Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Clear Admin Log

23 May 2014   #1
sgmdew

Win 7 Pro 64 Bit
 
 
Clear Admin Log

The test I was referencing was the MGAD and afterwards I ran sfc which said basically no problems found.

"Re: Foreach-Object not recognized as internal or external commands, etc
I want to make sure that you opened an elevated PowerShell, not Command prompt, window. The Foreach-Object is a Powershell command is not recognized in a Command prompt.
and a follow up - you had a similar issue with cmds, but I'm not certain how that was resolved. I made a few suggestions and your response was "After that test... it worked" I'm still not clear on what "test"."

The term wevtutil is not reconized as the name of a cmdlet, program, etc.

I just need to delete the admin log and everything will be ok, I think.


My System SpecsSystem Spec
.
24 May 2014   #2
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Hmmm, that is strange. MGAD is a diagnostic reporting tool. Why SFC ran afterwards I do not know.

To recap...
In this post you reported that Foreach-Object not reconized as internal or external commands, etc
and in your new thread (thanks) you say
The term wevtutil is not reconized as the name of a cmdlet, program, etc.

If I recall, you already searched for wevtutil.exe and it wasn't found - just for grins and giggles, try this:
open start menu (orb) and paste the folloing into the search box

wevtutil

anything show up in the programs list? If yes, then the program can be located.

Next open an elevated Command Prompt widow and type the following commands
cls
dir /a C:\windows\system32\wevt*.*
dir /a C:\windows\sysWOW64\wevt*.*
set

Post a screen shot of the Command Prompt (perhaps two screen shots so I can see all of the output)


The administrative log is a view that collects and displays information from other logs. It is not really a log.

Without wevtutil, the only choice you have is to manually go through each log and clear it (right click). I'm not even certain you can do that without wevtutil.

Why do you want to clear the logs?
Can you open Event Viewer at all?
Try running SFC again - does it still work?
See: SFC /SCANNOW Command - System File Checker

This time please post the output per the tutorial instructions. I'm flying blind here.

Screen shots and actual logs are best for troubleshooting from this side.
See: Screenshots and Files - Upload and Post in Seven Forums


Bill
.
My System SpecsSystem Spec
24 May 2014   #3
sgmdew

Win 7 Pro 64 Bit
 
 

Posted in txt file the wevt commands and ran the sfc with no problems noted; wevtutil does not show up in the files but wevtutil.exe does. This bugs me as well: nvstreamsvc 1201 warnings in 24 hrs. Seems I am getting a lot of stupid warnings and errors.


Attached Files
File Type: txt wevtutil.txt (2.3 KB, 4 views)
My System SpecsSystem Spec
.

25 May 2014   #4
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Thanks, that helped a lot!

It is as I suspected, your path does not contain the system path entries. I don't know why that is, but let's fix it.

Right click Computer
Click Properites
click Advanced System Settings
click Environment Variables button
Clear Admin Log-environs.png
The bottom window is system variables
scroll that window to the "Path" entry
click Path
click the Edit... button
press the Home key on your keyboard or move the cursor to the very beginning of the Variable value: box

copy the line below and paste it in the Variable value at the beginning of the field

Code:
%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%SYSTEMROOT%\SYSTEM32\WINDOWSPOWERSHELL\V1.0;
The entire path variable should contain these paths before you press ok

Code:
%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%SYSTEMROOT%\SYSTEM32\WINDOWSPOWERSHELL\V1.0;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Windows\twain_32\CNQL60;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
If the variable looks good, press OK all the way out of advanced system settings.

Try running either Event clean tutorial, but I recommend the Powershell - less things to try and figure out.

Bill
.


My System SpecsSystem Spec
25 May 2014   #5
sgmdew

Win 7 Pro 64 Bit
 
 

Not sure if I got it right but the clear all bat worked. Wasn't sure which line to copy so I copied last line to make sure it looked like that, because when just coping first line it looked different but was same(just not right). Anyways the line is:

%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%SYSTEMROOT%\SYSTEM32\WINDOWSPOWERSHEL L\V1.0;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Windows\twain_32\CNQL60;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static

Is this correct, thanks.
My System SpecsSystem Spec
25 May 2014   #6
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Looks as though you got it right. Good thinking to grab the full line.

Do me one favor.... verify that the space in WINDOWSPOWERSHEL L is an artifact of the forum post.

It should be WINDOWSPOWERSHELL

The easiest way to check this is to run the Powershell event clear script
Event Viewer: Clear All Events

You should not get the Foreach-Object error you got once before.
Let me know how that goes, ok?

If the Powershell script does work and you're happy with the solution, please mark this thread as solved.

Thanks,

Bill
.
My System SpecsSystem Spec
26 May 2014   #7
sgmdew

Win 7 Pro 64 Bit
 
 

this is what I got in powershell and now sure of what you are asking about the word spelling of powershell (where)


Attached Thumbnails
Clear Admin Log-untitled.png  
My System SpecsSystem Spec
26 May 2014   #8
UsernameIssues

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by sgmdew View Post
this is what I got in powershell and now sure of what you are asking about the word spelling of powershell (where)
In this post:

Clear Admin Log-powershell.png


:::back to lurking:::


My System SpecsSystem Spec
26 May 2014   #9
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Ok, that's interesting.

First, powershell in the path environment seems to be fine - the command Foreach-Object was recognized. If the space was actually in the path environment, the command would not have been recognized.

If you look carefully at the string you posted in #5, you can see what/where I was trying to determine. I guess the forum tries to break the line at some length and it ends up being a space.

If that's still not clear, you can open a command prompt at type
path
Look at WINDOWSPOWERSHELL in the string returned and you can see that the two Ls are not separated by a space.

This is not an issue on your machine, only the way a long string in a post is presented. So you're good.

Second, I have to research why the DebugChannel log returned the information it did. Basically it says that you have to disable the log before clearing. To be honest I don't know what the msg means.
The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.

See: Error when enabling Analytic or Debug event log: "The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation."
Quote   Quote: Originally Posted by Microsoft
Cause: For analytic and debug logs, Event Viewer does not allow events to be queried or viewed if the log is both enabled and has Overwrite events as needed (oldest events first) configured. This is not the case for administrative and operational logs such as System, Application and Security logs, which can be viewed when Overwrite events as needed (oldest events first) is configured.

Analytic and debug logs by default are configured for Do not overwrite events (Clear logs manually). But for circular logging where old events are discarded when the maximum log size is reached you would enable Overwrite events as needed (oldest events first).

Note that logging is taking place even though this error is displayed. The error only means you cannot view the events that are currently being logged.
This tells me that for either script to clear Analytic or Debug logs, those logs must be configured in Event Viewer with
Do not overwrite events

The easiest thing to do is to open Event Viewer and manually clear the DebugChannel log. You might have to change the overwrite parameter first.

If you don't use the DebugChanel log or don't know why it is on (it is not on my system that I can find), then I would disable or delete the log.

Do you write code, is it possibly part of your development environment?

It's beyond the scope of the clear event scripts to anticipate specific Analytic or Debug logs on machines. I'm out of ideas on the DebugChannel log, perhaps another member might add some insight.

I'll stay subscribed to your thread, but I don't think I can add much more.

Bill
.
My System SpecsSystem Spec
26 May 2014   #10
Britton30
Microsoft MVP

Windows 7 Ultimate X64 SP1
 
 

Where is this 'admin log'?
There should be the option to Clear Logs in the menu bar.
My System SpecsSystem Spec
Reply

 Clear Admin Log




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Admin wants to share a directory with non-admin users
There is a user, Dad, with admin privileges on a Windows 7 machine (this is me). There are other users, kid1 and kid2, with no admin privileges (my kids ;-) ) I want to let kid1 and kid2 access the contents of a directory in my userspace C:\Users\Dad\ . In fact it's not at the top level,...
General Discussion
I need admin permission to delete/move file (but I'm both admin/owner)
Hi, I'm new to Windows 7. I'm still trying to master the file permissions.. I need some help and I'd appreciate it if someone could help me out. I have a folder with mp3s (created with my old Windows XP system). I've included this mp3s folder in the "my music" library and then I inspected...
System Security
WinUpdate made Admin act as no admin privileges available?
So, for the second time this month:sarc:, a Windows Update has basically killed my machine. As I was going to bed at 0230GMT, WindowsUpdate started an auto-install and rebooted my machine. As I logged into the Admin-level account normally, it appears to stop loading any of my programs -...
Windows Updates & Activation
admin user lost some admin rights
I can't delete a file from the desktop. When I try, it says to get the rights from the specified admin user (which I'm logged on). The strange thing is that I still can create other users from this account (including admins). Any suggestion on what to do?
BSOD Help and Support
Recover/Clear Windows 7 Admin Password
Hi all, I'm having a bit of difficulty with something. I have two accounts on my computer, a Admin and a local user account under my name. I have forgotten the password that I put on the admin account and now I need to download Microsoft Office and it is not allowing me to do so because it...
General Discussion
Admin acount no longer has admin privileges?
Hi. The main (and only account) I have been using since the first beta came out had administrator privileges. Today when I booted up I noticed that my account could no longer do things that are associated with an admin account, such as installing certain programs and writing to certain...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 14:42.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App