Hi all! Once I wrote an article in which I told, but now 10k has already come out in full and today we will figure it out, what services to disable in windows 10.
How to disable services and how to enter them, I wrote, so I will not repeat myself. To disable unnecessary services in Windows 10, go to services, read what the service means and disable as unnecessary.
* BranchCache- The service caches network content. If you don't use home network, then you can turn it off.
*CDPSvc (Connected Device Platform Service) - this service belongs to the data collection series. It synchronizes the calendar, contacts, mail and other user data. I recommend disabling this service as a last resort to check if you need it or not. You'll most likely need it if you're using a Microsoft account and need to sync with mobile device.
*CoreMessaging- Provides communication between components. The service is very controversial, because. There is no information on the web about it. You can disable it only through the registry and who disabled it, the system could no longer start. Let's leave this for now.
* DataCollectionPublishingService It's best to turn this thing off. This is the connection of the operating system with the remote cloud. The service collects, let's say, statistics of your actions.
* DHCP Client - If you use the Internet, do not touch in any case. It is this service that assigns you an ip address.
* dmwappushsvc- Again collecting information, we also turn it off. This keylogger. Transmits your key actions to the remote cloud.
* DNS client — It is also a necessary service for using the Internet. Works with your DNS (serves for the right directions).
* Enterprise App Management Service- service for corporate applications. You can turn it off, but if you use the office, for example, or Microsoft applications, then you need to experiment. Disable and see if everything will be fine in applications.
* KtmRm for Distributed Transaction Coordinator − transaction system function. We leave it the same.
* Plug and Play - serves for automatic recognition changes in the system. For example, when you connect a flash drive, this service wakes up ... So we leave it as it is.
* Quality Windows audio video experience- transmission of audio and video over the network in real time. It is not needed only if there is no network (or Internet) in other cases, we leave it.
* Microsoft .NET Framework - All such services are left as is. They serve for the normal operation of most applications.
* SMP storage spaces- Again, a new service from a series of unknowns. I would turn it off and see how it works. This service allows you to manage disk space, but by disabling it, I could easily work with files and share disks.
* superfetch- Useful feature, works with the cache, speeds up Windows work. This service has 2 sides, on the one hand it will run frequently used applications faster, on the other hand, there will be less RAM. Here I also advise you to test how much it will increase the performance on your computer. And users with SSD drive ami, I advise you to turn it off, because. The response from these discs is already crazy.
* Wallet Service- Again, the surveillance service, turn it off.
* Windows Audio - Controls sound. Turn off the sound if you don't need it. In other cases, leave.
* Windows Driver Foundation - User-mode Driver Framework - for the normal operation of the drivers, do not touch. Let it stay as it is.
* Windows Search - Indexing files for searching. If you do not use it and there is time to wait until the file is found, then disable it. On ssd, be sure to turn it off!
* Automatic configuration of network devices - needed to discover new devices on the network. If you do not use the network and the Internet, you can turn it off.
* WWAN Autoconfiguration - service to use mobile internet. If you use usb modem, SIM card in the laptop, then do not turn it off.
* Offline Files - helps to work offline with inaccessible files that have been downloaded before. We put it manually.
* AgIPsec Policy Entry - Required if you have a network and the Internet.
*WMI Performance Adapter - needed for services requiring wmi, set manually. If some applications need it, they will launch it themselves)
* Adaptive brightness control - We leave if there is a light sensor.
* Windows Backup - Disable if not in use. But it’s better to read about archiving in windows, you never know, you will use it.
* Windows Biometric Service - needed only when using biometric devices. In other cases, disable.
* Windows Firewall - To be honest, I always turn it off. I have nothing to steal) And if they encrypt the data, I will restore it) But I advise you to get, for example, Kaspersky Internet Security, which has both an antivirus and a firewall. And turn off this nafig, tk. it sometimes blocks what is not needed) In general, it monitors the security of your computer and closes ports so that thieves cannot get into your computer)
* Computer browser — No need for a home network. Manually.
* time broker- Coordinates background work for the WinRT application. Responsible for work Windows API. Therefore, if you do not know what it is, you can try to disable it, although you can disable it only through the registry. How to do this there is information on the Internet. For some users, this service eats up half of the processor resources, but after disabling, be sure to check the stability of the computer.
* System event broker - Again, for WinRT applications, also if you disable it, check the stability of work after disabling.
* DevQuery background discovery broker- Monitors applications in the background, it's better to leave it.
* Quick check - If necessary, checks for file system corruption. Also a controversial service, but it's better to leave it.
* Web Client - Useful if you don't have internet. Used to work with files on the Internet. We leave.
* Virtual Disk - Service for working with storage devices. We put it manually.
* IP Helper Service − Works with protocol version 6. I always disable it myself, so the service can be disabled altogether.
* Secondary login - Set manually, because. some games or programs will turn it on as needed.
* Application readiness- The service prepares applications for the first login or when new ones are installed. It is better to leave it manually, when it will be necessary, it will start itself.
* Grouping network members − Required for a home group. Set manually, you never need ...
* Remote Access Automatic Connection Manager - We put it manually. Need for remote connections.
* Local session manager- Manages the user session. If disabled, the system may not boot, so leave it.
* Device Settings Manager- Set up and install new devices. If disabled, installation of new devices may not occur correctly. The service runs manually and starts when a new device appears. Therefore, we leave it as it is.
* Print Manager - Needed if there is something to print. In other cases, disable.
* Remote Access Connection Manager - manually. Once I disconnected it altogether and could not create a connection. So it's better to do it manually.
* User Manager- Manages multiple users. If you have one user, install manually.
* Xbox Live Authentication Manager- if there is no Xbox, then turn it off.
* Downloaded map manager- Disable when not using the Maps app.
*Network Member Identity Manager- We leave it manually, if necessary, start itself.
* Desktop Window Manager Session Manager - If you do not use transparency from Aero, then you can turn it off, it will give a big boost.
* Network Member Identity Manager - Required for the network. It's better to set it manually.
* Credential Manager - Better by hand. Stores your data, such as logins and passwords.
* Security Account Manager - Better to leave it as is. If you disable this service, then all changes in the local security policy will be lost.
* Access to HID devices - Access to keyboard shortcuts. Disable, if some combinations stop working, then put it back.
* Magazine Windows events — records all events. Useful tool For advanced user. It's impossible to disable.
* Performance Logs and Alerts - system service, leave as is.
* Software Protection - also a system service, leave it as is.
* CNG Key Isolation − Manually.
* Tools Windows controls — The system service, without it, some applications may not work correctly, so it's better to leave it.
* Hyper-V Guest Service Interface − If you do not know what Hyper-V is, then disable it.
* Group Policy Client - We leave. Responsible for security policy settings.
* Changed Link Tracking Client − Tracking ntfs files, not needed. Disable.
* Microsoft Passport Service Container
* Distributed transaction coordinator − We put it manually.
* SNMP trap - Some programs will collect information about you. So turn it off.
* Remote Procedure Call (RPC) Locator − Manually, if necessary, applications will launch it.
* Routing and Remote Access - Need not. Disable.
* IPsec Key Modules for Internet Key Exchange and Authenticated IP - Not needed, but better by hand.
* DCOM Server Process Launcher - System service, leave as is.
* NetBIOS over TCP/IP Support Module - If there are no other computers on the network, then manually.
* Configuring a Remote Desktop Server- If you are not creating a remote desktop server, then disable it.
* Immediate Windows connections- setting recorder - Manually.
* SSDP Discovery - Necessary for new devices, but such devices are not always found. Therefore, set it manually, and if not needed, then disable it.
* Discovery of interactive services − Manually.
* Orchestrator Service Update— Solution for managing workflows in the data center. Orchestrator lets you automate the creation, monitoring, and deployment of resources in your environment. Generally put manually.
* Internet Connection Sharing (ICS) - Not needed if you do not share your Internet in network connections.
* Shell hardware definition − needed for the autorun dialog box of a disk or flash drive. To whom it is convenient, most need it. I left.
* Drive optimization- It is now called by a new name, I hope you know what it is. We leave it as it is, and if we have an SSD drive installed, then turn it off.
*Delivery Optimization It's kind of like a torrent. For example, download updates or applications from the store, then the download occurs from the sources found. Thus, the download speed increases. It is better to leave it manually, when any download occurs, it will turn on automatically.
* Remote Desktop Services User Mode Port Forwarder - If you do not use remote connections, then it is not necessary. Better put it manually.
* Nutrition - Doesn't turn off. We leave.
* Task Scheduler - It is advisable to leave it as is, because. now many programs use it.
* Support for Control Panel Item "Problem Reports and Solutions" - Manually.
* Smart Card Deletion Policy - for smart card users, it is better to do it manually.
* Login Assistant account Microsoft - Helps you create and sign in to your Microsoft account. It's better to leave it manually.
* Network Connection Assistant - Notifications about DirectAccess are not needed, disable.
* Network Connection Broker- If you do not need notifications about programs in the store, then turn it off.
* HomeGroup Provider − To use homegroups. Better by hand.
* Wired autotune — Manually.
* Data archiving program- If you use backup and restore, then leave it as it is. If not, then disable.
* Microsoft Shadow Copy Provider - Manually.
* HomeGroup Listener − Manually.
* PNRP protocol - We also leave it manually. Some applications may use the service.
* Publishing Feature Discovery Resources − Needed if you want to show your files to other computers over the network. If you do not want, then manually or disable.
* Work station - it is better to leave, because some applications use this service.
*Working Folders- If you use working folders (they are usually used in organizations), then leave it as it is, if not, disable it.
* Certificate Distribution − Better by hand.
* Extensions and notifications for printers- If you use a printer, then leave it, if not, then turn it off.
* Extensible Authentication Protocol (EAP) - Manually.
* Windows Event Collector - Manually.
* Application Details - Manually.
* Server - If the computer is not used as a server or does not share files and printers, then disable.
* Tile data model server- If you use the metro interface, then leave it, if not, then turn it off.
* Network Service Xbox Live- again, if you do not use the Xbox, then turn it off.
* Network logon - Manually.
* Network connections - Leave as is. If there is no network or Internet, then you can turn it off.
* COM+ Event System - set manually. Applications that depend on this service will launch it themselves if necessary.
* System Application COM+- Also manually.
*Microsoft Passport Service- If you don't have a TPM virtual smart card, disable it.
* Windows Push Notification Service- If you do not need notifications from applications, then turn it off. Leave it if you need it.
* SSTP Service - We leave it as it is, we need a service if there is Internet on the computer.
* Windows service License Manager - The service is needed to manage licenses for applications downloaded from the store. If you don’t download anything from there, then turn it off.
* Service Windows Mobile hot spot- The service is needed to organize a point WiFi access, i.e. distribute wireless Internet other devices. If you do not distribute, then turn it off.
* WinHTTP Web Proxy Auto-Discovery Service - If you need internet, then leave it as it is.
* WLAN AutoConfig Service - service for wireless networks. Accordingly, if they are not, it is not needed.
* Basic Filtering Service - on the one hand, it is not needed (if security is not needed), but on the other hand, some programs may generate errors. So we leave.
*Service wireless communication Bluetooth- Required if you use Bluetooth headsets.
* Hyper-V Remote Desktop Virtualization Service- Again, if you don’t know what Hyper-V is, then turn it off.
* Windows Time Service - needed to synchronize time with the Internet.
* Geolocation service- Turn off. It's only for phones. The Internet will find where you are
* Sensor Data Service- If you did not connect any sensors, then disconnect. Leave it on phones and tablets.
* Sensor Service- The same. Needed for phones and tablets.
* Store demo service- Disable, no need to demonstrate anything)
* Diagnostic Tracking Service- Service from a series of surveillance, so we turn it off.
*Shutdown Service as a Guest (Hyper-V)
* Windows Image Upload Service (WIA) - Need a service only if there is a scanner. It is responsible for receiving images from scanners and cameras.
* Hyper-V Volume Shadow Copy Query Service- Again, if you don’t know what Hyper-V is, then disable it.
* Windows Defender Service- With a good antivirus, this is an unnecessary service, but you can’t just turn it off here.
* Microsoft iSCSI Initiator Service - We put it manually, if the programs need it, they will launch it themselves.
* Network Save Interface Service - Required for normal network operation.
* Background Task Infrastructure Service- For the normal operation of background operations, leave.
* File History Service — New way file protection, with any changes, the files are duplicated. Disable or not is up to everyone. I probably would have turned it off, because. was not there before and was not needed)
* Windows Font Cache Service - serves to improve performance, caches fonts and does not waste time loading.
* Client License Service (ClipSVC)- needed for applications downloaded from the store. If you don't download anything from there, you can disable it.
* Windows Store Service (WSService)- If you use the store, then leave it, if not, turn it off.
* AllJoyn Router Service If you don't know what it is, then turn it off.
* SMS Router Service Microsoft Windows - This service is definitely not needed on a computer!
* Block Level Backup Engine Service − We put it manually. If backup or restore is needed, the service will start itself.
*Sensor Surveillance Service- If there are no sensors on the computer, then it is not needed.
* Network setting service- Better left by hand.
* Communication Service (Hyper-V)- Again, if you do not use Hyper-V, disable it.
* Service public access to Net.Tcp ports - Disabled by default. It is necessary if only the Net.Tcp protocol is needed.
* General Service network resources Windows Media Player - Manually. Need to turn on.
* Smart Card Reader Enumeration Service- If you do not use smart cards, then turn it off.
* Portable Device Enumerator Service - Serves to synchronize music, video, etc. with removable media. I would set it manually. This is not always necessary.
* Bluetooth Support Service - Required if you have Bluetooth.
* Diagnostic Policy Service - Needed to diagnose problems ... It honestly rarely helps. You can experiment with this by turning it off. Turn it on if needed.
* Program Compatibility Assistant Service - The service is needed to run programs that are incompatible with your OS. If not, set it manually.
* Network Inspection Service Windows Defender - Better again good antivirus than this service, but just don't disable it.
* User Profile Service - Better to leave. It works with computer user profiles.
* PNRP Computer Name Publishing Service - Required for home groups.
* Heart Rate Service (Hyper-V)- Monitors the state of the virtual machine. If you do not use virtual Hyper-V machines then turn it off.
*AppX Deployment Service (AppXSVC)- If you are not using the store, then turn it off.
* Registration Service Windows errors — Logs errors. It is better to put it manually.
* Device Management Registration Service- Better left by hand.
* State Repository Service- it is better to leave the same manually.
* ETW Collector Service Internet Explorer - Another collector, turn off.
* Connected Network Awareness Service - It is better to leave it as it is, for normal network operation.
* Session Service virtual machines(Hyper-V)
* Touch keyboard and panel service handwriting — needed for tablets. If your computer does not have a touch keyboard or graphics tablet, then turn it off.
* Time Synchronization Service (Hyper-V) - if there are no Hyper-V virtual machines, disable it.
* Data sharing service- leave manually.
* Device Mapping Service- If the computer does not contact other devices via wired or wireless connections, then you can turn it off.
* Network List Service - It's also better to leave it.
* System event notification service − If you are not going to watch Windows messages, then you do not need it.
* Service remote control Windows (WS-Management) - Set manually.
* Windows Cryptographic Provider Host Service- Turn off.
* Device Installation Service- It is better to leave it as is, a service for the correct installation of devices.
*Storage Service- it is better to leave manually.
* BitLocker Drive Encryption Service - Encrypts drives. If you don't use it, then disable it.
* Application Level Gateway Service − The service is needed only to work with the firewall. Manually.
* Cryptographic Services - To install new programs, it is better to leave it as it is.
* Remote Desktop Services - If you do not use remote desktops, then disable.
* Smart card - If you don't use them, then you don't need it.
* Still image acquisition events Needed to scan images. Therefore, if there is no scanner, then turn it off.
* RPC Endpoint Mapper − The service is needed for incoming traffic. Nothing can be done about her. On this we leave.
* Saving games on Xbox Live - If there is no Xbox, then turn it off.
* Finite Builder Windows points Audio- Leave it if you need sound.
* Microsoft Diagnostics Center Standard Collector Service (R)- Again the collector, turn off.
* Telephony - Leave manually. If needed, it will run.
* Themes - They eat a lot of memory resources. If not needed, disable.
* Volume Shadow Copy - Creates restore points, archiving in the background. Set manually. If needed it will run.
* Link layer topology − Also manually. If needed, it will run.
* remote call procedures (RPC) — System service. Leave as is.
* remote registry - Allows remote users to manipulate your registry. Disable.
* Application Identity - Manually.
* Diagnostic system node - Problem diagnosis. Set manually.
* Diagnostic Service Host - Also manually.
* Generic PNP Device Node - Set manually. Not all PnP devices.
* Application Management - Set manually. The service allows you to set policies for applications.
* ActiveX Installer - Also manually. You need to install such an object, it will start itself.
* Windows Installer - Installing programs.msi. Manually.
* Windows Modules Installer - Installs and uninstalls components and updates. Manually.
* Fax - It is necessary if only there is a fax.
* Background Intelligent Transfer Service (BITS) - We leave manually. The service is useful.
* Performance counter library host- Shares performance counters with other users. Disable.
* Discovery Provider Host − We leave manually. It will need to run.
* Windows Color System (WCS) - Manually. Devices will need it, they will launch it.
* Security Center - Monitors Windows security. She annoys me with her notifications. So turn it off or not, the choice is yours.
* Windows Update - On the one side useful feature. It closes holes in the system, updates drivers, but on the other hand, it actively uses the Internet, memory resources, and if you turn off the computer during the update, the OS may crash. So it's up to you to choose what is more important, security or speed.
* encrypted file system(EFS) - For file security. Better to leave it as is manually.
That's all. In this article, I described the services that can be disabled in windows 10, as well as what is best left for the normal operation of the system. I checked it myself, everything works for me. If you have any other information, write, I will add it, it will help many people.
Hello everyone, the topic is how to view windows logs. I think everyone knows what logs are, but if you are suddenly a beginner, then logs are system events that occur in operating system both Windows and Linux, which help track what happened, where and when and who did it. Any System Administrator must be able to read windows logs.
An example from life is the situation when, on one of the IBM servers, a disk failed and for technical support I collected server logs so that they can diagnose the problem. The Event Viewer service is responsible for collecting and fixing logs in Windows. Event Viewer is a handy tool for getting system logs.
You can enter the Event Viewer snap-in very simply, suitable for any Windows versions. Push the magic buttons
Win+R and enter eventvwr.msc
A windows event viewer window will open in which you need to expand the item Windows logs. Let's go over each of the magazines.
Journal An application that contains entries related to programs on your computer. The log is written when the program was launched, if it was launched with an error, then this will also be reflected here.
The audit log is needed to understand who did what and when. For example logged in or logged out, tried to gain access. All success or failure audits are written here.
The Install item, it writes Windows logs about what was installed and when, for example, programs or updates.
The most important journal is the system. All the most necessary and important things are written here. For example, you had a bsod blue screen, and the message data that is logged here will help you determine its cause.
There are also windows logs for more specific services like DHCP or DNS. Viewing events cuts everything :).
Suppose you have more than a million events in the Security log, you will probably immediately ask the question whether there is filtering, since viewing all of them is masochism. In the event viewer, this was provided, the windows logs can be conveniently filtered out, leaving only the necessary. On the right in the Actions area there is a button Filter the current log.
You will be asked to specify the event level:
It all depends on the search task, if you are looking for errors, then there is no point in other types of messages. Further, in order to narrow the boundaries of the event viewer search, you can specify the desired event source and code.
So, as you can see, parsing the windows logs is very simple, we are looking for, we find, we solve. It can also be useful to quickly clear the windows logs:
It would be strange if PowerShell did not know how to do this, to display log files, open PowerShell and enter the following command
Get-EventLog -Logname "System"
As a result, you will receive a list of system log logs
The same can be done for other magazines such as Applications
Get-EventLog -Logname "Application"
small list of abbreviations
For example, in order to display events in the command shell with only the columns "Level", "Event record date", "Source", "Event code", "Category" and "Event message" for the "System" log, execute the command:
Get-EventLog -LogName 'System' | Format-Table EntryType, TimeWritten, Source, EventID, Category, Message
If you need to display in more detail, then replace Format-Table with Format-List
Get-EventLog -LogName 'System' | Format-List EntryType, TimeWritten, Source, EventID, Category, Message
As you can see, the format is already more readable.
You can also filter the logs, for example, show the last 20 messages
Get-EventLog -Logname 'System' -Newest 20
You can also automate the collection of events, through tools such as:
So it's up to you to choose whether it's event viewer or PowerShell for windows event viewer, that's up to you. Site material
Not so long ago, in the Windows Server 2019 operating system that appeared, the Windows Admin Center remote administration component appeared. It allows to carry out remote control computer or server, I have already told him in more detail. Here I want to show that by putting it on myself workstation you can connect from a browser to other computers and easily view their event logs, thereby studying the Windows logs. In my example there will be a server SVT2019S01, we find it in the list of available ones and connect (Let me remind you that this is how we performed remote network configuration in Windows).
Next, you select the "Events" tab, select the desired log, in my example I want to see all the logs for the system. From my point of view, it is much more convenient to view everything here than from the event viewer. The advantage is that you can do it from any phone or tablet. In the right corner there is a convenient search form
If you need to filter the logs more finely, you can use the filter button.
Here you can also select the level of the event, for example, leaving only critical and errors, set the time range, event code and source.
Here is an example of filtering on event 19.
It is very convenient to export the entire log to the evxt format, which is then easy to open through the event log. So, Windows Admin Center is a powerful log viewer.
The second way to remotely view Windows logs is to use the Computer Management snap-in or the same "Event Viewer". To view Windows logs on another computer or server, in the snap-in, right-click on the top item and select "" from the context menu.
Specify the name of another computer, in my example it will be SVT2019S01
If everything is fine and there are no blocks from the firewall or antivirus, then you will be taken to the remote event viewer. If there are blocks, you will receive a message like that COM + traffic is not flying through.
I also want to note that there are entire log aggregation systems, such as Zabbix or SCOM, but this is a different level of tasks..
It often happens that a computer without visible reasons reboots, freezes, stops working. If it's running a modern operating system, such as Windows 10, you can easily find out what's causing the problem. To do this, you need to know how to look at Windows 10 errors and what they mean.
Even if the computer is working without any failures, it is better to find out in advance where to look at the Windows 10 error log. Checking it periodically will help to detect and prevent the occurrence of serious problems. In case of emergency situations, when the user does not see the obvious causes of problems, the Windows 10 event log is an indispensable assistant. It should be borne in mind that even on a working computer, errors sometimes occur that may not affect the quality of work, but if there are critical errors, it is necessary to take measures to eliminate them.
There are several ways to open the event log.
Press the keys at the same time "Win" and "R" and in the popup line "Open" type eventvwr.msc and press Enter.
Click right click mouse on "Start" and select from the pop-up list "Run", type eventvwr.msc and hit enter.
Enter the phrase in the Windows 10 search menu Event Viewer or "Magazine" and press Enter.
In the program window that appears, there is a tab "Overview and Summary", below which is a submenu "Summary of Administrative Events" A that contains drop-down lists containing the following information: critical events, errors, warnings, details, and success audit.
When these lists are expanded, lines appear about what happened in the system. The most important are critical events and errors. The line describing the error contains its code, source, and how many times it has occurred in the last 24 hours and 7 days. When you double-click on a line, a window appears with detailed description the problem that occurred, the exact time it occurred, and other important information.
You can also use the Windows 10 event logs, the menu of which is located in the left column of the program Event Viewer. Application, security, and system logs are available here. The latter just contains information about the most important failures that occur in the system, for example, problems in the operation of drivers, system programs and other important information.
Carefully examining the available log entries is very helpful in keeping your computer running smoothly. For example, the presence of a critical event Kernel Power 41 may indicate problems with the power supply, its overheating, or insufficient power for your computer. In addition, the logs can also help in solving crash problems. individual programs through the use of the application log.
So that your computer does not let you down at the most inopportune moment, you need to know where the Windows 10 error log is located and open and study it at least once a week.
Most users personal computers do not even know about such an addition as the event log. This special function to view all events that occur in the operating system installed on the PC. It is in it that the critical errors, warnings and other important information, both for ordinary users and server owners.
In this article, we will analyze this topic in detail and find out what it is, where you can view the event log in Windows 10 and how to use it.
To begin with, it is worth saying that this service registers absolutely everything that happens on the computer. Messages and errors are recorded, including the operation of drivers, applications and programs. By regularly reviewing and examining the history, problems and weaknesses in the protection of the device can be easily identified, which is especially useful for servers.
Finding and opening the event log is quite simple, for this you need to Windows search 10 enter the phrase "Event Viewer" and click on it. But if you have deactivated indexing, then this attempt will not bring results.
And as an option you can:
All information will be divided into relevant groups. For example, by opening the application log, you will have the opportunity to view all messages about the operation of programs. Absolutely all system incidents related to Windows 10 are displayed in it.
Initially this service was developed exclusively for administrators who constantly monitor the status of servers, identify errors and causes of occurrence, and then try to quickly fix them.
Do not be alarmed if your device is working properly, but there are error warnings in the log, because this is normal for the OS. Any failures, including minor ones, are entered into the registry, so do not worry.
Most "professional" users are sure that ordinary users do not even need to dive into this topic, because it will never be useful to them. However, this is not at all the case, because this tool is incredibly useful in certain situations.
For example, if it appears blue screen or your system itself reboots from time to time. Why this happens and what caused it can be quickly found out in the system event log. If the error is related to updating drivers, then it will indicate the hardware with which the problem occurs and effective ways to solve it.
To simplify the search for the desired report, you need to remember the time the situation occurred and, based on the time frame, look for the error.
Also, another important function is to record the loading of the operating system, when its start, end and duration are indicated. Moreover, the need to enter a reason can be tied to turning off the computer. It will appear in our journal. This is especially useful for server administrators, because every detail is important to them.
There are five main ways in which you can clear the event log:
Let's take a closer look at each of the proposed methods and find out how to apply them in practice.
First of all, I propose to consider a method for self-cleaning reports in Windows 10. It is quite simple and does not require the use of special commands and the installation of third-party programs.
All you need is:
As you can see, everything is extremely simple. However, in some situations, you still have to use other methods, which we will discuss below.
Another fairly simple way that will allow you to quickly clean up. Let's break it down in more detail:
If you are too lazy to create this file, then the finished version can be download from the link.
You can also clear the event log from errors, warnings and other messages through the cmd command line.
After that, all reports will be deleted.
The Windows 10 operating system has a more advanced version command line- PowerShell. Clearing the event log with this tool is very simple.
Let's break it down step by step:
Most likely, you will encounter an error, but do not be afraid, as this is normal. All sections will be cleared.
Widely known CCleaner allows you to carry out a complete cleaning of the system, registry from junk files and incorrect entries. This speeds up the system performance. Works great on different operating systems, including Windows 10. In addition, it has free version with pretty good functionality.
In this way, we will clear the event log and further optimize the operation of Windows 10.
This topic is not as dynamic and interesting as, for example, system recovery or the fight against malware. software but no less important.
One of the many changes in Windows 10 was the saving of update logs in ETL format files, which can only be read using special utilities. In more early versions system logs were recorded in the usual text file, but since the update service is constantly active on the system, the data was overwritten regularly, which created additional unwanted load on the disk.The use of the ETL log format reduced the burden on HDD, but made reading logs less convenient for administrators. Microsoft is aware of this issue, so the developers have implemented the ability to convert update log files to a human-readable format. In addition, the logs can be viewed using the built-in Windows Event Log. Let's consider both options in a little more detail.
Launch a PowerShell console and run the Get-WindowsUrdateLog command in it.
Reading starts here data transformation,
Upon completion of the procedure, you will have a WindowsUpdate.log file on your desktop, which you can open with regular Notepad or any other text editor. Now you can safely study the log yourself or send it to more experienced users.
The second way is just as simple. call context menu Start button (Win + X) and select "Event Viewer" in it.
In the log that opens, follow the chain Logs for applications and services → Microsoft → Windows → WindowsUpdateClient → Operational. In this case, in the central column of the Log you will receive a sorted list of events related to the operation of the update function.
