PC Restarts (but not by you)

Have you ever had your PC restart for no apparent reason (not an obvious hardware problem or a scheduled and planned shutdown)? When you look in the Event Log you find an entry where the source is User32 and the Event Properties look like this:


where XXXX is the computer name and YYYY is the logged on username. MSDN defines the reason codes at this link. The odd thing is that 0x800000ff is a combination of a planned shutdown as the major reason and the FF is the minor reason code for No reason according to this link.

The problem is that the shutdown.exe program can have parameters which define the shutdown reasons, so the fact that it seems to be planned is not particularly reliable. Check the usual culprits:

• Open the Task Scheduler and see if you can find a task that runs around the date and time that the Event was logged.
• Check your Anti-Virus software to ensure that it wasn't a rogue program causing the shutdown.
• Check your Router Log to see if there was any TCP packet received around the date and time of the Event and check that you are not using port fowarding to allow internet traffic to get to a PC, for example a web server.

To try to get more information about the shutdown you can open the Policy Editor from the start menu, and then navigate in the left hand pane of the Local Group Policy Editor to:


If the Event Log recorded the process that launched shutdown.exe, this whole exercise would be simpler. Go figure.