I have an interesting question to ask regarding the Event Viewer in Win Xp Pro.
Now in the system tab in the event viewer, there are two entries named "eventlog" as the Source, events 6005 and 6006.
6006: The Event service has stopped.
6005: The Event service has started.
At what point when the computer is shutting down or starting up, does this event get recorded? What I mean to say is, for example when the computer is shutting down, this is the very last event that gets recorded, correct?
Now is it possible during the shutdown process, that this service stops but the computer for some reason does not log off and stays logged on? For example some error occurs, or for some reason the log off/shutdown process gets stuck, stops the Event log service, but the computer is still logged on, is this possible?
From the event viewer log that I am looking at, it seems that the "Event service has stopped" gets recorded after the computer is logged off or at least at the point where it says "windows is saving your settings" (the message you get when you log off or shutdown). if this is correct, then the computer is already at the point where the desktop has disappeared, and the message box pops up stating that it is shutting down, or saving settings, or disconnecting network connections, or whatever. if the event service stops at this point, then there is no way that the log off process would be stuck and the computer would still be logged on, correct?
Please tell me if this makes any sense to anyone. Any and all comments, suggestions, feedback is and would be extremely appreciated. This is a very important matter to me, please shed some light on this. Thanks to all.
Now in the system tab in the event viewer, there are two entries named "eventlog" as the Source, events 6005 and 6006.
6006: The Event service has stopped.
6005: The Event service has started.
At what point when the computer is shutting down or starting up, does this event get recorded? What I mean to say is, for example when the computer is shutting down, this is the very last event that gets recorded, correct?
Now is it possible during the shutdown process, that this service stops but the computer for some reason does not log off and stays logged on? For example some error occurs, or for some reason the log off/shutdown process gets stuck, stops the Event log service, but the computer is still logged on, is this possible?
From the event viewer log that I am looking at, it seems that the "Event service has stopped" gets recorded after the computer is logged off or at least at the point where it says "windows is saving your settings" (the message you get when you log off or shutdown). if this is correct, then the computer is already at the point where the desktop has disappeared, and the message box pops up stating that it is shutting down, or saving settings, or disconnecting network connections, or whatever. if the event service stops at this point, then there is no way that the log off process would be stuck and the computer would still be logged on, correct?
Please tell me if this makes any sense to anyone. Any and all comments, suggestions, feedback is and would be extremely appreciated. This is a very important matter to me, please shed some light on this. Thanks to all.
