How do I know last file excuted before crash

October 6, 2010 at 01:44:24
Specs: Windows 2008, E5420
I recently upgrade a server from 2003 to 2008. It was running smoothly until last week. every now and then, the server crashes without any warning. I checked the event, but I can't find any record about the crash. I think the cause could be the employee excuting some of the small games downloaded from Internet. Is there any way to know the last file excuted right before the server crash?

Hi, everyone ^_^

See More: How do I know last file excuted before crash

Report •

October 6, 2010 at 14:34:04
a crash would prevent any log file from being written if there was one concerning open files. Not much change of a user running a game that would crash the server unless they were running it on the server. No user should have that kind of access.

You may wish to engage crash dumps which can then be analyzed. I would suspect your server hardware is old if you had been running 2003 on it previously.

Report •

October 7, 2010 at 02:02:38
To Wanderer:
This server is not old (bought on Dec, 2007). My guess on the cause of the server crash is because every user used to connect to server via RDC. Users do most of their work on thier PC. After I upgrade the server to 2008, my boss want me to evaluate the possibility on switching all the PC to workstation. And so, I bought a few HP Thin Client and make some users switch to workstation. About a week after the switch, the server crash begin to appear.

I checked the users' file stored on the server but can not find any thing that could cause the server crash. The only reason I can think of is that users run some softwares and these softwares do not need to install to run, such as flash games. These softwares cause the server crash.

You mention about analysis the dump. Any suggestion on how to do this?

Hi, everyone ^_^

Report •

October 7, 2010 at 08:54:22
Any server 3 yrs or older is old. We replace ours on a 3 yr cycle due to all the major changes in hardware and software.

You should not be using a single server, that runs everything, for a Terminal/RDP server. This should be on a second server. This is because RDP sesssions consume server resources.

What is the cpu and memory of this server?

You should enforce GPO's that don't allow users to run games or apps not approved by administration.

This should get you started on crash dumps

Report •

Related Solutions

Ask Question