Expected output
PowerShell 7.5.1 PS C:\Users\afberendsen> .\ListSystemBoots.ps1 Time EventType EventID Description ---- --------- ------- ----------- 01/05/2025 23:29:32 Unexpected Reset 41 The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. 01/05/2025 23:28:57 System Boot 20 The last shutdown's success status was false. The last boot's success status was true. 01/05/2025 21:10:14 Unexpected Reset 41 The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. 01/05/2025 21:09:12 System Boot 20 The last shutdown's success status was false. The last boot's success status was true. 01/05/2025 13:38:03 Unexpected Reset 41 The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. 01/05/2025 13:37:20 System Boot 20 The last shutdown's success status was false. The last boot's success status was true. 01/05/2025 10:24:45 Unexpected Reset 41 The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. 01/05/2025 10:24:00 System Boot 20 The last shutdown's success status was false. The last boot's success status was true. 30/04/2025 07:29:07 Unexpected Reset 41 The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. 30/04/2025 07:28:17 System Boot 20 The last shutdown's success status was false. The last boot's success status was true. 27/04/2025 23:22:40 System Boot 20 The last shutdown's success status was true. The last boot's success status was true. 26/04/2025 00:34:28 System Boot 20 The last shutdown's success status was true. The last boot's success status was true. 19/04/2025 00:16:16 System Boot 20 The last shutdown's success status was true. The last boot's success status was true. 16/04/2025 17:59:38 System Boot 20 The last shutdown's success status was true. The last boot's success status was true. 14/04/2025 23:30:39 Unexpected Reset 41 The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly. 14/04/2025 23:29:55 System Boot 20 The last shutdown's success status was false. The last boot's success status was true. 14/04/2025 21:37:35 System Boot 20 The last shutdown's success status was true. The last boot's success status was true. 14/04/2025 21:16:05 System Boot 20 The last shutdown's success status was true. The last boot's success status was true. PS C:\Users\afberendsen>
Source Code
# Get system boot events, including unexpected resets
$bootEvents = Get-WinEvent -FilterHashtable @{
LogName = 'System'
ProviderName = 'Microsoft-Windows-Kernel-Boot'
Id = 20 # Event ID 20 indicates system boot
} -ErrorAction SilentlyContinue
$unexpectedEvents = Get-WinEvent -FilterHashtable @{
LogName = 'System'
ProviderName = 'Microsoft-Windows-Kernel-Power'
Id = 41 # Event ID 41 indicates unexpected shutdown/reset
} -ErrorAction SilentlyContinue
# Combine and sort events by time
$allEvents = @($bootEvents + $unexpectedEvents) | Sort-Object TimeCreated -Descending
# Display relevant details
$allEvents | ForEach-Object {
$eventType = if ($_.Id -eq 20) { "System Boot" } else { "Unexpected Reset" }
[PSCustomObject]@{
Time = $_.TimeCreated
EventType = $eventType
EventID = $_.Id
Description = $_.Message
}
} | Format-Table -AutoSize
Comments
Post a Comment