forked from MicksITBlogs/PowerShell
-
Notifications
You must be signed in to change notification settings - Fork 0
/
LastRebootTime.ps1
167 lines (142 loc) · 5.67 KB
/
LastRebootTime.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
<#
.SYNOPSIS
Report Last Reboot/Shutdown Time
.DESCRIPTION
This script will query the system logs for the last time the system was shutdown or rebooted. I have included four different logs that can be used for determining the last shutdown. I compiled this list from asking poling admins online on what methods they used to determine the last reboot/shutdown of a system. These methods were the most common responses. It will create a WMI class to record the date/time of the last reboot time. The script will then initiate an SCCM hardware inventory to push the data up to SCCM.
.PARAMETER EventLogServiceStopped
Specifies the use of event ID 6006 which is when the event log service was stopped, thereby signifying a system shutdown.
.PARAMETER KernelBootType
Specifies using the event ID 27 and looking for 'The boot type was 0x0' which is a full shutdown. This is a Windows 10 only feature.
.PARAMETER MultiprocessorFree
Specifies using event ID 6009 that is logged when a system starts up.
.PARAMETER EventLogServiceStarted
Specifies the use of event ID 6005 which is when the event log service was started, thereby signifying a system startup.
.NOTES
===========================================================================
Created with: SAPIEN Technologies, Inc., PowerShell Studio 2017 v5.4.135
Created on: 1/30/2017 1:45 PM
Created by: Mick Pletcher
Organization:
Filename: LastRebootTime.ps1
===========================================================================
#>
param
(
[switch]$EventLogServiceStopped,
[switch]$KernelBootType,
[switch]$MultiprocessorFree,
[switch]$EventLogServiceStarted
)
function Initialize-HardwareInventory {
<#
.SYNOPSIS
Perform Hardware Inventory
.DESCRIPTION
Perform a hardware inventory via the SCCM client to report the WMI entry.
#>
[CmdletBinding()]
param ()
$Output = "Initiate SCCM Hardware Inventory....."
$SMSCli = [wmiclass] "\\localhost\root\ccm:SMS_Client"
$ErrCode = ($SMSCli.TriggerSchedule("{00000000-0000-0000-0000-000000000001}")).ReturnValue
If ($ErrCode -eq $null) {
$Output += "Success"
} else {
$Output += "Failed"
}
Write-Output $Output
}
function New-WMIClass {
<#
.SYNOPSIS
Create New WMI Class
.DESCRIPTION
This will delete the specified WMI class if it already exists and create/recreate the class.
.PARAMETER Class
A description of the Class parameter.
#>
[CmdletBinding()]
param
(
[ValidateNotNullOrEmpty()][string]$Class
)
$WMITest = Get-WmiObject $Class -ErrorAction SilentlyContinue
If (($WMITest -ne "") -and ($WMITest -ne $null)) {
$Output = "Deleting " + $Class + " WMI class....."
Remove-WmiObject $Class
$WMITest = Get-WmiObject $Class -ErrorAction SilentlyContinue
If ($WMITest -eq $null) {
$Output += "Success"
} else {
$Output += "Failed"
Exit 1
}
Write-Output $Output
}
$Output = "Creating " + $Class + " WMI class....."
$newClass = New-Object System.Management.ManagementClass("root\cimv2", [string]::Empty, $null);
$newClass["__CLASS"] = $Class;
$newClass.Qualifiers.Add("Static", $true)
$newClass.Properties.Add("LastRebootTime", [System.Management.CimType]::string, $false)
$newClass.Properties["LastRebootTime"].Qualifiers.Add("key", $true)
$newClass.Properties["LastRebootTime"].Qualifiers.Add("read", $true)
$newClass.Put() | Out-Null
$WMITest = Get-WmiObject $Class -ErrorAction SilentlyContinue
If ($WMITest -eq $null) {
$Output += "Success"
} else {
$Output += "Failed"
Exit 1
}
Write-Output $Output
}
function New-WMIInstance {
<#
.SYNOPSIS
Write new instance
.DESCRIPTION
Write a new instance reporting the last time the system was rebooted
.PARAMETER LastRebootTime
Date/time the system was last rebooted
.PARAMETER Class
WMI Class
.NOTES
Additional information about the function.
#>
[CmdletBinding()]
param
(
[ValidateNotNullOrEmpty()][string]$LastRebootTime,
[ValidateNotNullOrEmpty()][string]$Class
)
$Output = "Writing Last Reboot information instance to" + [char]32 + $Class + [char]32 + "class....."
$Return = Set-WmiInstance -Class $Class -Arguments @{ LastRebootTime = $LastRebootTime }
If ($Return -like "*" + $LastRebootTime + "*") {
$Output += "Success"
} else {
$Output += "Failed"
}
Write-Output $Output
}
Clear-Host
#Get the log entry of the last time the Event Log service was stopped to determine a reboot
If ($KernelBootType.IsPresent) {
[string]$LastReboot = (Get-WinEvent -FilterHashtable @{ logname = 'system'; ID = 27 } -MaxEvents 1 | Where-Object { $_.Message -like "*boot type was 0x0*" }).TimeCreated
}
If ($EventLogServiceStarted.IsPresent) {
[string]$LastReboot = (Get-WinEvent -FilterHashtable @{ logname = 'system'; ID = 6005 } -MaxEvents 1 | Where-Object { $_.Message -like "*service was started*" }).TimeCreated
}
If ($EventLogServiceStopped.IsPresent) {
[string]$LastReboot = (Get-WinEvent -FilterHashtable @{ logname = 'system'; ID = 6006 } -MaxEvents 1 | Where-Object { $_.Message -like "*service was stopped*" }).TimeCreated
}
If ($MultiprocessorFree.IsPresent) {
[string]$LastReboot = (Get-WinEvent -FilterHashtable @{ logname = 'system'; ID = 6009 } -MaxEvents 1 | Where-Object { $_.Message -like "*Multiprocessor Free*" }).TimeCreated
}
$Output = "Last reboot/shutdown: " + $LastReboot
Write-Output $Output
#Delete old WMI Class and create new one
New-WMIClass -Class "RebootInfo"
#Add last reboot date/time as WMI instance
New-WMIInstance -LastRebootTime $LastReboot -Class "RebootInfo"
#Initialize SCCM hardware inventory to report information back to SCCM
Initialize-HardwareInventory