Microsoft-Windows-StorageManagement-PartUtil
19 events across 1 channel
| Event | Title | Channel | Sample |
|---|---|---|---|
| 101 | Failed to get disk properties. | Operational | N |
| 102 | The disk was onlined successfully. | Operational | N |
| 103 | Failed to online the disk. | Operational | N |
| 104 | The disk was set to read-only successfully. | Operational | N |
| 105 | Failed to set the disk read-only. | Operational | N |
| 106 | The disk was set to read-write successfully. | Operational | N |
| 107 | Failed to set the disk read-write. | Operational | N |
| 108 | The disk was offlined successfully. | Operational | N |
| 109 | Failed to offline the disk. | Operational | N |
| 110 | The disk was initialized successfully. | Operational | Y |
| 111 | Failed to initialize the disk. | Operational | N |
| 112 | The disk was cleaned successfully. | Operational | N |
| 113 | Failed to clean the disk. | Operational | N |
| 201 | Failed to get partition properties. | Operational | N |
| 202 | The partition was created successfully. | Operational | Y |
| 203 | Failed to create the partition. | Operational | N |
| 204 | The partition was deleted successfully. | Operational | N |
| 205 | Failed to delete the partition. | Operational | N |
| 207 | Failed to get partition access paths. | Operational | N |
Event ID 101: Failed to get disk properties.
#Event ID 102: The disk was onlined successfully.
#Event ID 103: Failed to online the disk.
#Event ID 104: The disk was set to read-only successfully.
#Event ID 105: Failed to set the disk read-only.
#Event ID 106: The disk was set to read-write successfully.
#Event ID 107: Failed to set the disk read-write.
#Event ID 108: The disk was offlined successfully.
#Event ID 109: Failed to offline the disk.
#Event ID 110: The disk was initialized successfully.
#Description
The disk was initialized successfully.
Message #
Fields #
| Name | Description |
|---|---|
Function AnsiString | |
DiskNumber UInt32 | |
PartitionStyle UInt32 | |
DurationInUs UInt64 |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-StorageManagement-PartUtil",
"guid": "{93DB76C2-63AB-5DE1-88B3-C068686675B8}",
"event_source_name": "",
"event_id": 110,
"version": 1,
"level": 4,
"task": 0,
"opcode": 0,
"keywords": -9223372036854775808,
"time_created": "2026-05-30T04:00:09.1619705+00:00",
"event_record_id": 3,
"correlation": {
"ActivityID": "{B8EA227C-02C5-4C62-9647-5BEAE20889E8}"
},
"execution": {
"process_id": 8280,
"thread_id": 12488
},
"channel": "Microsoft-Windows-StorageManagement-PartUtil/Operational",
"computer": "JD-WIN11-22H2-1.ludus.domain",
"security": {
"user_id": "S-1-5-21-1006758700-2167138679-1475694448-1105"
}
},
"event_data": {
"Function": "PuInitializeDisk",
"DiskNumber": "5",
"PartitionStyle": "1",
"DurationInUs": "787152"
},
"message": "The disk was initialized successfully. \r\nFunction: PuInitializeDisk \r\nDisk Number: 5 \r\nPartition Style: GPT \r\nDuration: 787152 us"
}
Event ID 111: Failed to initialize the disk.
#Event ID 112: The disk was cleaned successfully.
#Event ID 113: Failed to clean the disk.
#Event ID 201: Failed to get partition properties.
#Event ID 202: The partition was created successfully.
#Description
The partition was created successfully.
Message #
Fields #
| Name | Description |
|---|---|
Function AnsiString | |
DiskNumber UInt32 | |
Offset UInt64 | |
Size UInt64 | |
Alignment UInt32 | |
PartitionStyle UInt32 | |
MbrPartitionType UInt32 | |
MbrBootIndicator UInt32 | |
GptPartitionType GUID | |
GptPartitionId GUID | |
GptAttributes UInt64 | |
GptName UnicodeString | |
DurationInUs UInt64 |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-StorageManagement-PartUtil",
"guid": "{93DB76C2-63AB-5DE1-88B3-C068686675B8}",
"event_source_name": "",
"event_id": 202,
"version": 1,
"level": 4,
"task": 0,
"opcode": 0,
"keywords": -9223372036854775808,
"time_created": "2026-05-30T04:00:10.1134459+00:00",
"event_record_id": 4,
"correlation": {
"ActivityID": "{F8CB22CA-CF2A-4402-A243-93276FFCF6A3}"
},
"execution": {
"process_id": 8280,
"thread_id": 12488
},
"channel": "Microsoft-Windows-StorageManagement-PartUtil/Operational",
"computer": "JD-WIN11-22H2-1.ludus.domain",
"security": {
"user_id": "S-1-5-21-1006758700-2167138679-1475694448-1105"
}
},
"event_data": {
"Function": "PuCreatePartition",
"DiskNumber": "5",
"Offset": "16777216",
"Size": "4277141504",
"Alignment": "1048576",
"PartitionStyle": "1",
"MbrPartitionType": "0",
"MbrBootIndicator": "0",
"GptPartitionType": "{ebd0a0a2-b9e5-4433-87c0-68b6b72699c7}",
"GptPartitionId": "{00000000-0000-0000-0000-000000000000}",
"GptAttributes": "0",
"GptName": "",
"DurationInUs": "38555"
},
"message": "The partition was created successfully. \r\nFunction: PuCreatePartition \r\nDisk Number: 5 \r\nOffset: 16777216 \r\nSize : 4277141504 \r\nAlignment: 1048576 \r\nPartition Style: GPT \r\nMbrPartitionType: 0 \r\nMbrBootIndicator: 0 \r\nGptPartitionType: {ebd0a0a2-b9e5-4433-87c0-68b6b72699c7} \r\nGptPartitionId: {00000000-0000-0000-0000-000000000000} \r\nGptAttributes: 0 \r\nGptName: \r\nDuration: 38555 us"
}
Event ID 203: Failed to create the partition.
#Description
Failed to create the partition.
Message #
Fields #
| Name | Description |
|---|---|
Function AnsiString | |
DiskNumber UInt32 | |
Offset UInt64 | |
Size UInt64 | |
Alignment UInt32 | |
PartitionStyle UInt32 | |
MbrPartitionType UInt32 | |
MbrBootIndicator UInt32 | |
GptPartitionType GUID | |
GptPartitionId GUID | |
GptAttributes UInt64 | |
GptName UnicodeString | |
Callee AnsiString | |
HResult Int32 |
Event ID 204: The partition was deleted successfully.
#Event ID 205: Failed to delete the partition.
#Event ID 207: Failed to get partition access paths.
#Provenance
Where this provider's schema came from, and which Windows build it was observed on. Windows can change a provider's event schema between builds, so use this to judge whether it matches the build you collect from.
ETW provider GUID 93db76c2-63ab-5de1-88b3-c068686675b8
Defined in mispace.dll, which carries the event manifest.
Observed on:
- WS2022-20348.4893, schema read from the registered manifest, captured 2026-06-02
- Win11-26200.6584, schema read from the registered manifest, captured 2026-06-02