Using PowerShell to check Restart Events on remote computers

#Define variable by prompting user to enter a computer name
$ComputerName = Read-Host -Prompt 'Enter the Computer Name'

#Get the Event log from this ComputerName and filter out the last 3 event that has ID 1074 and 1076
Get-WinEvent -ComputerName $ComputerName -FilterHashtable @{logname='System'; id=1074,1076} -MaxEvent 3 |Format-list

This script will prompt the user to enter a computer name and then get the last 3 events that has the Event ID 1074 and 1076. This will tell us the reason why and when the computer was restarted. This will also work with the legacy CMD Get-EventLog

Get-EventLog -Logname System -Newest 1 -Source “USER32” | Format-List

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

Share this:

Like this:

Related

Leave a Reply Cancel reply