How To – Check crashed servers using PowerShell

Following on from my previous post about how to check disk space and volume fragmentation of servers, it may be useful to also determine if a system has crashed in a given timeframe. From Windows 2008 R2 onwards a new WMI class was introduced, Win32_ReliabilityRecords. This class contains EventLog information relating to Windows Reliability.

The PowerShell script below will connect to each server in a list ($compList) and check for reboots.

$compList = "LONDON,BRISBANE"
$date = [System.Management.ManagementDateTimeConverter]::ToDMTFDateTime((Get-Date "01/11/2012"))
foreach ($computerName in $compList)
{
	$compCrashes = 0
	try
	{
		$compCrashes = Get-WmiObject -Computername $computerName -Class Win32_ReliabilityRecords -Filter "SourceName='EventLog' AND EventIdentifier='6008' AND Timegenerated >= '$date'" | group __CLASS | select Count
	}
	catch{}
	Write-Host $ComputerName $compCrashes.Count
}

This could be expanded to store the results in a table and send the results using Send-MailMessage, but I’ll leave that to the reader.

Published by

Dave Hope

Dave is a Principal Software Analyst for a UK based retirement developer, in his spare time he enjoys digital photography and rock climbing.

Leave a Reply

Your email address will not be published. Required fields are marked *