Microsoft-Windows-IIS-IISReset

14 events across 2 channels

Event ID	Title	Channel
3201		Operational
3201		System
3202		Operational
3202		System
3203		Operational
3204		Operational
3205		Operational
3206		Operational
1073745025	IIS start command received from user UserName.	Operational
1073745026	IIS stop command received from user UserName.	Operational
1073745027	IIS reboot command received from user UserName.	Operational
1073745028	IIS kill command received from user UserName.	Operational
1073745029	Your computer is being shut down by UserName.	Operational
1073745030	IIS Reset encountered an error while stopping services, which was requested by …	Operational

Event ID 3201 —

Provider: Microsoft-Windows-IIS-IISReset
Channel: Operational

Fields #

Name	Description
`UserName` UnicodeString	—

Event ID 3201 —

Provider: Microsoft-Windows-IIS-IISReset
Channel: System
Level: Informational

Fields #

Name	Description
`UserName`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-IIS-IISReset",
    "guid": "{DA9A85BB-563D-40FB-A164-8E982EA6844B}",
    "event_source_name": "IISCTLS",
    "event_id": 3201,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 36028797018963968,
    "time_created": "2026-03-13T20:23:47.508059+00:00",
    "event_record_id": 11805,
    "correlation": {},
    "execution": {
      "process_id": 0,
      "thread_id": 0
    },
    "channel": "System",
    "computer": "LAB-DC01.ludus.domain",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "UserName": "ludus\\domainadmin"
  },
  "message": ""
}

Event ID 3202 —

Provider: Microsoft-Windows-IIS-IISReset
Channel: Operational

Fields #

Name	Description
`UserName` UnicodeString	—

Event ID 3202 —

Provider: Microsoft-Windows-IIS-IISReset
Channel: System
Level: Informational

Fields #

Name	Description
`UserName`	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-IIS-IISReset",
    "guid": "{DA9A85BB-563D-40FB-A164-8E982EA6844B}",
    "event_source_name": "IISCTLS",
    "event_id": 3202,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 36028797018963968,
    "time_created": "2026-03-13T20:45:35.894227+00:00",
    "event_record_id": 11876,
    "correlation": {},
    "execution": {
      "process_id": 0,
      "thread_id": 0
    },
    "channel": "System",
    "computer": "LAB-DC01.ludus.domain",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "UserName": "ludus\\domainadmin"
  },
  "message": ""
}

Event ID 3203 —

Provider: Microsoft-Windows-IIS-IISReset
Channel: Operational

Fields #

Name	Description
`UserName` UnicodeString	—

Event ID 3204 —

Provider: Microsoft-Windows-IIS-IISReset
Channel: Operational

Fields #

Name	Description
`UserName` UnicodeString	—

Event ID 3205 —

Provider: Microsoft-Windows-IIS-IISReset
Channel: Operational

Fields #

Name	Description
`UserName` UnicodeString	—

Event ID 3206 —

Provider: Microsoft-Windows-IIS-IISReset
Channel: Operational

Fields #

Name	Description
`UserName` UnicodeString	—

Event ID 1073745025 — IIS start command received from user UserName.

Provider: Microsoft-Windows-IIS-IISReset
Channel: Operational

Description

IIS start command received from user UserName. The logged data is the status code.

Message #

IIS start command received from user %1. The logged data is the status code.

Fields #

Name	Description
`UserName` UnicodeString → string	—

Event ID 1073745026 — IIS stop command received from user UserName.

Provider: Microsoft-Windows-IIS-IISReset
Channel: Operational

Description

IIS stop command received from user UserName. The logged data is the status code.

Message #

IIS stop command received from user %1. The logged data is the status code.

Fields #

Name	Description
`UserName` UnicodeString → string	—

Event ID 1073745027 — IIS reboot command received from user UserName.

Provider: Microsoft-Windows-IIS-IISReset
Channel: Operational

Description

IIS reboot command received from user UserName. The logged data is the status code.

Message #

IIS reboot command received from user %1. The logged data is the status code.

Fields #

Name	Description
`UserName` UnicodeString → string	—

Event ID 1073745028 — IIS kill command received from user UserName.

Provider: Microsoft-Windows-IIS-IISReset
Channel: Operational

Description

IIS kill command received from user UserName. The logged data is the status code.

Message #

IIS kill command received from user %1. The logged data is the status code.

Fields #

Name	Description
`UserName` UnicodeString → string	—

Event ID 1073745029 — Your computer is being shut down by UserName.

Provider: Microsoft-Windows-IIS-IISReset
Channel: Operational

Description

Your computer is being shut down by UserName. Save any work that may be lost!

Message #

Your computer is being shut down by %1. Save any work that may be lost!

Fields #

Name	Description
`UserName` UnicodeString → string	—

Event ID 1073745030 — IIS Reset encountered an error while stopping services, which was requested by UserName.

Provider: Microsoft-Windows-IIS-IISReset
Channel: Operational

Message #

IIS Reset encountered an error while stopping services, which was requested by %1.  The logged data is the status code.  Since the force option is on, IIS Reset will now terminate the services' processes.  This may cause SCM to report errors about the services exiting.

Fields #

Name	Description
`UserName` UnicodeString → string	—