Blog

How to Fix Event ID 4104 Error on Windows 11: Step-by-Step Troubleshooting Guide

Event ID 4104 errors on Windows 11 are often related to issues with PowerShell script execution or logging. These errors can cause system logs to fill up and may indicate underlying problems that need attention.

Fixing this error involves a series of straightforward steps that anyone can follow. You don’t need advanced technical skills to troubleshoot and resolve this issue.

This guide will walk you through the process step-by-step, starting from simple checks to more detailed fixes.

By the end, you should be able to understand why the error occurs and how to prevent it from happening again.

Quick Note: Prerequisites and Initial Checks

Before you start troubleshooting, there are a few things you should verify to make the process smoother:

  • Ensure Windows is Updated: Sometimes, updates fix known bugs. Go to Settings > Windows Update and check for updates.
  • Check Your User Account: Make sure you have administrator privileges. Many troubleshooting steps require admin rights.
  • Backup Important Data: Although these steps are safe, it’s always good practice to back up your data before making system changes.

Step 1: Understand What Event ID 4104 Means

Event ID 4104 usually appears in the Windows Event Viewer under the “Microsoft-Windows-PowerShell/Operational” log. It indicates an error related to PowerShell script execution or logging. These errors can be caused by corrupted scripts, policy restrictions, or misconfigured logging settings.

Knowing this helps you focus on PowerShell settings and script execution policies when troubleshooting.

Step 2: Check PowerShell Script Execution Policy

Windows controls which PowerShell scripts can run using an execution policy. If this policy is too restrictive, it can trigger Event ID 4104 errors.

To check and change the execution policy, follow these steps:

  1. Press Win + S, type PowerShell, right-click Windows PowerShell, and select Run as administrator.
  2. In the PowerShell window, type the following command and press Enter:
Get-ExecutionPolicy

This shows the current policy. Common values include Restricted, RemoteSigned, and Unrestricted.

  1. If the policy is Restricted, this may be causing the error. To change it, type:
Set-ExecutionPolicy RemoteSigned

When prompted, press Y to confirm. RemoteSigned allows local scripts to run and only requires downloaded scripts to be signed, which is a safer option than Unrestricted.

Why this matters: If scripts are blocked from running, PowerShell logs errors that show as Event ID 4104.

Step 3: Clear PowerShell Event Logs

Sometimes, old or corrupted logs can cause repeated errors. Clearing the logs can help refresh the system.

To do this:

  1. Open Event Viewer by pressing Win + X and selecting Event Viewer.
  2. Navigate to Applications and Services Logs > Microsoft > Windows > PowerShell > Operational.
  3. Right-click on Operational and choose Clear Log….
  4. You can choose to save the log before clearing or clear it directly.

Clearing the logs removes old error entries and can help track new, relevant errors.

Step 4: Disable Script Block Logging if Not Needed

Script block logging is a feature that records details of all PowerShell scripts run on your system. While useful for security, it can sometimes generate excessive logs and errors.

To disable this (only if you do not require detailed script logs):

  1. Press Win + R, type gpedit.msc, and press Enter to open the Local Group Policy Editor.
  2. Navigate to Computer Configuration > Administrative Templates > Windows Components > Windows PowerShell.
  3. Find the setting called Turn on PowerShell Script Block Logging.
  4. Double-click it and set it to Disabled.
  5. Click Apply and then OK.

Disabling script block logging can reduce Event ID 4104 errors, but be aware that this lowers the level of script monitoring on your system.

Step 5: Scan for Malware or Suspicious Scripts

Malware or poorly written scripts can trigger PowerShell errors. Running a full system scan helps rule out malicious causes.

You can use Windows Security for this:

  1. Open Settings > Privacy & Security > Windows Security.
  2. Click Virus & threat protection.
  3. Select Quick scan or Full scan for a deeper check.

Remove any threats found and reboot your computer.

Step 6: Check for Corrupted System Files

Corrupted system files can interfere with PowerShell and cause errors. Running the System File Checker tool can fix these files.

Here’s how to run it:

  1. Open Command Prompt as administrator (search for cmd, right-click, and select Run as administrator).
  2. Type the following command and press Enter:
sfc /scannow

This process may take some time. It will automatically repair any corrupted files it finds.

Alternative/Advanced Option: Reset PowerShell to Default Settings

If the above steps don’t work, you can reset PowerShell settings by deleting or renaming your PowerShell profile. Sometimes customized profiles contain scripts that cause errors.

To find and rename your profile:

  1. Open PowerShell as administrator.
  2. Run this command to see your profile path:
$PROFILE

Navigate to the folder containing your profile file (usually Microsoft.PowerShell_profile.ps1) and rename it, for example, to Microsoft.PowerShell_profile_old.ps1.

Restart PowerShell and check if the error persists.

FAQs

What exactly causes Event ID 4104 errors?

This error is triggered by PowerShell script execution or logging issues, such as blocked scripts, corrupted logs, or script block logging generating too many events.

Is it safe to change the PowerShell execution policy?

Yes, but it’s important to choose a policy that balances security and usability. RemoteSigned is a common safe setting for most users.

Will disabling script block logging reduce security?

Disabling script block logging lowers monitoring capabilities, which can reduce your ability to detect malicious scripts. Only disable it if you understand the risks.

Can malware cause these errors?

Yes, malicious scripts can cause PowerShell errors. Running a malware scan is an important step in troubleshooting.

How often should I clear PowerShell event logs?

Clearing logs is generally only necessary when troubleshooting or if logs become very large. Regular maintenance isn’t usually required.

When Nothing Works

If you have tried all the above steps and still see Event ID 4104 errors, consider the following:

  • Visit the official Microsoft PowerShell documentation for more detailed guidance.
  • Use the Microsoft Support to get professional help.
  • Consider restoring your system to a previous restore point before the errors began.
  • As a last resort, a clean Windows 11 reinstall may resolve deeply rooted system issues.

Conclusion

Event ID 4104 errors in Windows 11 are mostly related to PowerShell script execution and logging. By understanding the error, checking execution policies, clearing logs, and scanning for malware, you can resolve most issues easily.

Always start with simple steps like adjusting execution policies and clearing logs before moving on to more advanced troubleshooting. And remember to keep your system updated and backed up.

By following this guide, you should be able to fix the Event ID 4104 error efficiently and keep your system running smoothly.

Leave a Reply