092:Windows Ink
586:limitations
486:Expand out
471:August 2019
455:Wikiversity
351:Right-Click
341:eventcreate
287:Proprietary
3786:Categories
3568:systeminfo
3457:ssh-keygen
3345:Networking
2989:manage-bde
2959:diskshadow
2595:DVD Player
2410:NetMeeting
2310:DriveSpace
2175:3D Pinball
1675:SharePoint
1439:Start menu
1284:Phone Link
1147:Calculator
1102:PowerShell
963:Management
736:October 5,
661:References
584:There are
463:Wikivoyage
324:Windows XP
303:.microsoft
249:2001-10-25
181:added the
113:event logs
106:Windows NT
3743:tpmvscmgr
3452:ssh-agent
3357:bitsadmin
3263:Scripting
3028:Processes
2876:Archiving
2830:openfiles
2390:Messenger
2385:Messaging
2315:DVD Maker
2285:CD Player
2280:CardSpace
2231:Solitaire
1931:BitLocker
1926:AppLocker
1560:Hard link
1449:Task View
1427:Namespace
1397:ClearType
1217:Messaging
1202:Magnifier
1167:Clipchamp
1142:3D Viewer
824:August 7,
819:Microsoft
731:Microsoft
688:Microsoft
580:Caveats:
459:Wikibooks
438:contains
412:XPath 1.0
233:Microsoft
102:Microsoft
54:Microsoft
3718:gpupdate
3713:gpresult
3639:bootsect
3598:wevtutil
3578:typeperf
3573:tracerpt
3563:sxstrace
3548:REAgentC
3533:ntbackup
3498:dispdiag
3493:auditpol
3407:PathPing
3402:nslookup
3377:ipconfig
3372:hostname
3301:forfiles
3152:graftabl
3121:regsvr32
3094:Registry
3085:tasklist
3080:taskkill
3070:shutdown
3065:schtasks
3050:powercfg
3019:vssadmin
3004:scandisk
2994:refsutil
2964:drvspace
2954:diskraid
2949:diskpart
2944:diskcopy
2939:diskcomp
2888:extrac32
2857:robocopy
2842:(rename)
2634:Category
2511:MS-DOS 7
2496:ScanDisk
2415:NTBackup
2295:Contacts
2275:Cardfile
2210:Hold 'Em
2189:FreeCell
2035:VBScript
1946:Defender
1914:Security
1900:Winlogon
1855:Registry
1469:Services
1402:Explorer
1387:AutoPlay
1274:Paint 3D
1259:OneDrive
1249:Narrator
1197:Get Help
1152:Calendar
1047:Settings
1017:IExpress
633:See also
494:Security
383:wevtutil
143:Overview
77:eventlog
3738:tpmtool
3672:exe2bin
3644:fixboot
3634:bootcfg
3629:bcdedit
3603:winmgmt
3593:wecutil
3588:WBAdmin
3543:pnputil
3528:msiexec
3523:mofcomp
3467:tracert
3447:ssh-add
3417:rpcping
3397:netstat
3382:nbtstat
3336:timeout
3281:cscript
3243:findstr
2929:convert
2898:makecab
2893:extract
2862:takeown
2846:replace
2835:recover
2804:deltree
2800:(erase)
2788:compact
2738:(chdir)
2687:Windows
2610:Mahjong
2531:Interix
2465:WinHelp
2365:Journal
2355:Imaging
2203:InkBall
2089:DirectX
2052:ActiveX
2040:JScript
1753:Console
1725:Hyper-V
1620:Domains
1444:Taskbar
1417:IFilter
1392:AutoRun
1354:WordPad
1349:Weather
1264:OneNote
1254:Notepad
1177:Cortana
1052:Sysprep
683:TechNet
375:Details
296:Website
282:License
275:Command
247: (
173:snap-in
3733:pentnt
3728:MSCDEX
3677:QBasic
3649:fixmbr
3608:winsat
3518:logman
3432:setspn
3367:getmac
3326:prompt
3286:doskey
3271:choice
3202:whoami
3172:setver
3142:cmdkey
3116:regini
2979:fsutil
2974:format
2934:defrag
2924:chkdsk
2883:expand
2820:mklink
2809:icacls
2783:cipher
2773:attrib
2643:
2632:
2605:Hover!
2479:Others
2460:Travel
2455:Syskey
2238:Tinker
2196:Hearts
2124:WinUSB
2109:WinAPI
2094:Native
1905:WinUSB
1830:MinWin
1607:Server
1407:Search
1319:Sports
1289:Photos
1279:People
1157:Camera
641:(CLFS)
604:Major
507:Filter
453:it to
307:/en-us
171:(MMC)
3708:dpath
3693:break
3667:debug
3583:w32tm
3553:relog
3477:winrs
3472:winrm
3422:route
3392:netsh
3321:pause
3248:print
3228:edlin
3197:where
3187:title
3106:ftype
3101:assoc
3075:start
3055:runas
2999:subst
2984:label
2969:fdisk
2867:xcopy
2851:rmdir
2814:mkdir
2778:cacls
2752:pushd
2571:WinFS
2470:Write
2167:Games
2134:Games
2007:WoW64
1835:NTLDR
1825:LSASS
1758:CSRSS
1565:links
1540:exFAT
1369:Shell
1334:Store
1324:Start
1314:Skype
1269:Paint
1244:Money
1172:Clock
1119:WinRE
1027:Netsh
965:tools
954:Games
461:, or
394:Scope
121:.evtx
3723:help
3703:dism
3613:wmic
3437:sftp
3412:ping
3362:curl
3316:more
3306:goto
3291:echo
3276:clip
3253:type
3238:find
3223:edit
3218:comp
3182:time
3177:setx
3162:path
3157:mode
3147:date
3137:chcp
3045:kill
3040:exit
2853:(rd)
2825:move
2816:(md)
2793:copy
2757:tree
2747:popd
2645:List
2526:HPFS
2290:Chat
2248:Apps
2150:Surf
2099:.NET
2067:DCOM
1895:WHEA
1890:USER
1880:SMSS
1670:WSUS
1650:MSMQ
1592:ReFS
1555:NTFS
1530:CDFS
1487:CLFS
1482:BITS
1382:Aero
1359:Xbox
1339:Tips
1227:2022
1212:Maps
1207:Mail
1182:Edge
1134:Apps
929:APIs
847:2011
826:2009
814:MSDN
738:2007
726:MSDN
451:move
305:.com
301:docs
270:Type
208:evtx
192:and
119:and
117:.evt
85:Type
3748:wsl
3698:cls
3558:sfc
3442:ssh
3427:scp
3387:net
3352:arp
3331:rem
3296:for
3192:ver
3167:set
3111:reg
3014:vol
3009:sys
2908:tar
2903:pax
2840:ren
2798:del
2742:dir
2425:Pay
2325:Fax
2072:OLE
2047:COM
2030:WSH
2017:API
1778:DLL
1773:EXE
1685:PWS
1665:IIS
1625:DNS
1597:UDF
1585:EFS
1580:TxF
1550:FAT
1545:IFS
1535:DFS
1124:WMI
869:on
620:or
511:XML
509:to
368:XML
104:'s
3788::
3311:if
3233:fc
3060:sc
3035:at
2736:cd
942:NT
937:9x
817:.
811:.
793:.
774:.
755:.
729:.
723:.
705:.
686:.
680:.
669:^
616:,
457:,
175:.
2679:e
2672:t
2665:v
910:e
903:t
896:v
849:.
828:.
797:.
778:.
759:.
740:.
709:.
473:)
469:(
465:.
443:.
251:)
79:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.
