Accessing The Power of Administrative Tools – Event Viewer

More articles in this series:

admin-tools-featureThis is the second part of a series on Administrative Tools. Event Viewer has been around for quite some time. It has helped me understand several instances of computer issues while troubleshooting my customers’ PCs. Note: You should be logged in as an administrator to perform these steps. To access the Event Viewer, navigate to the Control Panel and select Administrative Tools then select Event Viewer. In Windows 10 you may right click on the Windows Start Icon and choose Event Viewer.

The Event Viewer shows you every significant event that has occurred on your computer since the last time it has been cleared. You the user may clear all events and start a new log at any time. Some of the events are strictly for information only. For example, every time a user logs into the computer or when one of your software programs has an error. Windows will record the event in the event log and each of these logs are viewable within Event Viewer. These are as I mentioned, are just informational and may be ignored. Windows records all event into logs and there are five different logs you may view.

  1. Application Events. These will be listed in one of three types depending on the severity of the vent. Error, warning, or information. An information event lists any successful operation of a program, driver, or service. These just indicate you machine is working as it should and may be ignored. Warnings indicate potential problems and for the most part may be ignored if they are excessive you might want to investigate them so they do not develop into a critical error. Errors indicate significant problems like a conflict in services or loss of data and should be investigated and eliminated
  2. Security-related events. These are listed as audits and are described as successful or failed, if you fail to log into your computer correctly it will be listed here as a fail.
  3. Setup events.  Used only for computers that are configured as domain controllers.
  4. System events. These are logged by the Windows OS and the Windows system services. They are shown as error, warning or information and should be handled as explained in #1 above.
  5. Forwarded events. You will only see listings here if you have other computers forwarding information to this computer.

Some critical errors might have corrected themselves. For example, if you try to print with the printer off you may receive a spooler error, the event will be recorded but when you turn the printer on, no further events will appear. These may also be ignored. Also, some critical errors might have fixed themselves and happened in conjunction with other running processes and are no longer an issue and therefor you may ignore them as well.

Some however might show as many as 50, 100 or even thousands of instances of more critical events that reoccur on a regular basis. Even if the event shown is not causing you a specific crash at the moment, it is probably using valuable resources and knowing what it is and how to correct it can save you those resources.

To illustrate, I have just opened Event Viewer for the purposes of walking you though the screens for this post but noticed that I had a couple of these types of problems. I will use these problems to explain the process of fixing a real life problem instead of just letting you know how Event Viewer works, I will show you the step by step process I used to locate and eliminate these particular problems.

Before we do that however, I will go over the Event Viewer program itself so you understand the tool before we use it to fix a problem.

Event Viewer Window

Once you open the Viewer you will a windows similar to the one below. The windows is divided into three panes. The left pane (A) is the navigation pane and allows you to select the type of event you wish to view. The center is where the information will be displayed and is broken down into three windows.  (B) Summary of Administrative Events, (C) Recently Viewed Nodes, and (D)Log Summary. The right pane lists all available (E) Actions.

event view 1

To show you what I mean, you can see that in the Summary of Administrative Events, I have had one error in the last hour, 49 in the last 24hours and 189 in the last 7 days. Selecting the first event, which is an Office 2016 Licensing issue, I can click on “Event Properties” in the right panel and it will bring up a detailed description of the event.

event view 2

This will bring up a detailed description for the event including the source, time and name. The event description box above, shows that you may obtain more information by clicking on the Online Help. I personally have never found this to be useful. Instead, I find it better to copy the definition of the event or just the event ID and past it into my browser, this will more likely bring up several listings from others that have had or solved this problem.

In this case, this particular problem stemmed from the fact that when I uploaded the trial version of Microsoft Office 16 on top of my Office 365 it did not actually give me a license key. Even though the trial period has not expired it was constantly checking for the license. I simply had to go to my Microsoft Office Account and install the upgrade as part of my existing license. I have not had an event since.

The other problem I had listed in the Event Viewer is Event 488 ESENT. SettingSyncHost (5820) An attempt to create the file xxxx failed with system error 5 (0x00000005): “Access is denied. “The create file operation will fail with error -1032 (0xfffffbf8).

After searching for a possible cause online I discovered that this error stems when a drive, if full, can no longer be accessed or when the correct user rights are not met. In my case, the folder on the drive that the file was trying to gain access was denied because the user rights had not been set. I reset the rights and everything is now okay.

These are just two examples of how the Event Viewer can help you streamline your system, remove faults and basically know just what is happening behind the curtains.


Because the Event Viewer lists successful as well as failed events the total list can be overwhelming in number. However, if you concentrate your investigations on any error events you might have you should be able to diagnose any serious problem on your own.  Each event is recorded by Date and Time, Source and Event ID Number.

Remember that if you find the cause and correct it you will probably have to reboot the computer to see if it really disappears. In the left pane, you may right click on any of the logs under the “Windows Logs” and choose “clear log” to give you a fresh start.  It will give you the option of saving the current log before clearing. I check my Event Viewer every time I believe I have a problem and occasionally just to verify the system is operating properly.



About the Author

Jim Canfield

My interest in computers was a natural transition from all things electronics. I was hooked after building my first Heathkit computer around 1976, which evolved into a TSR80 and a long list of Windows computers. My first full blown program was a graphics program which started my career path in graphic design and IT work for 40 years. I now run a small computer repair and service company focused on helping veterans and retirees in our area with computer and software training classes.

There are 3 comments

Your email address will not be published. Required fields are marked *