Find out what is causing add/remove hardware sound

tag-icon tag-icon windows-10 hardware-detection
Find out what is causing add/remove hardware sound

I have a Windows 10 computer that every 5 minutes or so, plays the Windows Add/Remove hardware "removal" sound and then a few seconds later plays the "added hardware" sound. Sometimes it does this four or five times in immediate succession.

No changes are being made to the computer, so I suspect I have a faulty peripheral.

Without disconnecting things and waiting to see if it goes away (it could be an on-board peripheral that is flaky, but cannot be physically unplugged) how can I figure out what is causing the add/remove hardware sounds to play? Is there an event in the event log somewhere I can look at?

Update: I have used usblogview which did show an offending peripheral. However even with that peripheral unplugged the issue is still occurring, but now usblogview is not showing anything, which means it's likely not a USB device causing it. Maybe it's the USB chip itself on the motherboard? I have enabled Audit PNP Activity as per HelpingHand's comment however I don't see any events in the event log

Antwort1

If the device in question is Plug-n-Play (PnP) then you can enable auditing.

To configure locally using the group policy editor:

  1. Launch gpedit.msc
  2. Navigate to:

Computer Configuration > Windows Settings > Security Settings > Advanced Audit Policy Configuration > System Audit Policies > Detailed Tracking.

Audit PnP Activity can then be enabled for success/failure.

Editor für lokale Gruppenrichtlinien

The explanation for this option is as follows:

PNP Activity

This policy setting allows you to audit when plug and play detects an external device.

If you configure this policy setting, an audit event is generated whenever plug and play detects an external device. Only Success audits are recorded for this category. If you do not configure this policy setting, no audit event is generated when an external device is detected by plug and play.

Volume: Low

To view the logs, launch the Windows Event Log, e.g. eventvwr and open the Security event log.

If needed, from the command line you can check the state by running:

AuditPol /get /category:"Detailed Tracking"

To enable auditing of failure and success for Plug and Play Events:

AuditPol /set /subcategory:"Plug and Play Events" /failure:enable /success:enable

To disable:

AuditPol /set /subcategory:"Plug and Play Events" /failure:disable /success:disable

verwandte Informationen