PowerShell Script to Find Who Restarted a Server

October 22, 2012 · by Vinith · 2

<#Hi Guys Sharing with you all a script to Find Who Restarted a Server
 
Copy paste the one liner in an elevated Powershell window on a Clustered Hyper-V host. #>
 
Get-WinEvent -FilterHashtable @{logname='System'; id=1074}  |
  ForEach-Object {

    $rv = New-Object PSObject | Select-Object Date, User, Action, Process, Reason, ReasonCode, Comment
    $rv.Date = $_.TimeCreated
    $rv.User = $_.Properties[6].Value
    $rv.Process = $_.Properties[0].Value
    $rv.Action = $_.Properties[4].Value
    $rv.Reason = $_.Properties[2].Value
    $rv.ReasonCode = $_.Properties[3].Value
    $rv.Comment = $_.Properties[5].Value
    $rv
   
  } | Select-Object Date, Action, Reason, User

2 thoughts on “PowerShell Script to Find Who Restarted a Server”

Anonymous February 3, 2014 at 7:03 pm · Edit

this is a great script however I was wondering if there is anyway that you know of to beable to just parse that last record entry instead of listing every record in the system event log?
Reply
Anonymous July 22, 2014 at 1:00 pm · Edit

Just add -First 1 to the end of the Select-Object
Reply

Share this post

Recommended for You

AutoScale Deployments in vRA 8.X with native PowerShell support

Breakdown Multivalued vROPS Custom Properties / Metrics values to Separate Columns.

AutoScale vSphere Workloads with vRA and PowerShell based NetScaler NITRO API’s

Auto-Scale vRA workloads with vROPS,vRO and NSX.

2 thoughts on “PowerShell Script to Find Who Restarted a Server”

Post Comment Cancel reply