Support Knowledge Article
Windows 7 Event Viewer
Service/ System Name
Failure Type
Process Description
Technical recovery actions:
Confidential - no external dissemination without document owner approval
Event View
Users call to say the PC crashed but are not sure of the error message
Event Viewer is a tool that displays detailed information about significant
events (for example, programs that don't start as expected or updates that
are downloaded automatically) on your computer. Event Viewer can be
helpful when troubleshooting problems and errors with Windows and other
programs.
1. Open Event Viewer by clicking the Start button , clicking Control Panel,
clicking System and Security, clicking Administrative Tools, and then double-
clicking Event Viewer.‌ If you're prompted for an administrator password
or confirmation, type the password or provide confirmation.
2. Click an event log in the left pane.
3. Double-click an event to view the details of the event.
Details of the different logs can be found below:
• Application (program) - Events are classified as error, warning, or
information, depending on the severity of the event. An error is a significant
problem, such as loss of data. A warning is an event that isn't necessarily
significant, but might indicate a possible future problem. An information
event describes the successful operation of a program, driver, or service.
• Security - These events are called audits and are described as
successful or failed depending on the event, such as whether a user trying
1
 Support Knowledge Article

to log on to Windows was successful.

• Setup - Computers that are configured as domain controllers will

have additional logs displayed here.

• System - System events are logged by Windows and Windows

system services, and are classified as error, warning, or information.

• Forwarded Events - These events are forwarded to this log by other

computers.

Applications and Services Logs:

Applications and Services Logs vary. They include separate logs about the
programs that run on your computer, as well as more detailed logs that
pertain to specific Windows services. This category of logs includes four
subtypes: Admin, Operational, Analytic, and Debug logs.

• Admin - These events are primarily targeted at end users,

administrators, and support personnel. The events that are found in the
Admin channels indicate a problem and a well-defined solution that an
administrator can act on. An example of an admin event is an event that
occurs when an application fails to connect to a printer. These events are
either well documented or have a message associated with them that gives
the reader direct instructions of what must be done to rectify the problem.

• Operational - Operational events are used for analyzing and

diagnosing a problem or occurrence. They can be used to trigger tools or
tasks based on the problem or occurrence. An example of an operational
event is an event that occurs when a printer is added or removed from a
system.

Additional notes
Custom View
1. From the Event Viewer window, select Create Custom View. The
Custom view dialogue box will appear.
2. In the custom view Dialogue box tick the Critical and Warning Check
Boxes.
3. Select the program you would like to monitor from the list

4. Press OK and the Save Filter to Custom View box will appear.

5. Fill in the Name and Description for your custom view and press OK.

6. You can now view your custom view from the Event Viewer Tree.

Confidential - no external dissemination without document owner approval 2

 Support Knowledge Article

Date: 09/07/2014 Author: David Mallinder

Review Date JR – 9/7/14

Confidential - no external dissemination without document owner approval 3