Black Viper's BBS

Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1]   Go Down

Author Topic: Windows Event Log  (Read 2337 times)

0 Members and 1 Guest are viewing this topic.

Black Viper

  • Administrator
  • ******
  • Last Login: Today at 02:39:37 am
  • Registered: September 14, 2007, 01:30:06 pm
  • Posts: 1840
  • "Have you tweaked your OS lately?"
    • WWW
Windows Event Log
« on: March 13, 2008, 02:00:33 pm »
Discussion of the Windows Event Log Service located in Windows Vista SP1.

Windows Event Log
Service Information: http://www.blackviper.com/WinVista/Services/Windows_Event_Log.htm
Logged
Charles "Black Viper" Sparks
www.blackviper.com

Revenge282

  • New Member
  • *
  • Last Login: April 18, 2008, 07:56:27 pm
  • Registered: April 05, 2008, 08:26:26 am
  • Posts: 5
Re: Windows Event Log
« Reply #1 on: April 05, 2008, 08:30:52 am »
I don't know if I am supposed to post here, or in a new thread.  But, my Windows Event Log service won't start.  I try to start it manually, and I get this error:
Code: [Select]
Error 1079: The account specified for this service is different from the account specified for other services running in the same process.I tried to change the log on information manually, but all the fields are disabled.

Any suggestions?

Thanks,
Revenge282
Logged

Black Viper

  • Administrator
  • ******
  • Last Login: Today at 02:39:37 am
  • Registered: September 14, 2007, 01:30:06 pm
  • Posts: 1840
  • "Have you tweaked your OS lately?"
    • WWW
Re: Windows Event Log
« Reply #2 on: April 06, 2008, 08:46:16 am »
What account is it currently using?
You should be able to tell what is checked even though it is grey'd out.
Logged
Charles "Black Viper" Sparks
www.blackviper.com

Revenge282

  • New Member
  • *
  • Last Login: April 18, 2008, 07:56:27 pm
  • Registered: April 05, 2008, 08:26:26 am
  • Posts: 5
Re: Windows Event Log
« Reply #3 on: April 09, 2008, 03:21:33 am »
It's using the Local System Account.
Logged

Black Viper

  • Administrator
  • ******
  • Last Login: Today at 02:39:37 am
  • Registered: September 14, 2007, 01:30:06 pm
  • Posts: 1840
  • "Have you tweaked your OS lately?"
    • WWW
Re: Windows Event Log
« Reply #4 on: April 09, 2008, 07:38:31 am »
Is this SP1? Did this just start after the installation of SP1?
You cannot change the information for the Windows Event Log service, but you can change the information on the service that is conflicting.
Logged
Charles "Black Viper" Sparks
www.blackviper.com

Revenge282

  • New Member
  • *
  • Last Login: April 18, 2008, 07:56:27 pm
  • Registered: April 05, 2008, 08:26:26 am
  • Posts: 5
Re: Windows Event Log
« Reply #5 on: April 12, 2008, 09:57:01 pm »
It was after SP1, but I think it was fine awhile after I updated.  Anyways, whatever solution you have other than formating, I would love to hear.
Logged

Black Viper

  • Administrator
  • ******
  • Last Login: Today at 02:39:37 am
  • Registered: September 14, 2007, 01:30:06 pm
  • Posts: 1840
  • "Have you tweaked your OS lately?"
    • WWW
Re: Windows Event Log
« Reply #6 on: April 13, 2008, 08:13:52 am »
Format is not an option that I freely give. :)
The reason I asked about SP1 was I had the same thing happen to me, but with a different service, while I was testing SP1 (beta) on one of my test systems. For some reason, it changed the account that it used and when I swapped it out for the correct one, it fixed it.
You cannot change the behavior of WEL service, but the service that "shares" the same process, you can.
In the WEL service properties, General tab, ensure this:
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Is there.
Now, on my desktop (tweaked), Windows Event Log is sharing a process with the DHCP Client service as well as the Windows Audio Service. Ensure that those are also set to "Local Service" in the logon tab of each.
As a further step, check the following:
On my test system, untweaked (default), I have these services all sharing the same process:
DHCP Client
Security Center
TCP/IP NetBIOS Helper
Windows Audio
Windows Event Log

Ensure that all of those are also on Local Service for logon.
Logged
Charles "Black Viper" Sparks
www.blackviper.com

Revenge282

  • New Member
  • *
  • Last Login: April 18, 2008, 07:56:27 pm
  • Registered: April 05, 2008, 08:26:26 am
  • Posts: 5
Re: Windows Event Log
« Reply #7 on: April 15, 2008, 04:56:09 pm »
All of those are on the Local Service, but the WEL is on Local System.  Should I change all of those to the Local System also?
Logged

Black Viper

  • Administrator
  • ******
  • Last Login: Today at 02:39:37 am
  • Registered: September 14, 2007, 01:30:06 pm
  • Posts: 1840
  • "Have you tweaked your OS lately?"
    • WWW
Re: Windows Event Log
« Reply #8 on: April 16, 2008, 05:31:17 am »
Do you have experience editing the registry? If not, do not try this, but if so...
What you can try is this:
Head to the registry (regedit).
Code: [Select]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventlogUnder:
Code: [Select]
ObjectName(Double Click ObjectName to change)
Change it to:
Code: [Select]
NT AUTHORITY\LocalServiceAlso ensure that
Code: [Select]
ImagePathIs
Code: [Select]
%SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestrictedHope this helped.
Logged
Charles "Black Viper" Sparks
www.blackviper.com

Revenge282

  • New Member
  • *
  • Last Login: April 18, 2008, 07:56:27 pm
  • Registered: April 05, 2008, 08:26:26 am
  • Posts: 5
Re: Windows Event Log
« Reply #9 on: April 17, 2008, 07:17:14 pm »
I love the registry. ;D

Thanks for the help, I wouldn't have thought of that.
Logged
Pages: [1]   Go Up
 

Page created in 0.172 seconds with 16 queries.