Event Viewer
Event Viewer

Home
Hot News
Network NT
Unix
e commerce
Islamic
Love & Romance
Nizwa
AL Jabal AL Akhdar
Don't Be SAD
Who is me

View Year's Feedback

Send to me.. Salam AL-Riyami

EVENT VIEWER
The Windows NT Event Viewer is under the Administrator Tools folder, and allows the user to look at various events generated by the system, applications, or services which run on the computer. If auditing has been enabled, then audit events will also be included in the event logs.

Event viewer can view events on either the local computer, or a remote computer to which the user has the required Administrative permissions. There are THREE log files which can be viewed

  1. System
    This log contains events from the Windows NT internal services and drivers, such as failure to start a service.

     

  2. Security
    This log contains events when auditing is enabled, such as user log on, file and directory access, and printing requests.

     

  3. Application
    This log contains events generated by applications, such as tape back up programs, Web servers, or other application programs.

The default size of log files is 512K bytes, and log files are overwritten every seven days. This is configurable, and log files can be saved for future analysis in either log, text or comma delimited format.

Event Viewer Log

Because log files can fill up rather quickly, it becomes important to be able to selectively view [filter] the information in the log file. Events can be sorted [by date and time], and filtered [over a specific time period and according to the source and category of event].

The following diagram gives an example of the type of criteria which can be specified when filtering events in a log file.

Event Viewer Filtering

The following diagram shows the previous event window filtered according to Browser events.

Event Viewer Filtered Log

EMERGENCY REPAIR DISK
When Windows NT is installed, it asks the installer if they wish to create an Emergency Repair Disk. This disk is used to repair missing or corrupt Windows NT files, and restore the registry, which includes the Security Accounts Manager Database, security information, disk configuration and other important information.

To restore this information, it is necessary to boot the computer using Disk1 of the Windows NT setup disks. When prompted at the installation screen, select the option Press R to repair a Windows NT Installation, and you will be asked to insert the emergency repair diskette.

This allows you to perform a number of tasks, which include
Inspecting the registry files
Inspecting the startup environment
Verifying the Windows NT System Files
Inspecting the Boot Sector

Continuing with the appropriate options will overwrite the existing files with those found on the emergency repair disk or Windows NT Distribution media. You will then be able to restart the computer and reload from tape backup.

Using the emergency repair disk wipes all the changes made to the computer. Microsoft has provided a utility called RDISK.EXE which allows updating the files on the emergency repair disk, as well as the files stored in \<winnt_root>\REPAIR with the current computer configuration.

WINDOWS NT BOOT DISKETTE
Creating a boot diskette allows an administrator to quickly repair a damaged Windows NT computer which has had the boot sector corrupted. It can be used to replace the files NTLDR, NTDETECT.COM, NTBOOTDD.SYS and BOOT.INI

Any other files can not be replaced, so in that case, use the emergency repair diskette to restore the missing files.

To create a Windows NT boot diskette [for Intel based computers], perform the following steps

  1. Format a disk

     

  2. Copy the following files to the disk
    NTLDR
    NTDETECT.COM
    BOOT.INI

     

  3. Shutdown the computer and restart it with the diskette in Drive A

LAST KNOWN GOOD CONFIGURATION
Often, a user or administrator makes changes to a computers configuration then realizes a mistake has been made, and often, does more damage trying to remove the changes.

When a user logs on to a Windows NT computer, the current configuration information is copied from the registry into a special control set known as LastKnownGood. As its name implies, it is the last control set which was used to successfully boot the Windows NT computer.

When the computer boots up, it is possible to select the Last Known Good configuration by pressing the space bar during the boot process (When the message Press SPACEBAR for Last Known Good Configuration is displayed). If changes are made to the computer which prevent it from restarting [such the removal of a critical driver], this process can be used to restore the system state to that which it was in before the change occurred.

AUTOMATIC SYSTEM RECOVERY
When a fatal error occurs, and Windows NT is forced to shutdown, it is possible to specify additional events which occur. This information is useful for debugging purposes, as well as restarting the system automatically in the event of a shutdown.

The options are accessed using Start->Settings->Control Panel->System

System Recovery Options

 

 

Previous Index
Salam Saif Said AL-Riyami Sultanate of Oman
Copyright © 2001 www.donya.8m.net All rights reserved.
Revised:
مايو 11, 2001 .