Sign in to follow this  
Followers 0
R4D3

Fixing most of Eventlog Errors (from a fresh or older Win10) by Service Config ;)

9 posts in this topic

Posted (edited)

Fixing most of Eventlog Errors (from a fresh or older Win10) by Service Config ;)

Errors like:
- DNS Client (v10 Vortex+wpad) EventID 1014
- Service Control Manager (CldFlt+Spooler+iphlpsvc+Printer+Update Orchester) Event ID 7000
- DistributedCom (SID: Nicht verfügbar) ID1016
- SecurityCenter (SECURITY_PRODUCT_STATE_ON) EventID 16
- Perflib (Bits) EventID 1008
- Application Error (MRT.exe) EventID 1000
- DHCP CLient (DHCP Waiting) EventID 50160
- AppModel-Runtime (0x800700B7) EventID 37
- User Device Registration EventID 360
- Pipe Closed Errors
- Cluster Errors & more

- Edit: Can Fix Windows Store Problems (like 0x80072ee7) too !

 

Note:
- Feel free to make a Restorepoint before !
- Script does not fix KernelPnP (WudfRd) EventID 219 (Changing Start Type, or changing power states for different Objects, doesn't fix it for me)
- If you reset all Services to Standard, for WLAN you maybe need to Change Starttype from Demand to Auto (if you use it) !
- Some Services (i normally hate) like Server Service will be activated to prevent Eventlog Errors (could be affect Security !)
- The cmd sniplets are only modified by me !
- A very few of Services (that don't provide Errors by changing, was changed, cause i am afraid of them, like Biometrics)

EDIT: (WudfRd) EventID 219 can "mostly" be fixed with the driverpacks, or "snappy driver installer" which is using the driverpacks, - reason is: some drivers that came with windows are simply crap... !

 

First: Cleanup your Eventlogs - from a Console with Adminrights type:
for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"

Second: Run with Adminrights !
- Reverse All Services to Standard (Recommed) (If you use Wlan, change Start Type to Auto, after, or in the script)
- Run my Service Config
- Restart PC
- Check your Logs in Eventviewer !

EDIT: (My Script is disabling, the indexservice - but before disbling it, you need to remove the indexes before (rightcklick properties c: -> disable indexoption, then: in control panel under index, remove the folders, and rewrite the index... - both steps could be take some time...)

Third:
- Give me all your Money ;
)

Files: (Extract, and Run as Admin, or some changes will be denied!) (Zip is at the bottom of the post - dont know how to move that here...) 

- R4D3_Reverse_All_Service_to_Standard.bat
Change All Services to their Original State (Creators Update W10 Home) (Highly Recommend)

- R4D3_Service_Fix.bat
Yeah Hell MS, i fixed them ! (Change 22 Services & 1 Driver to Disabled, 7 to Demand)

- R4D3_Reverse_MyFix.bat
Reverse my Fixes to their Original State (Creators Update W10 Home)

Edit: New Version, scroll down...

P.S.
This was a very long run for me, cause i checked up, almost all Dependencies, and restarted the (VM) System more than 50 times -> i don't like Eventlog Errors !
(especially if i am don't know why they happen or what they mean)

A weird Example: You get Errors if you Change LanmanWorkstation from Auto to Demand (On Demand, it will be started anyway), and you get Errors if you set Search (Indexing) from Auto to demand, but NOT if you set it to disabled...

P.P.S

I doesn't try that on the "Drivers" you can control with SC order (it can completely destroy Windows), - but of some of them i would like to get rid of, - cause they have Dependencies to the Services to...

You can Check Service Driver Dependencies with:
for /f "tokens=2" %s in ('sc query type^= driver ^| find "SERVICE_NAME"') do sc EnumDepend %s

You can check your Service States Config with:
for /f "tokens=2" %s in ('sc query state^= all ^| findstr "SERVICE_NAME"') do @(for /f "tokens=3" %t in ('sc qc %s ^| findstr "START_TYPE"') do @echo xxx %s = %t)

- would be awesome if someone could change the Sniplet that the output is:
xxx SERVICE_NAME = START_TYPE = DISPLAY_NAME

Edited by R4D3
0

Share this post


Link to post
Share on other sites

This might do (as a batch, not one liner):

@ECHO OFF
SETLOCAL ENABLEEXTENSIONS
CALL :reset
FOR /F "tokens=1,2 delims=:" %%A IN ('sc query state^= all ^|FIND "_NAME"') DO SET %%A=%%B&CALL :parse
GOTO :EOF

:parse
IF NOT DEFINED DISPLAY_NAME GOTO :EOF
FOR /F "tokens=3" %%C in ('sc qc %SERVICE_NAME% ^| FIND "START_TYPE"') do ECHO xxx %SERVICE_NAME% = %%C =%DISPLAY_NAME%
:reset
SET SERVICE_NAME=
SET DISPLAY_NAME=
GOTO :EOF


 

The output is "ugly", due to the extremely different length of service names. :(

jaclaz
 

0

Share this post


Link to post
Share on other sites

Nah, its ok - thx (it has a little error at Plug & Play, cause of the & - but i can live with that...)

I think about trying to delete some dependency flags, - maybe then i can disable more services, without eventlog errors...

0

Share this post


Link to post
Share on other sites

I quickly tested it in XP, where the service is actually called PlugPlay or Plug and Play:
 

sc query PlugPlay

SERVICE_NAME: PlugPlay
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        
sc qc PlugPlay
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: PlugPlay
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\system32\services.exe
        LOAD_ORDER_GROUP   : PlugPlay
        TAG                : 0
        DISPLAY_NAME       : Plug and Play
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

is there really a "&" in Windows 10? :unsure:

It would break a good 99% of any existing batch file ... :w00t:


 

jaclaz
 

0

Share this post


Link to post
Share on other sites

Posted (edited)

They did it in the German Version....

Exapmle of funny MS Translation:

1) SUBACLS... - Example: The User "Everyone" is translated to "Jeder"... - a English Script, that need to change Rights, just don´t work !  If it is a .cmd i can change it myself, - in an .exefile - no chance...

2) Folders: - I can´t trust Explorer anymore (cause MS used the Dektop.ini files - to call the mui´s) - in a German XP the Path %ProgramFiles% is called "Programme" and this was the real Foldername - in Windows 10 the Explorer shows the Folder as "Programme" but the foldername is "C:\Program Files"

- I would wish they did it otherways - (Using Mui´s for SubACLS not a real Translation, and for Folders the real one... - like they did in the past...)

P.S. They translated most of the ACL´s not only "Everyone" - they even did mui-files for "Short-Cut-Names" oO & there is no hint, that the desktop.ini files does different things than before...

P.P.S On their Auto-Translated Help pages - they even translate Commands and Flags ;) 

Edited by R4D3
0

Share this post


Link to post
Share on other sites

Posted (edited)

UPDATE:  R4D3_Service_Fix.zip

NEW: Grants "Build-In Admin" Permissions with a called PowershellSkript (just a minimal single Entry that allow BuiltIn Admins to change the RegEntry)

IMPORTANT:

If your Windows is NON-English (like mine) you need to change 1 Entry in the Powershellscript ! - Read the Comment in the Phoenix.bat

You need to Run AdminPowershell, and run: Set-ExecutionPolicy RemoteSigned one time (to allow Powershellscripts - dont forget to Restart then !)

You can turn it off with Set-ExecutionPolicy Restricted after...

Edit: You have, to rightcklick each file, - and click allow (there is a flag on the files, that they are from another computer... - next time i zip them from a Fat32 Filesystem, then this flag shouldn´t be there...)

Files: 

- Phoenix.bat
Change All Services to their Original State (Creators Update W10 Home) (Highly Recommend     New: Grants Admin Reg Permissions for Protected Services)

- R4D3_Service_Fix.bat
Yeah Hell MS, i fixed them ! (Change 22 Services & 1 Driver to Disabled, 7 to Demand)    New: Grants Admin Reg Permissions for Protected Services)

- PhoenixCall.ps1
Powershellscript thats be called from the Batchfiles to Grant Permission

Note: you can check all Service acl flags with (even to get names you can place in the PhoenixCall.ps1) this powershell command:

Quote

Get-ACL "HKLM:\SYSTEM\CurrentControlSet\Services\*" |Format-List

Edited by R4D3
0

Share this post


Link to post
Share on other sites

Posted (edited)

Sorry, there is one Error in "my Fix.bat"... - Dnscache must stay at Auto - cause it is needed by WindowsStore... (error 0x80072ee7) for some Apps like ADBlock for Edge

Edited by R4D3
0

Share this post


Link to post
Share on other sites

My problem of late is that with v1703 heavily tweaked it just refuses to do a Windows Update any more.

I even tried a full, fresh install.  It's so sensitive to tweaking that almost anything causes Windows Update to just fail.  I was even seeing failures when I would try to install an update directly from the Catalog.

I tried to tiptoe around that - for about 1 whole day - then I got frustrated and just tweaked the hell out of it.  The only error logged is that I don't allow luafv (the file virtualization part of UAC) to start via the EnableLUA setting in the registry.  And it never, ever contacts anyone online on its own.

Microsoft is going to cause me to just lose interest entirely if they keep this kind of garbage up.  I don't need an OS where Windows Update just raises the white flag if you look at it funny.

I'm down to about 68 processes total to support an idle desktop, 9 of which are from things I've added.  They haven't released another update for a while, so I don't honestly know if it's possible it might succeed.

-Noel

0

Share this post


Link to post
Share on other sites

Hmm, and did you try my batch to fix it ?

As i wrote, i made many many tests, with the result that, you only can change the starttype of 21 Services and 1 driver, all other changes breaks the Store, Update, or other functions... - what maybe could helped with that i to remove depending states of the services with sc and the depend flag (i did not try removing all dependencies from all services yet) - please write feedback here if you have success with that...

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.