Menu
I have some windows services written in C#. When somebody stops or starts the service, I would like to be able to determine who it was and log that information.
I tried logging Environment.UserName but that evaluates to SYSTEM even on my local machine.
Also, for the time being these services are running on Windows 2000 server.
992
Save this answer. Show activity on this post. In Event Viewer, look in the "Windows Logs"->"System" event log, and filter for Source "Service Control Manager" and Event ID 7040. Find the event saying "The start type of the service was changed from original start type to disabled" for the service you're interested in.
The event is logged at boot time noting that the Event Log service was stopped.
System Log: Windows system event log contains events related to the system and its components. Failure to load the boot-start driver is an example of a system-level event. Application Log: Events related to a software or an application hosted on a Windows computer get logged under the application event log.
Within the Event Viewer (Control Panel | Administrative Tools | Event Viewer) on the System tab the Service Control Manager logs who started and stop each event. I've just tested this myself and viewed the results. This leads me to two things:
Hope that leads you to your solution.
80
Event ID 7040 - covers Service start type change (eg disabled, manual, automatic)
Event ID 7036 - covers Service start/stop
For others that have PowerShell, you can use this:
get-eventlog -source "Service Control manager" -LogName System | select message, timegenerated, username | Out-GridView
9
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
