This is useful, however, very cumbersome, as the file generated will be the same size as your amount of ram.Note: Make absolutely sure that your symbol path is correct.

The reporting though depends on the program; if it has been coded to report events.

For instance, a program hang is reported here. It gets the work done but it still leaves the puzzler out there – why did the system crash in the first place?

An example: Locate an error that occurred around the time of the problem (there may or may not be one here depending on the type of error). Find detailed explanations, recommended user actions, and links to additional support and resources.

It's good for other crashes also. Event ID is the column which gives us a number to work with. These were on systems that we were repairing, and I didn't find any significant information in either of them.

Click on File, Symbol File Path. They are usually located in %systemroot%/minidump (in my case C:/windows/minidump).If you notice, they are usually named the date, and then a -*number* to indicate the order of minidumps that day.

  2. More often a reboot (or a smack on the sides) is a quick fix.
  3. Windows 4818 Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy Windows 4819 Central Access Policies on the machine have been changed Windows
  4. Windows 617 Kerberos Policy Changed Windows 618 Encrypted Data Recovery Policy Changed Windows 619 Quality of Service Policy Changed Windows 620 Trusted Domain Information Modified Windows 621 System Security Access Granted
  5. The Event Viewer has been a part of the Windows OS since the early days of Windows NT.
  6. This'll generate a more indepth analysis.3) Copy the information and paste it to your next post.
  7. share|improve this answer answered Mar 6 '12 at 19:14 harrymc 191k7166409 1 Plus, you can add your own event ids. –surfasb Mar 8 '12 at 14:44 > Plus,
  8. Windows 4799 A security-enabled local group membership was enumerated Windows 4800 The workstation was locked Windows 4801 The workstation was unlocked Windows 4802 The screen saver was invoked Windows 4803 The

But some types like "˜Errors' and "˜Warning' are worth looking into. (The Security Log also has the Success Audit or Failure Audit types.) The Error Properties box comes up with a

For starting use: http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx Knowing the EventMessageFile should be enough to do brute-force detect all supported values.

This becomes extremely useful when you are trying to figure out what caused a particular stop error, and no filename was mentioned and/or it is undocumented. Locate an error (example in the System description below) that occurred around the time of the problem (there may or may not be one here depending on the type of error).

Then, open the text file by double clicking on it.

In Windows XP, the Event Viewer can be found under Control Panel – Administrative Tools – Event Viewer.

EventID is a rich database of logged events.

Usually when your system blue screens and you get a stop error, an event is written to your System log. Paid subscribers get better features like an advanced search and searching for event IDs from a specific source.

The notification is duly logged by the system in a log (the event logs) which we can see using the Event Viewer.