Windows & Linux · Windows Event Viewer Guide

Windows Event Viewer Guide

Common event IDs, where to find them, and how they help troubleshoot crashes, logons, updates, GPO, performance, drivers, security, and printing.

View this project on GitHub

1. System Crashes or Unexpected Reboots

Log Location: Windows Logs → System

Other Related Event IDs: 1001 – Bugcheck codes (BSOD details)

6008 – Unexpected Shutdown

Event 6008 example
Event 6008 details

41 (Kernel-Power) – Rebooted without Clean Shutdown

Event 41 Kernel-Power

2. Application Crashes or Freezes

Log Location: Windows Logs → Application

1000 – Application Error

Event 1000 Application Error

1001 – Windows Error Reporting

Event 1001 Windows Error Reporting
Event 1001 additional details

1002 – Application Hang

Event 1002 Application Hang

3. User Account Logon/Logoff Issues

Log Location: Windows Logs → Security

4624 – Successful Logon

Event 4624 Successful Logon

4625 – Logon Failure

Event 4625 Logon Failure

4634 – Logoff Events

Event 4634 Logoff summary
Event 4634 details

4. Windows Update Problems

Log Location: Windows Logs → System; Applications and Services Logs → Microsoft → Windows → WindowsUpdateClient → Operational

Windows Update log view
Windows Update error details
Windows Update codes
Windows Update Client Operational

5. Group Policy (GPO) Issues

Log Location: Applications and Services Logs → Microsoft → Windows → GroupPolicy → Operational

Other Related Event IDs: 1058, 1030 – Problems accessing or applying GPOs

7017

Event 7017 GPO client-side extension

1129

Event 1129 policy processing issue
Event 1129 details

6. Performance Issues (Slow Boot or Login)

Log Location: Applications and Services Logs → Microsoft → Windows → Diagnostics-Performance → Operational

100 – Boot Performance

Event 100 boot performance
Event 100 additional details

101 – Application Performance

Event 101 slow app start
Event 101 additional details

200 – Shutdown Performance

Event 200 slow shutdown

7. Driver Issues or Device Failures

Log Location: Windows Logs → System

7000 – Service Failed to Start

Event 7000 service failed to start

7026 – Driver Loading Failures

Event 7026 driver loading failure
Event 7026 more details

8. Malware or Security Incidents

Log Location: Windows Logs → Security, Application, Windows Defender

Malware Detection – Windows Defender

1116

Event 1116 malware detected
Event 1116 details

1117

Event 1117 malware cleaned/quarantined
Event 1117 details

4625 – Multiple Failed Login Attempts

Event 4625 multiple failed logons

9. Print Job Failures

Log Location: Applications and Services Logs → Microsoft → Windows → PrintService → Operational

307

Event 307 print job failure
Event 307 more details

7031 – Spooler Service Errors

Event 7031 spooler service error
Event 7031 additional details

Best Practices for Using Event Viewer

Back to Home