• Windows CMD: chkdsk

    Home » Forums » Tools » Windows CMD: chkdsk

    Tags:

    Author
    Topic
    Bartels Juice
    AskWoody Plus
    January 4, 2023 at 3:55 pm #2514739

    In looking at the details of the Windows CMD chkdsk, it seems that the results of any run gets written into the Event Log with two different IDs:

    Source: Wininit
    Event ID: 1001

    Source: Chkdsk
    Event ID: 26214

    Initially I thought that when chkdsk was run by Wininit that it was the result of the OS seeing a dirty drive, and when ID’d as Chkdsk that it was run by an admin user.

    But after multiple tests this does not hold up. Another idea was that chkdsk run on the boot drive would have the Source marked as Wininit, and on any data drive as Chkdsk. Alas, that is not the case either.

    Does anyone have any info that would shed some light on why there are two different Source/Event IDs for the same command?

    Reply | Quote
    Viewing 0 reply threads
    Author
    Replies
    • Bartels Juice
      AskWoody Plus
      January 4, 2023 at 4:51 pm #2514767

      PS:

      In case it matters, here is some additional info:

      Edition: Windows 10 Pro, v.22H2
      OS build: 19045.2364
      Experience: Windows Feature Experience Pack 120.2212.4190.0

      Reply | Quote
      • Bob99
        AskWoody MVP
        January 4, 2023 at 6:44 pm #2514800

        If you look in the Task Scheduler for Windows (Start menu>Windows Administrative Tools>Task Scheduler) you’ll more than likely see an entry for Chkdsk with a little folder-looking icon next to it. Clicking on that will reveal that it’s a scheduled task that runs a proactive periodic scan. That’s probably what you’re seeing in your Event log.

        In case you need a reminder, the listing for Chkdsk can be found in Task Scheduler under Task Scheduler Library (click on the little arrow next to it to expand it)>Microsoft (click arrow to expand)>Windows(click arrow to expand)>Chkdsk.

        If, due to seeing the Event log entries, you’re worried that your disk might indeed have a flaky file structure, you can always run the chkdsk /F command from an elevated (with Admin privileges) command prompt.

        • This reply was modified 2 years, 2 months ago by Bob99.
        Reply | Quote
        • Bartels Juice
          AskWoody Plus
          January 5, 2023 at 2:22 pm #2515059

          Hey Bob, thank you for your extended response. Your comments opened up an additional avenue to investigate. And, I do see that there are scheduled tasks for the following related commands:

          chkdsk
          chkntfs
          autochk

          However, that is not what I’m attempting to figure out. I run chkdsk as a matter of routine about every 2 or 3 weeks. I found all of my runs listed in the Event Viewer, for each time I ran it.

          But sometimes it is listed as a Wininit/1001 and other times as chkdsk/26214

          What started me down this rabbit hole, is my newbee attempts to write a PowerShell script to retrieve and log the output of those chkdsk runs. So far the script works, but I have to filter for both events, 1001 and 26214. And of course that lead me to wonder why are there two different entries for the same admin user action.

          bc

          Reply | Quote
          • lmacri
            AskWoody Plus
            January 5, 2023 at 5:41 pm #2515110
            Bartels Juice wrote:

            …But sometimes it is listed as a Wininit/1001 and other times as chkdsk/26214…

            Hi Bartels Juice:

            From Option 1 (Read Logs in Event Viewer) / Step # 3 of Brink’s TenForums tutorial How to Read Event Viewer Log for Chkdsk (Check Disk) in Windows 10 :

            TenForums-Tutorial-Read-ChkDsk-Log-05-Jan-2023

            That suggests it has something to do with the way that the ChkDsk scan is launched, although I’m not exactly clear on the distinction between a “bootup” and “manual” ChkDsk scan.
            ———–
            Dell Inspiron 5584 * 64-bit Win 10 Pro v22H2 build 19045.2364 * Firefox v108.0.1 * Microsoft Defender v4.18.2211.5-1.1.19900.2 * Malwarebytes Premium v4.5.19.229-1.0.1860 * Macrium Reflect Free v8.0.7175

            Reply | Quote
    Viewing 0 reply threads
    Reply To: Windows CMD: chkdsk

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    March 2025
    S M T W T F S
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.