Who restarted my Windows server?
135,150
Solution 1
In the System event log, filter by event id 1074, this will show by which process and on behalf of which user a reboot was initiated.
This was tested on Windows Server 2008.
Solution 2
There should be a log at:
%windir%\system32\LogFiles\Shutdown
(which should be C:\WINDOWS\system32\LogFiles\Shutdown on a "standard" Windows Server 2000/2003 install)
Related videos on Youtube
02 : 54
How to restart an IIS website and services on Windows Server 2019
05 : 20
Fixed | Auto shutdown/restart problem on windows server. how to stop system shutdown automatically.
08 : 37
How to check shutdown and reboot logs using event viewer in Windows servers?
01 : 42
Who restarted my Windows server? (2 Solutions!!)
02 : 32
Who restarted a server ? Troubleshooting with event id 1074
Comments
-
joar almost 2 years
Is it possible on Windows Server 2000/2003/2008 machines to see which user rebooted the server?
I have found the shutdown event in the System event log, but it does not show which user initiated the reboot.
-
MrGigu about 12 years
-
Wesley about 12 years
-
user1364702 about 12 yearsNo, What rebooted the server. Who installed the malware.
-
Harry Johnston about 12 yearsWas more than one person logged in at the time?
-
KJ-SRS about 12 yearsSo who was it that restarted the server?
-
joar about 12 yearsAs I said, it was Who.
-
-
joar about 12 yearsThat folder does not exist on Windows Server 2008.
-
Lucas Kauffman about 12 yearswell you did specify for 2000/2003 as well :) -
joar over 11 yearsI give you that!
-
Deruijter almost 11 yearsAlso works on Windows Server 2003 (SP 2)
