1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Event viewer help pls!!

Discussion in 'Windows Vista' started by toadman77, Apr 19, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. toadman77

    toadman77 Thread Starter

    Joined:
    Oct 16, 2002
    Messages:
    85
    Hello, I am trying to view mt event viewer in Vista Ultimate and it says Event viewer cannot be started ,check if service is started.

    How can I fix this?
    I am owner,admin ,and creator of machine and only user.
    Is there way to have all my drive C so I am owner of it?
    Lets say my name is badboy (my comp name) and I put myself in admin group ,do I use my name to be owner or the administator name ?
    When all these names come up in advanced view in security tab , there are alot to chose from can anyone help with that pls , it would be a tremendous help.

    Thks
     
  2. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    Can you run mmc.exe from a command prompt? What happens when you add the eventvwr snap-in?
     
  3. toadman77

    toadman77 Thread Starter

    Joined:
    Oct 16, 2002
    Messages:
    85
    It lets me do the snap-in but when I go to load event viewer it says service is not started?
    THks
     
  4. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    OK. Is the Windows Event Log Service running and enabled?
     
  5. toadman77

    toadman77 Thread Starter

    Joined:
    Oct 16, 2002
    Messages:
    85
    the service is on automatic but when I go to start it it gives me a 4201 error.

    Any ideas thks
     
  6. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    Possibly corrupt logs. You could try deleting them.

    C:\Windows\System32\winevt\Logs\

    You may need to take ownership. Start with just those logs that appear in the Event Viewer: Application, Security, Setup, System, Forwarded Events. But one of the others could be the problem.

    Have you run a chkdsk lately?
    Have you disabled any other services? Though the Event Viewer does not depend on any other services, WMI information is passed to it.
     
  7. toadman77

    toadman77 Thread Starter

    Joined:
    Oct 16, 2002
    Messages:
    85
    I did chkdsk yesterday and the only services I have disabled recently are the media center ones I don't use that at all.

    Now in that log there are many things

    from application to system , which ones are safe too delete?

    Thks
     
  8. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    Since the service is not running, the logs can be deleted. To be on the certain side, I deleted all log files in that folder last night to be sure it was safe before I recommened it to you. The files are gradually being re-created and there have been no ill effects. So, try deleting all of them. You can make a copy of the folder so you can restore it, just in case. That would be a standard, good practice.

    Also, do a search and be sure that the following dll's are present in your system32 folder:

    wevtapi.dll
    netevent.dll
    es.dll
    wevtsvc.dll
     
  9. toadman77

    toadman77 Thread Starter

    Joined:
    Oct 16, 2002
    Messages:
    85
    Ok thks I'll check that out and hope it helps , I did a backup of folder just in case.

    Thks

    Just wanted to ask about the second part of my question above taking ownership???
     
  10. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    Not a wise idea security-wise, but you can do so by right-clicking the drive.
     
  11. toadman77

    toadman77 Thread Starter

    Joined:
    Oct 16, 2002
    Messages:
    85
    So ur saying putting the whole C drive as admin or owner is not a good idea?

    Is it good to have my name in admin?
    What is the best way to get this ownership and admin thing for someone to understand it and what are the best settings for the c drive?

    Sorry for all the questions but xp did not have all this ownership stuff upfront it was hiden sort of , so I'm trying to understand the right click /take ownership thing?


    Thks again
     
  12. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    The whole purpose of the new security configuration in Vista, with the increased ownerships by System instead of Admin, is to prevent malware from having access to important system areas through logged on users. It would be safer to change only those permissions that you need to change for your purposes.

    As far as the Event Viewer, try going to a command prompt (or Run box) and typing:

    regsvr32 wecsvc.dll

    Does your service start now?
     
  13. toadman77

    toadman77 Thread Starter

    Joined:
    Oct 16, 2002
    Messages:
    85
    Still getting 4201 error???


    As for the other part so it's better to run c drive as system and not as admin?

    Many thks again
     
  14. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    I'm not able to find any information on the 4201. Too bad we can't look at the Event Viewer.

    Were all those dll's present in System32? Have any registry cleaners or repair programs been run? If so, can their backups be restored?

    The entire drive should not be owned by System, either, since that will unduly restrict any users from access that they need. The permissions need to be set separately on all the files and folders so that the most efficient and functional ones will be assigned.
     
  15. kama64

    kama64

    Joined:
    Apr 23, 2007
    Messages:
    604
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/564354

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice