Table of Contents Single Server Reboot Report:Multiple Servers Reboot Report: Single Server Reboot Report: Get-WinEvent -FilterHashtable @{logname='System'; id=1074} | ForEach-Object { $rv = New-Object PSObject | Select-Object Date, User, Action, Process, Reason, ReasonCode, Comment $rv.Date = $_.TimeCreated $rv.User = $_.Properties[6].Value $rv.Process = $_.Properties[0].Value $rv.Action = $_.Properties[4].Value $rv.Reason = $_.Properties[2].Value $rv.ReasonCode = $_.Properties[3].Value $rv.Comment = $_.Properties[5].Value $rv } | Select-Object Date, Action, Reason, User
Function
Get
-ComInfo {
param(
## Computers
$computers
)
"#"
*80
"Server LastBootUpTime-InstallDate-Sl Nos Report"
"Generated $(get-date)"
"Generated from $(gc env:computername)"
-CimInstance Win32_OperatingSystem -comp $computers | select csname,LastBootUpTime
}
-Content computers.txt | ForEach-
Object
{
-ComInfo -computers $_} |
Out-File -Append Servers_LastBootUpTime.txt
Pinged back from www.vinithmenon.com/.../powershell-script-to-find-who-restarted.html
(shutdown events tracker)
wmic /output:C:\reboot.htm ntevent where (LogFile='system' and SourceName='user32') get Message, TimeGenerated /format:hform.xsl
1. How to find the particular process details
Get-Process -Name lsass
2. Determine a year is LeapYear or not?
[datetime]::isleapyear(2008)
3. How to count days?
$result = [datetime] "06/16/2014" - [DateTime]::Now
$result.TotalDays
4. How to take the output from a varriable.
PS C:\> $name = "Biswajit Biswas"
PS C:\> Write-Output $name
Biswajit Biswas
5.List the Properties and Methods of a WMI Class.
Get-WmiObject -List -Namespace 'root\CIMV2'
Get-EventLog -ComputerName <computer_name> System | Where-Object { $_.Source -eq 'user32' } | ConvertTo-HTML | Out-File C:\Reboot.htm
for multiple server reboot report i dont see the server name in the output so m not sure for which server the report war generated.
sample output pasted
Server Reboot Report
Generated 02/03/2015 07:54:43
Generated from PHUSEH-S1235
################################################################################################################################################################
Date Action Reason User
---- ------ ------ ----
2/2/2015 4:14:08 AM restart No title for thi... EUNET\ADM_PHAMVNI1
2/2/2015 4:14:02 AM restart Other (Planned) EUNET\ADM_PHAMVNI1
1/22/2015 2:56:3... restart No title for thi... EUNET\ADM_PHAMVNI1
1/22/2015 2:56:3... restart Application: Mai... EUNET\ADM_PHAMVNI1
1/21/2015 10:51:... restart Operating System... NT AUTHORITY\SYSTEM
1/20/2015 5:57:3... restart No title for thi... APNET\ADM_RAJENSU3
1/20/2015 5:57:3... restart Other (Planned) APNET\ADM_RAJENSU3
1/20/2015 5:36:3... restart No title for thi... APNET\ADM_RAJENSU3
1/20/2015 5:36:3... restart Other (Planned) APNET\ADM_RAJENSU3
1/20/2015 4:58:3... restart No title for thi... APNET\ADM_RAJENSU3
1/20/2015 4:58:3... restart Other (Planned) APNET\ADM_RAJENSU3
Generated 02/03/2015 07:54:46
2/2/2015 4:22:19 AM restart Application: Mai... EUNET\ADM_PHAMVNI1
1/20/2015 6:11:3... restart No title for thi... EUNET\ADM_PHAMVNI1
1/20/2015 6:11:2... restart Operating System... EUNET\ADM_PHAMVNI1
1/20/2015 5:57:5... restart No title for thi... APNET\ADM_RAJENSU3
1/20/2015 5:57:5... restart Other (Planned) APNET\ADM_RAJENSU3
1/20/2015 5:38:3... restart No title for thi... APNET\ADM_RAJENSU3
1/20/2015 5:38:3... restart Other (Planned) APNET\ADM_RAJENSU3
1/20/2015 4:58:5... restart No title for thi... APNET\ADM_RAJENSU3
1/20/2015 4:58:4... restart Other (Planned) APNET\ADM_RAJENSU3
Generated 02/03/2015 07:54:50
Generated 02/03/2015 07:54:51
Generated 02/03/2015 07:54:52
12/7/2014 2:25:1... power off No title for thi... NT AUTHORITY\SYSTEM
12/6/2014 8:01:3... restart Other (Planned) NT AUTHORITY\SYSTEM
7/17/2014 7:56:1... restart Other (Planned) NT AUTHORITY\SYSTEM
5/30/2014 7:20:2... restart Other (Planned) NT AUTHORITY\SYSTEM
5/24/2014 4:16:4... restart Other (Planned) NT AUTHORITY\SYSTEM
5/22/2014 7:34:1... restart Other (Planned) NT AUTHORITY\SYSTEM
2/20/2014 7:13:3... restart Other (Planned) NT AUTHORITY\SYSTEM
12/3/2013 8:45:0... restart Other (Planned) NT AUTHORITY\SYSTEM
12/2/2013 8:46:2... restart Legacy API shutdown NT AUTHORITY\SYSTEM
12/2/2013 8:35:2... restart Legacy API shutdown NT AUTHORITY\SYSTEM
12/2/2013 8:28:5... restart Legacy API shutdown NT AUTHORITY\SYSTEM
12/2/2013 8:15:4... restart Legacy API shutdown NT AUTHORITY\SYSTEM
12/2/2013 7:53:0... restart Legacy API shutdown NT AUTHORITY\SYSTEM
12/2/2013 7:46:2... restart Legacy API shutdown NT AUTHORITY\SYSTEM
12/2/2013 7:16:1... restart Legacy API shutdown NT AUTHORITY\SYSTEM
12/2/2013 4:21:1... restart Operating System... NT AUTHORITY\SYSTEM
12/2/2013 4:14:4... restart No title for thi... EUNET\adm_delabar1
12/2/2013 4:14:4... restart Operating System... EUNET\adm_delabar1
10/19/2013 10:52... restart No title for thi... EUNET\adm_aloile1
10/19/2013 10:52... restart Other (Planned) EUNET\adm_aloile1
8/22/2013 9:02:1... restart Operating System... NT AUTHORITY\SYSTEM
5/23/2013 9:06:3... restart Operating System... NT AUTHORITY\SYSTEM
thanks for information !
Not much good without the server names somewhere
This is a great script. Nice work!
Leonard Hopkins and Bond786 - simply add a line of "Server $computers" under the 'Generated from $(gc env:computername)" line. The server is stored in the $computers variable. Also, the problem I was running into is that some of them have been running/rebooting for years so the results would just scroll and scroll. I added a '-First 10' so that it would limit the results to the first 10.
Function Get-ComInfo {
"#"*160
"Server Reboot Report"
"Server $computers"
Get-WinEvent -ComputerName $computers -FilterHashtable @{logname='System'; id=1074} |
ForEach-Object {
$rv = New-Object PSObject | Select-Object Date, User, Action, Process, Reason, ReasonCode, Comment
$rv.Date = $_.TimeCreated
$rv.User = $_.Properties[6].Value
$rv.Process = $_.Properties[0].Value
$rv.Action = $_.Properties[4].Value
$rv.Reason = $_.Properties[2].Value
$rv.ReasonCode = $_.Properties[3].Value
$rv.Comment = $_.Properties[5].Value
$rv
} | Select-Object Date, Action, Reason, User -First 10
Get-Content computers.txt | ForEach-Object { Get-ComInfo -computers $_}
I rewrote this as a function which also queries for the event log starting up and displays the results together, has filters for start and end date/max events/event type. Have linked it back to here, check it out and let me know what you think :)
gist.github.com/.../3d505c2181b8565b5f44
"Generated by $(gc env:USERNAME)"
$rv = New-Object PSObject | Select-Object Server, Date, User, Action, Process, Reason, ReasonCode, Comment
$rv.Server = $_.Properties[1].Value
} | Select-Object Server, Date, Action, Reason, User
Get-Content (C:\Servers.txt) | ForEach-Object { Get-ComInfo -computers $_} | Format-Table -AutoSize