IT - Programming - PowerShell 7 - ListSystemBoots.ps1

Expected output

PowerShell 7.5.1
PS C:\Users\afberendsen> .\ListSystemBoots.ps1

Time                EventType        EventID Description
----                ---------        ------- -----------
01/05/2025 23:29:32 Unexpected Reset      41 The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
01/05/2025 23:28:57 System Boot           20 The last shutdown's success status was false. The last boot's success status was true.
01/05/2025 21:10:14 Unexpected Reset      41 The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
01/05/2025 21:09:12 System Boot           20 The last shutdown's success status was false. The last boot's success status was true.
01/05/2025 13:38:03 Unexpected Reset      41 The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
01/05/2025 13:37:20 System Boot           20 The last shutdown's success status was false. The last boot's success status was true.
01/05/2025 10:24:45 Unexpected Reset      41 The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
01/05/2025 10:24:00 System Boot           20 The last shutdown's success status was false. The last boot's success status was true.
30/04/2025 07:29:07 Unexpected Reset      41 The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
30/04/2025 07:28:17 System Boot           20 The last shutdown's success status was false. The last boot's success status was true.
27/04/2025 23:22:40 System Boot           20 The last shutdown's success status was true. The last boot's success status was true.
26/04/2025 00:34:28 System Boot           20 The last shutdown's success status was true. The last boot's success status was true.
19/04/2025 00:16:16 System Boot           20 The last shutdown's success status was true. The last boot's success status was true.
16/04/2025 17:59:38 System Boot           20 The last shutdown's success status was true. The last boot's success status was true.
14/04/2025 23:30:39 Unexpected Reset      41 The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
14/04/2025 23:29:55 System Boot           20 The last shutdown's success status was false. The last boot's success status was true.
14/04/2025 21:37:35 System Boot           20 The last shutdown's success status was true. The last boot's success status was true.
14/04/2025 21:16:05 System Boot           20 The last shutdown's success status was true. The last boot's success status was true.

PS C:\Users\afberendsen>

Source Code

# Get system boot events, including unexpected resets
$bootEvents = Get-WinEvent -FilterHashtable @{
    LogName = 'System'
    ProviderName = 'Microsoft-Windows-Kernel-Boot'
    Id = 20  # Event ID 20 indicates system boot
} -ErrorAction SilentlyContinue

$unexpectedEvents = Get-WinEvent -FilterHashtable @{
    LogName = 'System'
    ProviderName = 'Microsoft-Windows-Kernel-Power'
    Id = 41  # Event ID 41 indicates unexpected shutdown/reset
} -ErrorAction SilentlyContinue

# Combine and sort events by time
$allEvents = @($bootEvents + $unexpectedEvents) | Sort-Object TimeCreated -Descending

# Display relevant details
$allEvents | ForEach-Object {
    $eventType = if ($_.Id -eq 20) { "System Boot" } else { "Unexpected Reset" }
    [PSCustomObject]@{
        Time        = $_.TimeCreated
        EventType   = $eventType
        EventID     = $_.Id
        Description = $_.Message
    }
} | Format-Table -AutoSize