Topic: Windows Event Log (Read 2000 times)

Black Viper · « **on:** March 13, 2008, 02:00:33 pm »

Discussion of the Windows Event Log Service located in Windows Vista SP1.

Windows Event Log
Service Information: http://www.blackviper.com/WinVista/Services/Windows_Event_Log.htm

Revenge282 · « **Reply #1 on:** April 05, 2008, 08:30:52 am »

I don't know if I am supposed to post here, or in a new thread. But, my Windows Event Log service won't start. I try to start it manually, and I get this error:

Code: [Select]

Error 1079: The account specified for this service is different from the account specified for other services running in the same process.

I tried to change the log on information manually, but all the fields are disabled.

Any suggestions?

Thanks,
Revenge282

Black Viper · « **Reply #2 on:** April 06, 2008, 08:46:16 am »

What account is it currently using?
You should be able to tell what is checked even though it is grey'd out.

Revenge282 · « **Reply #3 on:** April 09, 2008, 03:21:33 am »

It's using the Local System Account.

Black Viper · « **Reply #4 on:** April 09, 2008, 07:38:31 am »

Is this SP1? Did this just start after the installation of SP1?
You cannot change the information for the Windows Event Log service, but you can change the information on the service that is conflicting.

Revenge282 · « **Reply #5 on:** April 12, 2008, 09:57:01 pm »

It was after SP1, but I think it was fine awhile after I updated. Anyways, whatever solution you have other than formating, I would love to hear.

Black Viper · « **Reply #6 on:** April 13, 2008, 08:13:52 am »

Format is not an option that I freely give.

The reason I asked about SP1 was I had the same thing happen to me, but with a different service, while I was testing SP1 (beta) on one of my test systems. For some reason, it changed the account that it used and when I swapped it out for the correct one, it fixed it.
You cannot change the behavior of WEL service, but the service that "shares" the same process, you can.
In the WEL service properties, General tab, ensure this:
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Is there.
Now, on my desktop (tweaked), Windows Event Log is sharing a process with the DHCP Client service as well as the Windows Audio Service. Ensure that those are also set to "Local Service" in the logon tab of each.
As a further step, check the following:
On my test system, untweaked (default), I have these services all sharing the same process:
DHCP Client
Security Center
TCP/IP NetBIOS Helper
Windows Audio
Windows Event Log

Ensure that all of those are also on Local Service for logon.

Revenge282 · « **Reply #7 on:** April 15, 2008, 04:56:09 pm »

All of those are on the Local Service, but the WEL is on Local System. Should I change all of those to the Local System also?

Black Viper · « **Reply #8 on:** April 16, 2008, 05:31:17 am »

Do you have experience editing the registry? If not, do not try this, but if so...
What you can try is this:
Head to the registry (regedit).

Code: [Select]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventlogUnder:

Code: [Select]

ObjectName(Double Click ObjectName to change)
Change it to:

Code: [Select]

NT AUTHORITY\LocalServiceAlso ensure that

Code: [Select]

ImagePathIs

Code: [Select]

%SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestrictedHope this helped.

Revenge282 · « **Reply #9 on:** April 17, 2008, 07:17:14 pm »

I love the registry.

Thanks for the help, I wouldn't have thought of that.

Black Viper's BBS

Author Topic: Windows Event Log (Read 2000 times)

Black Viper

Windows Event Log

Revenge282

Re: Windows Event Log

Black Viper

Re: Windows Event Log

Revenge282

Re: Windows Event Log

Black Viper

Re: Windows Event Log

Revenge282

Re: Windows Event Log

Black Viper

Re: Windows Event Log

Revenge282

Re: Windows Event Log

Black Viper

Re: Windows Event Log

Revenge282

Re: Windows Event Log