Windows 7 - clearing Administrative Events

[dave_the_scot]

Hi

Off topic I know but I was a Neowin forum member many, many years ago and I have just come back and I need to thank Neowin MODS/Admin for helping me get my password reset.

Ok, I am running Windows 7 as my primary OS and I really like it. It installed without problems and I needed no drivers so i was able to use the OS right from the start but, I have one annoying problem which I would like help with please.

The problem is with regard to the Event Viewer: When I go to event viewer, I can clear all the logs with the exception of Administrative Events which is shown under Event Viewer/Custom Views. This log has no "Clear logs" option when i right-click it and I would really like to clear it. Can anyone help please?

Regards

[ViperAFK]

ccleaner may be able to clear windows logs and such if I remember correctly.

[dave_the_scot]

Hi ViperAFK

Thanks for your fast response.

ccleaner? Is there no option in windows 7 that I may have missed or that is hidden?

Just out of interest, are you running Windows 7 beta and if so, do your Administrative Events log have loads of errors/warnings in it?

At the moment, my log has around 223 events but they cover about three or four events which are all the same and just keep repeating each time I boot the notebook. Two examples below:

Log Name: Microsoft Windows-Dhcpv6-Client/Admin

Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0x001B7772D389. The following error occurred: 0x79. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log Name: System

Source: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped.

Regards

[magic-man]

To clear all the logs (well, most of them) in one shot, paste the following code into a text file and save it as clearlogs.bat. I stole this from another board (don't remember which one) fair and square and would give the author his/her due if I could remember. It has not been updated for Win7 yet, but works. Should be easy to mod for some of the new logs.

Begin Code

@echo off

FOR /F "tokens=1,2*" %%V IN ('bcdedit') DO SET adminTest=%%V

IF (%adminTest%)==(Access) goto noAdmin

for /F "tokens=*" %%G in ('wevtutil.exe el') DO (call :do_clear "%%G")

echo.

echo Event Logs have been cleared! ^<press any key^>

goto theEnd

:do_clear

echo clearing %1

wevtutil.exe cl %1

goto :eof

:noAdmin

echo You must run this script as an Administrator!

echo ^<press any key^>

:theEnd

pause>NUL

End Code

Would have attached it, but it was disallowed.

[dave_the_scot]

Hi magic-man

That was amazing man. :o

It worked 100%, the .bat file cleared absolutely loads of logs including the 'admin events' log and I never new that many logs existed.

Naturally I'm very grateful to you for sharing this file with me but the problem is that I'm no expert on these .bat files and so I'm not sure of the validity of the it, or how secure it is to use?

For all I know, it could be planting spyware, trojans or worse, on my computer.

Is there anyway I can be sure about this .bat file?

If any MODS or ADMIN are monitoring the these forums, I'd like your advice on this file and how safe it is to use.

Regards

[magic-man]

Hi magic-man

That was amazing man. :o

It worked 100%, the .bat file cleared absolutely loads of logs including the 'admin events' log and I never new that many logs existed.

Naturally I'm very grateful to you for sharing this file with me but the problem is that I'm no expert on these .bat files and so I'm not sure of the validity of the it, or how secure it is to use?

For all I know, it could be planting spyware, trojans or worse, on my computer.

Is there anyway I can be sure about this .bat file?

If any MODS or ADMIN are monitoring the these forums, I'd like your advice on this file and how safe it is to use.

Regards

The first 2 lines simply see if you have admin access. The actual clearing of the log is done by a built in utiliy in Win7 and vista.

The only executable in use for this is wevtutil.exe. Personally, I read the batch file and then googled wevtutil.exe to make sure the /cl command was not doing anything evil.

This site http://technet.microsoft.com/en-us/library/cc732848.aspx describes wevtutil (very useful).