Sign in to follow this  
Followers 0
R4D3

Fixing most of Eventlog Errors (from a fresh or older Win10) by Service Config ;)

5 posts in this topic

Posted (edited)

Fixing most of Eventlog Errors (from a fresh or older Win10) by Service Config ;)

Errors like:
- DNS Client (v10 Vortex+wpad) EventID 1014
- Service Control Manager (CldFlt+Spooler+iphlpsvc+Printer+Update Orchester) Event ID 7000
- DistributedCom (SID: Nicht verfügbar) ID1016
- SecurityCenter (SECURITY_PRODUCT_STATE_ON) EventID 16
- Perflib (Bits) EventID 1008
- Application Error (MRT.exe) EventID 1000
- DHCP CLient (DHCP Waiting) EventID 50160
- AppModel-Runtime (0x800700B7) EventID 37
- User Device Registration EventID 360
- Pipe Closed Errors
- Cluster Errors & more

- Edit: Can Fix Windows Store Problems (like 0x80072ee7) too !

 

Note:
- Feel free to make a Restorepoint before !
- Script does not fix KernelPnP (WudfRd) EventID 219 (Changing Start Type, or changing power states for different Objects, doesn't fix it for me)
- If you reset all Services to Standard, for WLAN you maybe need to Change Starttype from Demand to Auto (if you use it) !
- Some Services (i normally hate) like Server Service will be activated to prevent Eventlog Errors (could be affect Security !)
- The cmd sniplets are only modified by me !
- A very few of Services (that don't provide Errors by changing, was changed, cause i am afraid of them, like Biometrics)

First: Cleanup your Eventlogs - from a Console with Adminrights type:
for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"

Second: Run with Adminrights !
- Reverse All Services to Standard (Recommed) (If you use Wlan, change Start Type to Auto, after, or in the script)
- Run my Service Config
- Restart PC
- Check your Logs in Eventviewer !

Third:
- Give me all your Money ;
)

Files: (Extract, and Run as Admin, or some changes will be denied!) (Zip is at the bottom of the post - dont know how to move that here...) 

- R4D3_Reverse_All_Service_to_Standard.bat
Change All Services to their Original State (Creators Update W10 Home) (Highly Recommend)

- R4D3_Service_Fix.bat
Yeah Hell MS, i fixed them ! (Change 22 Services & 1 Driver to Disabled, 7 to Demand)

- R4D3_Reverse_MyFix.bat
Reverse my Fixes to their Original State (Creators Update W10 Home)

P.S.
This was a very long run for me, cause i checked up, almost all Dependencies, and restarted the (VM) System more than 50 times -> i don't like Eventlog Errors !
(especially if i am don't know why they happen or what they mean)

A weird Example: You get Errors if you Change LanmanWorkstation from Auto to Demand (On Demand, it will be started anyway), and you get Errors if you set Search (Indexing) from Auto to demand, but NOT if you set it to disabled...

P.P.S

I doesn't try that on the "Drivers" you can control with SC order (it can completely destroy Windows), - but of some of them i would like to get rid of, - cause they have Dependencies to the Services to...

You can Check Service Driver Dependencies with:
for /f "tokens=2" %s in ('sc query type^= driver ^| find "SERVICE_NAME"') do sc EnumDepend %s

You can check your Service States Config with:
for /f "tokens=2" %s in ('sc query state^= all ^| findstr "SERVICE_NAME"') do @(for /f "tokens=3" %t in ('sc qc %s ^| findstr "START_TYPE"') do @echo xxx %s = %t)

- would be awesome if someone could change the Sniplet that the output is:
xxx SERVICE_NAME = START_TYPE = DISPLAY_NAME

P.P.P.S (this is just my Service Fix.bat) 

@echo off
color fc
START /WAIT /b SC \\%ComputerName% config "AxInstSV" Start= Disabled
START /WAIT /b SC \\%ComputerName% config "CDPSvc" Start= Demand
START /WAIT /b SC \\%ComputerName% config "CDPUserSvc" Start= Demand
START /WAIT /b SC \\%ComputerName% config "CldFlt" Start= Disabled
START /WAIT /b SC \\%ComputerName% config "DiagTrack" Start= Disabled
START /WAIT /b SC \\%ComputerName% config "Dnscache" Start= Disabled
START /WAIT /b SC \\%ComputerName% config "DoSvc" Start= Demand
START /WAIT /b SC \\%ComputerName% config "DusmSvc" Start= Disabled
START /WAIT /b SC \\%ComputerName% config "FontCache" Start= Demand
START /WAIT /b SC \\%ComputerName% config "iphlpsvc" Start= Disabled
START /WAIT /b SC \\%ComputerName% config "lfsvc" Start= Disabled
START /WAIT /b SC \\%ComputerName% config "MapsBroker" Start= Demand
START /WAIT /b SC \\%ComputerName% config "MSiSCSI" Start= Disabled
START /WAIT /b SC \\%ComputerName% config "NcaSvc" Start= Disabled
START /WAIT /b SC \\%ComputerName% config "NlaSvc" Start= Demand
START /WAIT /b SC \\%ComputerName% config "OneSyncSvc" Start= Demand
START /WAIT /b SC \\%ComputerName% config "RetailDemo" Start= Disabled
START /WAIT /b SC \\%ComputerName% config "SCPolicySvc" Start= Disabled
START /WAIT /b SC \\%ComputerName% config "SessionEnv" Start= Disabled
START /WAIT /b SC \\%ComputerName% config "SysMain" Start= Disabled
START /WAIT /b SC \\%ComputerName% config "TrkWks" Start= Disabled
START /WAIT /b SC \\%ComputerName% config "UmRdpService" Start= Disabled
START /WAIT /b SC \\%ComputerName% config "W32Time" Start= Disabled
START /WAIT /b SC \\%ComputerName% config "WbioSrvc" Start= Disabled
START /WAIT /b SC \\%ComputerName% config "WEPHOSTSVC" Start= Disabled
START /WAIT /b SC \\%ComputerName% config "WiaRpc" Start= Disabled
START /WAIT /b SC \\%ComputerName% config "WinHttpAutoProxySvc" Start= Disabled
START /WAIT /b SC \\%ComputerName% config "WMPNetworkSvc" Start= Disabled
START /WAIT /b SC \\%ComputerName% config "workfolderssvc" Start= Disabled
START /WAIT /b SC \\%ComputerName% config "WSearch" Start= Disabled
Pause

R4D3_Service_Fix.zip

Edited by R4D3
0

Share this post


Link to post
Share on other sites

This might do (as a batch, not one liner):

@ECHO OFF
SETLOCAL ENABLEEXTENSIONS
CALL :reset
FOR /F "tokens=1,2 delims=:" %%A IN ('sc query state^= all ^|FIND "_NAME"') DO SET %%A=%%B&CALL :parse
GOTO :EOF

:parse
IF NOT DEFINED DISPLAY_NAME GOTO :EOF
FOR /F "tokens=3" %%C in ('sc qc %SERVICE_NAME% ^| FIND "START_TYPE"') do ECHO xxx %SERVICE_NAME% = %%C =%DISPLAY_NAME%
:reset
SET SERVICE_NAME=
SET DISPLAY_NAME=
GOTO :EOF


 

The output is "ugly", due to the extremely different length of service names. :(

jaclaz
 

0

Share this post


Link to post
Share on other sites

Nah, its ok - thx (it has a little error at Plug & Play, cause of the & - but i can live with that...)

I think about trying to delete some dependency flags, - maybe then i can disable more services, without eventlog errors...

0

Share this post


Link to post
Share on other sites

I quickly tested it in XP, where the service is actually called PlugPlay or Plug and Play:
 

sc query PlugPlay

SERVICE_NAME: PlugPlay
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        
sc qc PlugPlay
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: PlugPlay
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\system32\services.exe
        LOAD_ORDER_GROUP   : PlugPlay
        TAG                : 0
        DISPLAY_NAME       : Plug and Play
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

is there really a "&" in Windows 10? :unsure:

It would break a good 99% of any existing batch file ... :w00t:


 

jaclaz
 

0

Share this post


Link to post
Share on other sites

They did it in the German Version....

Exapmle of funny MS Translation:

1) SUBACLS... - Example: The User "Everyone" is translated to "Jeder"... - a English Script, that need to change Rights, just don´t work !  If it is a .cmd i can change it myself, - in an .exefile - no chance...

2) Folders: - I can´t trust Explorer anymore (cause MS used the Dektop.ini files - to call the mui´s) - in a German XP the Path %ProgramFiles% is called "Programme" and this was the real Foldername - in Windows 10 the Explorer shows the Folder as "Programme" but the foldername is "C:\Program Files"

- I would wish they did it otherways - (Using Mui´s for SubACLS not a real Translation, and for Folders the real one... - like they did in the past...)

P.S. They translated most of the ACL´s not only "Everyone" - they even did mui-files for "Short-Cut-Names" oO & there is no hint, that the desktop.ini files does different things than before...

P.P.S On their Auto-Translated Help pages - they even translate Commands and Flags ;) 

Edited by R4D3
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.