Small Business Susan

Enabling auditing for the Vista KSOD

To add on to the “Vista KSOD or black screen of death” if you HAVE seen this, help in trying to track down what is causing it by turning on logging.


“Also turn on logging per http://support.microsoft.com/kb/324739


What we have found we think is that if set to LocalSystem, issue of black screen will take place.   We turn on logging per 324739, so can see what is changing the ObjectName key value


Per Dennis Krohn, that’s the way to enable logging to track down what is the underlying trigger


  1. Click Start, and then click Run.
  2. In the Open box, type regedit, and then click OK.
  3. Locate and click the registry key that you want to audit, for example:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs
  4. On the Edit menu, click Permissions.
  5. Click Advanced, click the Auditing tab, and then click Add.
  6. Type the user account or group whose access to this registry key you want to audit, click Check Names to verify the name, and then click OK.
  7. I added “Everyone” … chose a user or groups of users as you see fit and is appropriate for your computers. 

 


  1. In the Apply onto box, click the option that you want.
  2. Click to select the Successful and Failed check boxes next to the following access types:

    Set Value
    Create Subkey

 


  1. Click OK, and then click OK.


1 comment so far ↓

  • #   mazorj on 01.01.09 at 3:15 pm     

    Okay, if I enable auditing, what next? Does Vista create an event log? If so, what name and where? What am I looking for as evidence of what? 324739 doesn’t explain this part of it.