I have this user running Windows 10 Professional laptop. We used the well-known RMM to monitor the device and found that the machine needed to be updated and restarted. The user claimed that he did update and restart, BUT the Naverisk indicated it’s not! How do I check on the Event Viewer whether what he saying is true or not? I think there is a specific Event ID that can see whether it’s beingh updated and rebooted.
To check whether the user’s Windows 10 laptop has been updated and restarted, you can use the Event Viewer to look for specific events related to Windows Update and system restarts. Here’s how you can do it:
Open Event Viewer:
Press Windows + X and select “Event Viewer” from the menu.
Alternatively, you can search for “Event Viewer” in the Windows search bar and open it.
Navigate to Windows Update Logs:
In the Event Viewer, expand the “Windows Logs” section on the left panel.
Click on “System” to open the System log.
Filter Event Logs:
In the right panel, you’ll see a list of events. You can filter them to find the relevant events related to Windows Updates and restarts.
Click on “Filter Current Log” in the Actions pane on the right.
Filter for Windows Update Events:
In the Filter Current Log dialogue, under the “Filter Current Log” tab, in the “Event sources” dropdown, select “WindowsUpdateClient.”
You can also specify a date range to narrow down the search but include the date and time when the user claims to have updated and restarted the laptop.
Look for Relevant Events:
Look for events that indicate Windows Updates being installed and system restarts. The relevant Event IDs are as follows:
Windows Update Installation Events: Event IDs 19, 20, 21, and 22 in the “Source” column can indicate successful or failed Windows Update installations.
System Restart Events: Event ID 1074 in the “Source” column typically indicates a system restart. Look for events with “User32” as the source.
Check for Successful Updates and Restarts:
Check the details of these events to see if they correspond to the user’s claimed update and restart times. Ensure that the update events don’t show any errors.
Verify the User’s Claims:
Compare the information from the Event Viewer with what the user claimed. The user’s statement may be accurate if the logs show successful updates and restarts around the claimed time.
Remember that the Event Viewer can provide detailed information about system events, including updates and restarts. It’s a useful tool for troubleshooting and verifying system activities. If you find discrepancies, you can use this information to investigate the issue further.