Na, ma is elindítottam a Windowst és megtaláltam a két esetet, de nem lettem sokkal okosabb. OK, nem tudom, hogy lehetne az XML-t ide betenni úgy, hogy látszódjék. A code bb nem segített.
Log Name: System
Source: User32
Date: 20/10/2016 14:46:36
Event ID: 1074
Task Category: None
Level: Information
Keywords: Classic
User: BUDAPEST\Gee
Computer: W0076
Description:
The process C:\WINDOWS\system32\winlogon.exe (W0076) has initiated the power off of computer W0076 on behalf of user BUDAPEST\Gee for the following reason: No title for this reason could be found
Reason Code: 0x500ff
Shutdown Type: power off
Comment:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="User32" Guid="{b0aa8734-56f7-41cc-b2f4-de228e98b946}" EventSourceName="User32" />
<EventID Qualifiers="32768">1074</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2016-10-20T13:46:36.201876500Z" />
<EventRecordID>2311</EventRecordID>
<Correlation />
<Execution ProcessID="564" ThreadID="1236" />
<Channel>System</Channel>
<Computer>W0076</Computer>
<Security UserID="S-1-5-21-2448406460-2828086590-2809017384-775777" />
</System>
<EventData>
<Data Name="param1">C:\WINDOWS\system32\winlogon.exe (W0076)</Data>
<Data Name="param2">W0076</Data>
<Data Name="param3">No title for this reason could be found</Data>
<Data Name="param4">0x500ff</Data>
<Data Name="param5">power off</Data>
<Data Name="param6">
</Data>
<Data Name="param7">BUDAPEST\Gee</Data>
</EventData>
</Event>
Log Name: System
Source: User32
Date: 21/10/2016 21:05:34
Event ID: 1074
Task Category: None
Level: Information
Keywords: Classic
User: BUDAPEST\Gee
Computer: W0076
Description:
The process C:\WINDOWS\system32\winlogon.exe (W0076) has initiated the power off of computer W0076 on behalf of user BUDAPEST\Gee for the following reason: No title for this reason could be found
Reason Code: 0x500ff
Shutdown Type: power off
Comment:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="User32" Guid="{b0aa8734-56f7-41cc-b2f4-de228e98b946}" EventSourceName="User32" />
<EventID Qualifiers="32768">1074</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2016-10-21T20:05:34.542111500Z" />
<EventRecordID>2697</EventRecordID>
<Correlation />
<Execution ProcessID="572" ThreadID="736" />
<Channel>System</Channel>
<Computer>W0076</Computer>
<Security UserID="S-1-5-21-2448406460-2828086590-2809017384-775777" />
</System>
<EventData>
<Data Name="param1">C:\WINDOWS\system32\winlogon.exe (W0076)</Data>
<Data Name="param2">W0076</Data>
<Data Name="param3">No title for this reason could be found</Data>
<Data Name="param4">0x500ff</Data>
<Data Name="param5">power off</Data>
<Data Name="param6">
</Data>
<Data Name="param7">BUDAPEST\Gee</Data>
</EventData>
</Event>