Get-SystemRestartEvent

SYNOPSIS

This function returns the details for system startup and shutdown events.

SYNTAX

Get-SystemRestartEvent [[-ComputerName] <String[]>] [[-Credential] <PSCredential>] [[-StartTime] <DateTime>]
 [[-EndTime] <DateTime>] [[-MaxEvents] <Int64>] [-Oldest] [-Raw] [<CommonParameters>]

DESCRIPTION

This function returns the details for system startup and shutdown events including identifying the user and application that initiated the shutdown (if available).

EXAMPLES

Example 1

PS C:\> Get-SystemRestartEvent -MaxEvents 10 | Format-Table

ComputerName        TimeCreated            Id ProviderName Level       Status              UserName         Reason            Details
------------        -----------            -- ------------ -----       ------              --------         ------            -------
WKSTN07.contoso.com 5/9/2018 1:27:51 PM  6005 EventLog     Information Startup
WKSTN07.contoso.com 5/9/2018 1:27:51 PM  6009 EventLog     Information System Info
WKSTN07.contoso.com 5/9/2018 1:27:51 PM  6008 EventLog     Error       Unexpected Shutdown
WKSTN07.contoso.com 5/7/2018 3:23:12 PM  6005 EventLog     Information Startup
WKSTN07.contoso.com 5/7/2018 3:23:12 PM  6009 EventLog     Information System Info
WKSTN07.contoso.com 5/7/2018 3:22:29 PM  6006 EventLog     Information Shutdown
WKSTN07.contoso.com 5/7/2018 3:22:12 PM  1074 User32       Information Shutdown Initiated  CONTOSO\carrolld Other (Unplanned) RuntimeBroker.exe
WKSTN07.contoso.com 5/3/2018 11:09:31 PM 6005 EventLog     Information Startup
WKSTN07.contoso.com 5/3/2018 11:09:31 PM 6009 EventLog     Information System Info
WKSTN07.contoso.com 5/3/2018 11:08:41 PM 6006 EventLog     Information Shutdown

PARAMETERS

-ComputerName

Gets events from the event logs on the specified computer(s). Type the NetBIOS name, an Internet Protocol (IP) address, or the fully qualified domain name of the computer. The default value is the local computer.

Type: String[]
Parameter Sets: (All)
Aliases: IPAddress, __Server, CN

Required: False
Position: 0
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False

-Credential

Specifies a user account that has permission to perform this action. The default value is the current user.

Type a user name, such as User01 or Domain01\User01. Or, enter a PSCredential object, such as one generated by the Get-Credential cmdlet. If you type a user name, you will be prompted for a password. If you type only the parameter name, you will be prompted for both a user name and a password.

Type: PSCredential
Parameter Sets: (All)
Aliases:

Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-EndTime

Specifies the end of the time period for the event log query.

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-MaxEvents

Specifies the maximum number of events this function returns. The default is to return all the events in the logs.

Type: Int64
Parameter Sets: (All)
Aliases:

Required: False
Position: 4
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Oldest

Returns the events in oldest-first order. By default, events are returned in newest-first order.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-StartTime

Specifies the beginning of the time period for the event log query.

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Raw

Use this switch to provide the raw event log record for the function.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

System.String[]

OUTPUTS

System.Object

NOTES

Online Version