Hi Michael,
I would like to find out who initiated the restart on a windows 2003/2008/2012 server after patch deployment.
I would see number of AeXNSAgent.exe as "shutdown process" which matched with number of specific patches that required restart to be effective. Other number of winlogon.exe would match with our windows adminstrators initiated those restart.
My question is that if ever Altiris use winlogon.exe to initiate the restart when a patch required a restart to be effective.
Please see below is log of restart info for a windows 2003 servers.
Thanks very much, Michael
Charlie.
Startup Time Shutdown Time Duration Shutdown Reason Shutdown Type Shutdown Process Shutdown Code
11/30/2013 12:43:20 AM 1/30/2014 12:01:46 AM 60 Days + 23:18:26 (Planned) Restart winlogon.exe 0x80070000
11/30/2013 12:24:50 AM 11/30/2013 12:42:31 AM 00:17:41 Restart AeXNSAgent.exe 0x00000000
11/30/2013 12:15:20 AM 11/30/2013 12:23:50 AM 00:08:30 Restart AeXNSAgent.exe 0x00000000
11/30/2013 12:03:31 AM 11/30/2013 12:13:38 AM 00:10:07 Restart AeXNSAgent.exe 0x00000000
11/9/2013 1:29:08 AM 11/29/2013 11:59:56 PM 20 Days + 22:30:48 (Planned) - Scheduled PM, 11/30/2013 - SAS Restart winlogon.exe 0x85000000
8/25/2013 2:00:11 AM 11/9/2013 12:03:28 AM 75 Days + 23:03:17 (Planned) - 6C Consolidation Project - CRQ #3548 - Planned Maintenance (cjones2) Power Off winlogon.exe 0x85000000