Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, August 31, 2015 6:04 PM
Hi ,
I originally posted this on the MS community Windows 10 Section and the Moderator said I would be better served posting here. Please forgive me if I have not chosen the correct Section. I am not an IT Professional and chose what I thought closest to my enquiry.
I open Windows Event Viewer often (most days) to take a look for entries in the Windows 10 created Filter
Custom Views> ServerRoles> Administrative Events. (especially as my Win 10Pro (x64) is newly installed)What I wish to seek advice on is, how can I adjust my Desktop shortcut %windir%\system32\eventvwr.msc /s so that when I click on it Window Event Viewer will always open with Custom Views> ServerRoles> Administrative Events expanded (which I believe is a Windows filter). I did manage to work out how to open with "Windows Logs> Applications" but I am not able to use the same method with Administrative Events.
My clean install of Win 10 Pro (x64) Windows Event Viewer always opens with Event Viewer (Local) and I have to drill down the tree each time to view "Administrative Events"
I have searched the Web (without success) and also viewed eventvwr /? via cmd.exe but it is beyond my understanding in relation to what I wish to achieve.
I am hoping somebody can kindly advise me on what I need in my shortcut.
Many thanks
All replies (6)
Tuesday, September 1, 2015 6:20 AM ✅Answered | 1 vote
On Mon, 31 Aug 2015 18:04:19 +0000, dgsr wrote:
I have searched the Web (without success) and also viewed eventvwr /? via cmd.exe but it is beyond my understanding in relation to what I wish to achieve.
I am hoping somebody can kindly advise me on what I need in my shortcut.
This is actually quite easy:
1. In Event Viewer, right-click Administrative Events, then click Export
Custom View.
2. Save the XML file somewhere convenient.
3. The command line to open the exported view file is:
eventvwr /v:path_to_saved_XML_file
Paul Adare - FIM CM MVP
Tuesday, September 1, 2015 2:36 PM
Hi Paul :)
Sorry I did not notice your reply until now.
Thanks for the easy to follow step-by-step instructions, which work perfectly and do exactly what I was seeking.
Easy is I suppose is when you know how. I had spent hours on different days trying to find a Web article I could use to work out what you have just advised in a few helpful lines. I do try, not to bother Experts unless I hit a brick wall, which I had on this occasion
Once again thanks ever so much.
Kindest Regards
Dave
Tuesday, September 1, 2015 2:51 PM
Hi Paul :)
Sorry I did not notice your reply until now.
Thanks for the easy to follow step-by-step instructions, which work perfectly and do exactly what I was seeking.
Easy is I suppose is when you know how. I had spent hours on different days trying to find a Web article I could use to work out what you have just advised in a few helpful lines. I do try, not to bother Experts unless I hit a brick wall, which I had on this occasion
Once again thanks ever so much.
No worries Dave, glad I could help. When I said the solution was easy, I meant the actual solution itself, not finding the solution. :-)
Wednesday, September 2, 2015 7:21 AM
Hi Paul :),
I seem to have run into a semi inconsistent issue when running my shortcut after booting up PC and logging on (I have an Administrator Account UAC set to bottom setting O/S Win 10 Pro (x64) Release)
when I first ran the shortcut "C:\Windows\System32\eventvwr.exe /v:"D:\PC\Win Event Viewer Custom Views\Admin Events.xml" after creation everything worked perfectly.
Also worked perfectly if I ran my Bat file to clear all logs
@echo off
FOR /F "tokens=1,2*" %%V IN ('bcdedit') DO SET adminTest=%%V
IF (%adminTest%)==(Access) goto noAdmin
for /F "tokens=*" %%G in ('wevtutil.exe el') DO (call :do_clear "%%G")
echo.
echo goto theEnd
:do_clear
echo clearing %1
wevtutil.exe cl %1
goto :eof
:noAdmin
exit
and/or ran my conventional Event Viewer shortcut*"*%windir%\system32\eventvwr.msc /s".
Once again no problems
HOWEVER problems occur after a reboot and log-on of PC and then running "shortcut C:\Windows\System32\eventvwr.exe /v:"D:\PC\Win Event Viewer Custom Views\Admin Events.xml"
I got a Add Snap-in message box with comments "Adding Snap-in to Console". (is this normal and necessary?)
Then after 20 seconds I got my Event Viewer which had opened Administrative Events with 21 Errors.
identical errors (that si today last nioght I got between 20 ans 110 identical errors OR NONE)
This is Error (I changed Computer Name and User name for Privacy in text below ONLY)
ERROR General Description
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user COMPUTER\USERNAME SID (S-1-5-21-2992085237-2805390675-3250878708-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h4txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool
** FRIENDLY VIEW **
- System
- Provider
[ Name] Microsoft-Windows-DistributedCOM
[ Guid] {1B562E86-B7AA-4131-BADC-B6F3A001407E}
[ EventSourceName] DCOM
- EventID 10016
[ Qualifiers] 0
Version 0
Level 2
Task 0
Opcode 0
Keywords 0x8080000000000000
- TimeCreated
[ SystemTime] 2015-09-02T05:52:39.059569600Z
EventRecordID 76866
Correlation
- Execution
[ ProcessID] 1016
[ ThreadID] 444
Channel System
Computer COMPUTERNAME
- Security
[ UserID] S-1-5-21-2992085237-2805390675-3250878708-1001
- EventData
param1 machine-default
param2 Local
param3 Activation
param4 {C2F03A33-21F5-47FA-B4BB-156362A2F239}
param5 {316CDED5-E4AE-4B15-9113-7055D84DCC97}
param6 COMPUTERNAME
param7 USERNAME
param8 S-1-5-21-2992085237-2805390675-3250878708-1001
param9 LocalHost (Using LRPC)
param10 Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h4txyewy
param11 S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
** XML VIEW **
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2015-09-02T05:52:39.059569600Z" />
<EventRecordID>76866</EventRecordID>
<Correlation />
<Execution ProcessID="1016" ThreadID="444" />
<Channel>System</Channel>
<Computer>COMPUTERNAME</Computer>
<Security UserID="S-1-5-21-2992085237-2805390675-3250878708-1001" />
</System> - <EventData>
<Data Name="param1">machine-default</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{C2F03A33-21F5-47FA-B4BB-156362A2F239}</Data>
<Data Name="param5">{316CDED5-E4AE-4B15-9113-7055D84DCC97}</Data>
<Data Name="param6">COMPUTERNAME</Data>
<Data Name="param7">USERNAME</Data>
<Data Name="param8">S-1-5-21-2992085237-2805390675-3250878708-1001</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
<Data Name="param10">Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h4txyewy</Data>
<Data Name="param11">S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742</Data>
</EventData>
</Event>
============================
Upon repeated reboots of PC, every time the snap-in message box appears but on a couple of occasions I got a failure message
Today when I see the Win event Administrative Events MOST times I see only 1 warning which often appears at start-up and is minor and unrelated (”e1iexpress ID Code 27”)
Last night after I had posted to you I usually saw masses of the same Error as shown at top of this Post.
The only difference I am aware of between Last nights and today is I located the exported xml on my d: partition today and last night I put it in a folder on my C:\Users\USERNAME folder.
To resolve last night I deleted the xml folder and file deleted and stopped using the shortcut you advised to me, AND what got me back to normal (without snap-in adding, masses of errors after MOST reboots was to in Windows Event Viewer was to run (see image) which stopped all issues
Please may I ask:
1) Are you able to make sense of all this and advise me what I should do?
2) why are Snap-ins being loaded after each Boot of PC when I FIRST run the "C:\Windows\System32\eventvwr.exe /v:"D:\PC\Win Event Viewer Custom Views\Admin Events.xml" . I ask because when it failed and I reran the shortcut the Win Event Viewer >Administrative Events opened perfectly which suggested to me (layman) the adding of snap-ins were unnecessary. If so why do they try to load?
3) What triggers those identical Error events and why none sometimes and at other times 21, 60 up to 110) when I do nothing differently after each reboot test. Namely reboot, wait for Notification items to all fully load then run shortcut "C:\Windows\System32\eventvwr.exe /v:"D:\PC\Win Event Viewer Custom Views\Admin Events.xml"
Sorry to bother you again Paul but unless I can resolve then I will have to go without the "C:\Windows\System32\eventvwr.exe /v:"D:\PC\Win Event Viewer Custom Views\Admin Events.xml" method and go back to having to open Adminstrative Evetns manually.
Many Thanks Paul and Kind Regards
Dave
Wednesday, September 2, 2015 7:35 AM
On Wed, 2 Sep 2015 07:21:26 +0000, dgsr wrote:
HOWEVER problems occur after a reboot and log-on of PC and then running "shortcut C:\Windows\System32\eventvwr.exe /v:"D:\PC\Win Event Viewer Custom Views\Admin Events.xml"
I got a Add Snap-in message box with comments "Adding Snap-in to Console". (is this normal and necessary?)
This happens from time to time, there's not a whole lot you can do about
it.
As far as the errors you're seeing in the logs, you're going to have to
start a new thread as those errors have nothing to do with what is being
discussed in this one.
Paul Adare - FIM CM MVP
Wednesday, September 2, 2015 11:19 AM
Adding Snap-in to Console is consistent for me Paul. It happens every time the FIRST time the shortcut is run after booting up PC and logging on. (EXCEPT if I run my other shortcut first (%windir%\system32\eventvwr.msc /s) which is pointless). It never happens if "shortcut C:\Windows\System32\eventvwr.exe /v:"D:\PC\Win Event Viewer Custom Views\Admin Events.xml" is run again during the current session.
I takew you word for it Paul and I also agree with you that the Errors seem totally unrelated, and yet they have (so far) only ever occurred after I started using the new shortcut "C:\Windows\System32\eventvwr.exe /v:"D:\PC\Win Event Viewer Custom Views\Admin Events.xml".To be fair TODAY they have ceased (currently) after 5 reboot tests.
YESTERDAY, when I stopped using the new shortcut they ceased appearing in Win Event Viewer immediately when I booted up PC and logged on. VERY STRANGE.
The search bar/cortana is a nightmare as it only works when it wants to anyway. If it works after booting PC and logging on it seems to continue to do so in that session however most times it does not work after booting up and logging on (maybe 20% of the time). Disabling and re-enabling several times via task Manager often does the trick but it should not be necessary. It is very sad when 3rd Party Classic Menu search bars works 100% of the time and Win 10 is so unreliable. (maybe it is partly because Cortana is not available in my area so the Bar is not fully operational as intended (I don't honestly know what it issue is) sfc/scannow reports NO issues whatsoever.
Most random unexplained Win Event Viewer Errors I get form time to time seem to be Search bar/Cortana gatherer related.
My biggest Win 10 Pro disappointment is the amount of different random Errors that occasionally appear from time to time after logging on, for no obvious reason and seem to be of no importance to the functionality of my PC which is highly stable. If I did not view Win Event Viewer so often I would never know there were any issues (except with the Search Bar that is). Normally I get only 1 warning after logging on.
Win 10 Release is still very new and hopefully the "false alarm/over zealous Errors will be sorted out in the months ahead.
Anyway, thanks for your info and help again, Paul :)
Dave