Disable Shutdown Event Tracker Server 2012

Windows Server 2012 Shutdown Event TrackerDisable Shutdown Event Tracker Server 2012

Microsoft created a dialog box for us to record a reason why a Windows Server was shutdown or rebooted.  If you have no reason for collecting this information, here are two methods for removing this interruption to the shutdown procedure.

Topics for Windows Server 2012 Shutdown Event Tracker


Group Policy Method to Disable Shutdown Event Tracker

If you have a test Windows Server 2012 machine, then you may wish to set the Shutdown Event Tracker policy to: ‘Disabled’. This is the same technique as previous versions of Windows Server.

For production networks, especially with several administrators, then it’s best to leave the Shutdown Event Tracker policy as ‘Not configured, or set the radio button to ‘Enabled’.

Who knows, if you have to troubleshoot why a server is unexpectedly rebooting, then you may become a convert to this dialog box.

The precise procedure to disable the Server 2012 Shutdown Event Tracker depends on these variables:

  • Are you in a Domain?  If so, configure via the GPMC.
  • Be aware that Domain Controllers have their own Group Policy.
  • Do you want to alter the Domain policy, or are all your servers in their own OU?  In which case you could set the tracker policy at the OU level for your SQL or Exchange servers.
  • Is it a standalone machine?  Perhaps a test computer in a workgroup?  If so, call for Gpedit.msc (and not the GPMC).

Group Policy path to Disable Shutdown Event Tracker:

Assuming you have launched GPMC or Gpedit navigate thus:
Local Computer (or Default Domain) Policy
    Computer Configuration
       Administrative Templates Display Shutdown Event Tracker Server 2012 Group Policy
               Display Shutdown Event Tracker

Note 1: 'Display Shutdown Event Tracker' is in the root of the System folder.  See screen shot to the right.

Note 2: Check the logic: if you want to get rid of the dialog box, then select ‘Disabled’ (for Display Shutdown Event Tracker).  To restore the default then check the ‘Enabled’ box.

Note 3: This Group Policy setting will be effective immediately, thus you should see a change the next time you reboot or shutdown the Windows Server 2012 machine.Display Shutdown Event Tracker Enable Group Policy

Disabled Tracker for Servers Only, or Workstations

In a domain you have a separate option dialog box within this Group Policy, this drop-down box gives you three choices, see screenshot to the right.

A popular selection is for ‘Servers only’ to receive the Shutdown Event Tracker dialog box.  Although the alternatives would not be popular with the users, you could set the policy so that it affects just Workstations; perhaps the crucial use for this setting would be in troubleshooting.

Your precise settings depend on your Group Policy philosophy, do you set policies just at the Domain level?  Alternatively, do you fine-tune for computers in the OU’s?  I know of several Windows administrators who create OU’s just for their computer accounts.

Guy Recommends:  A Free Trial of the Network Performance Monitor (NPM)Review of Orion NPM v12 v12

SolarWinds’ Network Performance Monitor will help you discover what’s happening on your network.  This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.

Perhaps the NPM’s best feature is the way it suggests solutions to network problems.  Its second best feature is the ability to monitor the health of individual VMware virtual machines.  If you are interested in troubleshooting, and creating network maps, then I recommend that you give this Network Performance Monitor a try.

Download your free trial of SolarWinds Network Performance Monitor.

Troubleshooting with the Windows Server 2012 Shutdown Event Tracker

If you are trying to understand what caused a server to shut down while you weren’t there, then call for the Event Viewer.  Specifically, select the Windows Logs, System log.  To narrow down the search I suggest you filter the Source for User32, or the Event ID for 1074.  Example event:

The process C:\Windows\Explorer.EXE (WIN12) has initiated the power off of computer WIN12
On behalf of user WIN12\Psycho for the following reason: Other (Planned)
Reason Code: 0x85000000
Shutdown Type: power off

Note: The user who powered off the computer was WIN12\Psycho!

More Clues for Troubleshooting Shutdown

  • There are other Shutdown types, Restart, or Shutdown.
  • Other process could be responsible, for example, Windows\system32\wbem\wmiprvse.exe.
  • The time (not shown here) provides crucial information, for example precisely 3:00am every day, could indicate that a scheduled task was the root cause of the restart.

Registry Method to Disable Shutdown Event Tracker in Windows Server 2012

It is possible to manipulate the Event Tracker box via the registry.  Indeed, this is a fun method and useful in troubleshooting why the setting is not working.  It helps me to compare the Group Policy Enabled / Disabled settings (above), with the registry changes (below) – just remember to refresh the registry by pressing F5.

Launch regedit.exe, best to ‘Run as administrator’. Expand the HKEY_Local_Machine section, and drill-down to:

[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Reliability]
0 = Disable (No Tracker)
1 = Enable

[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Reliability]
0 = Disable (When disabled with Group Policy, this setting disappeared)
1 = Enable

The settings take effect immediately, thus you don’t have to Sign out – Sign in.

Guy Recommends:  SolarWinds’ Log & Event Management ToolSolarwinds Log and Event Management Tool

LEM will alert you to problems such as when a key application on a particular server is unavailable.  It can also detect when services have stopped, or if there is a network latency problem.  Perhaps this log and event management tool’s most interesting ability is to take corrective action, for example by restarting services, or isolating the source of a maleware attack.

Yet perhaps the killer reason why people use LEM is for its compliance capability, with a little help from you, it will ensure that your organization complies with industry standards such as CISP or FERPA.  LEM is a really smart application that can make correlations between data in different logs, then use its built-in logic to take corrective action, to restart services, or thwart potential security breaches – give LEM a whirl.

Download your FREE trial of SolarWinds Log & Event Management tool.

A Related Problem: Shutdown Access is Denied (5)

This is often a permissions problem, or to be precise a lack of the user right to ‘Force shutdown from a remote system’.

One solution is to launch Secpol.msc and adjust the settings as follows:

  • Local Polices
  •    User Rights Assignments  (Scroll down)
  •        Force shutdown from a remote system
  •        Add the user who needs to remotely restart the server.

Summary of Disabling Shutdown Event Tracker

One of my first tasks after installing a test copy of Windows Server 2012 is to turn off the annoying event shutdown tracker.  The result of disabling this Group Policy is the shutdown procedure is the same as for Windows client machines; there are now no extra dialog boxes asking unnecessary questions every time I restart my test machine.

If you like this page then please share it with your friends


Microsoft Windows Server 2012 Topics

Windows Server 2012 Home   • Disable UAC Windows Server 2012   • Server 2012 Chkdsk Utility

Install Windows Server 2012   • PowerShell Add-WindowsFeature   • Network Performance Monitor

Shutdown Windows Server 2012   • Disable Shutdown Event Tracker Server 2012