PowerShell ile Windows Server ne zaman kim tarafından yeniden basladı yada kapatıldı (tr-TR)

Steel Contributor

Sistem yöneticilerinin kontrolu dışında windows server yada client işletim sisteminin yeniden başlaması yada kapanması durumlarında logların içine girip bulmaya çalıştıkları bilgileri paylaştığım powershell scripti ile tespit etmeniz mümkün. Nasılmı yapıyoruz sunucumuz yeninden başlatıldığında yada kapatılda event log üzerine kayıt atmakdır bu kayıtları el ile takip etmek çok mümkün olmuyor. En bilinen yöntem belli başlı event idler ile tek tek kontrol etmektir. Öncesinde bu event idleri hatırlayalım. 1074, 6005, 6006 ve 6008 event idlerini event viewer üzerinde incelerseniz sunucunuz ya yeniden başlamıştır yada kapatılmıştır. Temelinde "get-winevent" syntax ile çalışan scriptimiz belirlediğimiz scripti çalıştırdıktan sonra tek bir komut ile servise hazır olacak.

"Get-RestartInfo" komutu bu scripti ps1 dosyası olarak çalıştırdıktan ehmen sonra hazır olacaktır.

 

Script

function Get-RestartInfo
{
[CmdletBinding()]
Param(
    [Parameter(ValueFromPipeline,ValueFromPipelineByPropertyName)]
    [alias("Name","MachineName","Computer")]
    [string[]]
    $ComputerName = 'localhost',
 
    [ValidateNotNull()]
        [System.Management.Automation.PSCredential]
        [System.Management.Automation.Credential()]
        $Credential = [System.Management.Automation.PSCredential]::Empty
 
    )
 
    Begin { }
 
    Process {
        Foreach($Computer in $ComputerName){
            $Connection = Test-Connection $Computer -Quiet -Count 2
 
            If(!$Connection) {
                Write-Warning "Computer: $Computer appears to be offline!"
            } #end If
 
            Else {
                Get-WinEvent -ComputerName $computer -FilterHashtable @{logname = 'System'; id = 1074,6005,6006,6008}  |
                    ForEach-Object {
                        $EventData = New-Object PSObject | Select-Object Date, EventID, User, Action, Reason, ReasonCode, Comment, Computer, Message, Process
                        $EventData.Date = $_.TimeCreated
                        $EventData.User = $_.Properties[6].Value
                        $EventData.Process = $_.Properties[0].Value
                        $EventData.Action = $_.Properties[4].Value
                        $EventData.Reason = $_.Properties[2].Value
                        $EventData.ReasonCode = $_.Properties[3].Value
                        $EventData.Comment = $_.Properties[5].Value
                        $EventData.Computer = $Computer
                        $EventData.EventID = $_.id
                        $EventData.Message = $_.Message
                     
                        $EventData | Select-Object Date, Computer, EventID, Action, User, Reason, Message
 
                    }
                } #end Else
        } #end Foreach Computer Loop
    } #end Process block
} #end of Function

 

Komut kullanımı:

Get-RestartInfo

 

Komut çıktısı

PS C:\Users\Emre Ozan Memis> function Get-RestartInfo
{
[CmdletBinding()]
Param(
    [Parameter(ValueFromPipeline,ValueFromPipelineByPropertyName)]
    [alias("Name","MachineName","Computer")]
    [string[]]
    $ComputerName = 'localhost',
  
    [ValidateNotNull()]
        [System.Management.Automation.PSCredential]
        [System.Management.Automation.Credential()]
        $Credential = [System.Management.Automation.PSCredential]::Empty
  
    )
  
    Begin { }
  
    Process {
        Foreach($Computer in $ComputerName){
            $Connection = Test-Connection $Computer -Quiet -Count 2
  
            If(!$Connection) {
                Write-Warning "Computer: $Computer appears to be offline!"
            } #end If
  
            Else {
                Get-WinEvent -ComputerName $computer -FilterHashtable @{logname = 'System'; id = 1074,6005,6006,6008}  |
                    ForEach-Object {
                        $EventData = New-Object PSObject | Select-Object Date, EventID, User, Action, Reason, ReasonCode, Comment, Computer, Message, Process
                        $EventData.Date = $_.TimeCreated
                        $EventData.User = $_.Properties[6].Value
                        $EventData.Process = $_.Properties[0].Value
                        $EventData.Action = $_.Properties[4].Value
                        $EventData.Reason = $_.Properties[2].Value
                        $EventData.ReasonCode = $_.Properties[3].Value
                        $EventData.Comment = $_.Properties[5].Value
                        $EventData.Computer = $Computer
                        $EventData.EventID = $_.id
                        $EventData.Message = $_.Message
                      
                        $EventData | Select-Object Date, Computer, EventID, Action, User, Reason, Message
  
                    }
                } #end Else
        } #end Foreach Computer Loop
    } #end Process block
} #end of Function
 
PS C:\Users\Emre Ozan Memis>
PS C:\Users\Emre Ozan Memis> Get-RestartInfo
 
 
Date     : 2.12.2021 14:15:59
Computer : localhost
EventID  : 1074
Action   : power off
User     : EMREOZANMEMIS\Emre Ozan Memis
Reason   : Other (Unplanned)
Message  : The process C:\WINDOWS\Explorer.EXE (EMREOZANMEMIS) has initiated the power off of computer EMREOZANMEMIS on behalf of user EMREOZANMEMIS\Emre Ozan Memis for the following reason:
            Other (Unplanned)
            Reason Code: 0x0
            Shutdown Type: power off
            Comment:
 
Date     : 2.12.2021 08:41:48
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 2.12.2021 08:41:48
Computer : localhost
EventID  : 6008
Action   : 19211
User     :
Reason   :
Message  : The previous system shutdown at 5:45:00 PM on <u+200e>12/<u+200e>1/<u+200e>2021 was unexpected.
 
Date     : 1.12.2021 12:25:00
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 1.12.2021 12:24:28
Computer : localhost
EventID  : 6006
Action   :
User     :
Reason   :
Message  : The Event log service was stopped.
 
Date     : 30.11.2021 18:05:42
Computer : localhost
EventID  : 1074
Action   : power off
User     : EMREOZANMEMIS\Emre Ozan Memis
Reason   : No title for this reason could be found
Message  : The process C:\WINDOWS\system32\winlogon.exe (EMREOZANMEMIS) has initiated the power off of computer EMREOZANMEMIS on behalf of user EMREOZANMEMIS\Emre Ozan Memis for the followin
           g reason: No title for this reason could be found
            Reason Code: 0x500ff
            Shutdown Type: power off
            Comment:
 
Date     : 28.11.2021 18:03:39
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 28.11.2021 18:03:39
Computer : localhost
EventID  : 6008
Action   : 12
User     :
Reason   :
Message  : The previous system shutdown at 6:01:51 PM on <u+200e>11/<u+200e>28/<u+200e>2021 was unexpected.
 
Date     : 28.11.2021 18:00:32
Computer : localhost
EventID  : 1074
Action   : restart
User     : NT AUTHORITY\SYSTEM
Reason   : Operating System: Upgrade (Planned)
Message  : The process C:\WINDOWS\servicing\TrustedInstaller.exe (EMREOZANMEMIS) has initiated the restart of computer EMREOZANMEMIS on behalf of user NT AUTHORITY\SYSTEM for the following r
           eason: Operating System: Upgrade (Planned)
            Reason Code: 0x80020003
            Shutdown Type: restart
            Comment:
 
Date     : 28.11.2021 18:00:33
Computer : localhost
EventID  : 6006
Action   :
User     :
Reason   :
Message  : The Event log service was stopped.
 
Date     : 28.11.2021 18:00:32
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 28.11.2021 17:59:40
Computer : localhost
EventID  : 6006
Action   :
User     :
Reason   :
Message  : The Event log service was stopped.
 
Date     : 25.11.2021 18:12:40
Computer : localhost
EventID  : 1074
Action   : power off
User     : EMREOZANMEMIS\Emre Ozan Memis
Reason   : Other (Unplanned)
Message  : The process C:\WINDOWS\Explorer.EXE (EMREOZANMEMIS) has initiated the power off of computer EMREOZANMEMIS on behalf of user EMREOZANMEMIS\Emre Ozan Memis for the following reason:
            Other (Unplanned)
            Reason Code: 0x0
            Shutdown Type: power off
            Comment:
 
Date     : 24.11.2021 20:08:39
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 24.11.2021 20:08:39
Computer : localhost
EventID  : 6008
Action   : 586894
User     :
Reason   :
Message  : The previous system shutdown at 5:57:57 PM on <u+200e>11/<u+200e>24/<u+200e>2021 was unexpected.
 
Date     : 18.11.2021 00:34:11
Computer : localhost
EventID  : 1074
Action   : power off
User     : EMREOZANMEMIS\Emre Ozan Memis
Reason   : Other (Unplanned)
Message  : The process C:\WINDOWS\Explorer.EXE (EMREOZANMEMIS) has initiated the power off of computer EMREOZANMEMIS on behalf of user EMREOZANMEMIS\Emre Ozan Memis for the following reason:
            Other (Unplanned)
            Reason Code: 0x0
            Shutdown Type: power off
            Comment:
 
Date     : 17.11.2021 22:57:03
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 17.11.2021 22:57:03
Computer : localhost
EventID  : 6008
Action   : 552821
User     :
Reason   :
Message  : The previous system shutdown at 6:17:22 PM on <u+200e>11/<u+200e>17/<u+200e>2021 was unexpected.
 
Date     : 11.11.2021 13:32:01
Computer : localhost
EventID  : 1074
Action   : power off
User     : EMREOZANMEMIS\Emre Ozan Memis
Reason   : Other (Unplanned)
Message  : The process C:\WINDOWS\Explorer.EXE (EMREOZANMEMIS) has initiated the power off of computer EMREOZANMEMIS on behalf of user EMREOZANMEMIS\Emre Ozan Memis for the following reason:
            Other (Unplanned)
            Reason Code: 0x0
            Shutdown Type: power off
            Comment:
 
Date     : 11.11.2021 08:44:21
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 10.11.2021 18:06:22
Computer : localhost
EventID  : 6006
Action   :
User     :
Reason   :
Message  : The Event log service was stopped.
 
Date     : 10.11.2021 18:06:21
Computer : localhost
EventID  : 1074
Action   : shutdown
User     : NT AUTHORITY\SYSTEM
Reason   : No title for this reason could be found
Message  : The process C:\WINDOWS\system32\winlogon.exe (EMREOZANMEMIS) has initiated the shutdown of computer EMREOZANMEMIS on behalf of user NT AUTHORITY\SYSTEM for the following reason: N
           o title for this reason could be found
            Reason Code: 0x500ff
            Shutdown Type: shutdown
            Comment:
 
Date     : 10.11.2021 18:05:57
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 10.11.2021 18:05:23
Computer : localhost
EventID  : 6006
Action   :
User     :
Reason   :
Message  : The Event log service was stopped.
 
Date     : 9.11.2021 18:04:16
Computer : localhost
EventID  : 1074
Action   : power off
User     : EMREOZANMEMIS\Emre Ozan Memis
Reason   : Other (Unplanned)
Message  : The process C:\WINDOWS\Explorer.EXE (EMREOZANMEMIS) has initiated the power off of computer EMREOZANMEMIS on behalf of user EMREOZANMEMIS\Emre Ozan Memis for the following reason:
            Other (Unplanned)
            Reason Code: 0x0
            Shutdown Type: power off
            Comment:
 
Date     : 9.11.2021 08:37:09
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 9.11.2021 08:37:09
Computer : localhost
EventID  : 6008
Action   : 27518
User     :
Reason   :
Message  : The previous system shutdown at 5:42:59 PM on <u+200e>11/<u+200e>8/<u+200e>2021 was unexpected.
 
Date     : 8.11.2021 10:04:34
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 8.11.2021 10:04:02
Computer : localhost
EventID  : 6006
Action   :
User     :
Reason   :
Message  : The Event log service was stopped.
 
Date     : 5.11.2021 18:04:43
Computer : localhost
EventID  : 1074
Action   : power off
User     : EMREOZANMEMIS\Emre Ozan Memis
Reason   : Other (Unplanned)
Message  : The process C:\WINDOWS\Explorer.EXE (EMREOZANMEMIS) has initiated the power off of computer EMREOZANMEMIS on behalf of user EMREOZANMEMIS\Emre Ozan Memis for the following reason:
            Other (Unplanned)
            Reason Code: 0x0
            Shutdown Type: power off
            Comment:
 
Date     : 5.11.2021 08:11:53
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 5.11.2021 08:11:53
Computer : localhost
EventID  : 6008
Action   : 34510
User     :
Reason   :
Message  : The previous system shutdown at 6:06:26 PM on <u+200e>11/<u+200e>4/<u+200e>2021 was unexpected.
 
Date     : 4.11.2021 08:31:41
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 4.11.2021 08:31:41
Computer : localhost
EventID  : 6008
Action   : 810153
User     :
Reason   :
Message  : The previous system shutdown at 6:01:28 PM on <u+200e>11/<u+200e>3/<u+200e>2021 was unexpected.
 
Date     : 25.10.2021 18:15:26
Computer : localhost
EventID  : 1074
Action   : power off
User     : EMREOZANMEMIS\Emre Ozan Memis
Reason   : Other (Unplanned)
Message  : The process C:\WINDOWS\Explorer.EXE (EMREOZANMEMIS) has initiated the power off of computer EMREOZANMEMIS on behalf of user EMREOZANMEMIS\Emre Ozan Memis for the following reason:
            Other (Unplanned)
            Reason Code: 0x0
            Shutdown Type: power off
            Comment:
 
Date     : 25.10.2021 08:59:55
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 25.10.2021 08:59:21
Computer : localhost
EventID  : 6006
Action   :
User     :
Reason   :
Message  : The Event log service was stopped.
 
Date     : 18.10.2021 18:17:01
Computer : localhost
EventID  : 1074
Action   : power off
User     : EMREOZANMEMIS\Emre Ozan Memis
Reason   : Other (Unplanned)
Message  : The process C:\WINDOWS\Explorer.EXE (EMREOZANMEMIS) has initiated the power off of computer EMREOZANMEMIS on behalf of user EMREOZANMEMIS\Emre Ozan Memis for the following reason:
            Other (Unplanned)
            Reason Code: 0x0
            Shutdown Type: power off
            Comment:
 
Date     : 17.10.2021 13:56:43
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 17.10.2021 13:56:43
Computer : localhost
EventID  : 6008
Action   : 16424
User     :
Reason   :
Message  : The previous system shutdown at 4:55:33 AM on <u+200e>10/<u+200e>16/<u+200e>2021 was unexpected.
 
Date     : 16.10.2021 00:21:59
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 16.10.2021 00:21:29
Computer : localhost
EventID  : 6006
Action   :
User     :
Reason   :
Message  : The Event log service was stopped.
 
Date     : 10.10.2021 05:47:03
Computer : localhost
EventID  : 1074
Action   : power off
User     : EMREOZANMEMIS\Emre Ozan Memis
Reason   : No title for this reason could be found
Message  : The process C:\WINDOWS\system32\winlogon.exe (EMREOZANMEMIS) has initiated the power off of computer EMREOZANMEMIS on behalf of user EMREOZANMEMIS\Emre Ozan Memis for the followin
           g reason: No title for this reason could be found
            Reason Code: 0x500ff
            Shutdown Type: power off
            Comment:
 
Date     : 9.10.2021 23:37:43
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 9.10.2021 23:37:08
Computer : localhost
EventID  : 6006
Action   :
User     :
Reason   :
Message  : The Event log service was stopped.
 
Date     : 4.10.2021 18:17:25
Computer : localhost
EventID  : 1074
Action   : power off
User     : EMREOZANMEMIS\Emre Ozan Memis
Reason   : Other (Unplanned)
Message  : The process C:\WINDOWS\Explorer.EXE (EMREOZANMEMIS) has initiated the power off of computer EMREOZANMEMIS on behalf of user EMREOZANMEMIS\Emre Ozan Memis for the following reason:
            Other (Unplanned)
            Reason Code: 0x0
            Shutdown Type: power off
            Comment:
 
Date     : 2.10.2021 19:52:41
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 2.10.2021 19:13:02
Computer : localhost
EventID  : 6006
Action   :
User     :
Reason   :
Message  : The Event log service was stopped.
 
Date     : 2.10.2021 19:13:01
Computer : localhost
EventID  : 1074
Action   : shutdown
User     : NT AUTHORITY\SYSTEM
Reason   : No title for this reason could be found
Message  : The process C:\WINDOWS\system32\winlogon.exe (EMREOZANMEMIS) has initiated the shutdown of computer EMREOZANMEMIS on behalf of user NT AUTHORITY\SYSTEM for the following reason: N
           o title for this reason could be found
            Reason Code: 0x500ff
            Shutdown Type: shutdown
            Comment:
 
Date     : 2.10.2021 19:12:40
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 2.10.2021 19:12:06
Computer : localhost
EventID  : 6006
Action   :
User     :
Reason   :
Message  : The Event log service was stopped.
 
Date     : 20.09.2021 18:16:19
Computer : localhost
EventID  : 1074
Action   : power off
User     : EMREOZANMEMIS\Emre Ozan Memis
Reason   : No title for this reason could be found
Message  : The process C:\WINDOWS\system32\winlogon.exe (EMREOZANMEMIS) has initiated the power off of computer EMREOZANMEMIS on behalf of user EMREOZANMEMIS\Emre Ozan Memis for the followin
           g reason: No title for this reason could be found
            Reason Code: 0x500ff
            Shutdown Type: power off
            Comment:
 
Date     : 19.09.2021 21:22:41
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 19.09.2021 21:22:04
Computer : localhost
EventID  : 6006
Action   :
User     :
Reason   :
Message  : The Event log service was stopped.
 
Date     : 6.09.2021 18:06:24
Computer : localhost
EventID  : 1074
Action   : power off
User     : EMREOZANMEMIS\Emre Ozan Memis
Reason   : Other (Unplanned)
Message  : The process C:\WINDOWS\Explorer.EXE (EMREOZANMEMIS) has initiated the power off of computer EMREOZANMEMIS on behalf of user EMREOZANMEMIS\Emre Ozan Memis for the following reason:
            Other (Unplanned)
            Reason Code: 0x0
            Shutdown Type: power off
            Comment:
 
Date     : 5.09.2021 10:14:16
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 5.09.2021 10:13:48
Computer : localhost
EventID  : 1074
Action   : restart
User     : NT AUTHORITY\SYSTEM
Reason   : Operating System: Upgrade (Planned)
Message  : The process C:\WINDOWS\servicing\TrustedInstaller.exe (EMREOZANMEMIS) has initiated the restart of computer EMREOZANMEMIS on behalf of user NT AUTHORITY\SYSTEM for the following r
           eason: Operating System: Upgrade (Planned)
            Reason Code: 0x80020003
            Shutdown Type: restart
            Comment:
 
Date     : 5.09.2021 10:13:48
Computer : localhost
EventID  : 6006
Action   :
User     :
Reason   :
Message  : The Event log service was stopped.
 
Date     : 5.09.2021 10:13:48
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 5.09.2021 10:13:48
Computer : localhost
EventID  : 6008
Action   : 494430
User     :
Reason   :
Message  : The previous system shutdown at 8:59:34 AM on <u+200e>9/<u+200e>5/<u+200e>2021 was unexpected.
 
Date     : 1.09.2021 18:19:57
Computer : localhost
EventID  : 1074
Action   : power off
User     : EMREOZANMEMIS\Emre Ozan Memis
Reason   : Other (Unplanned)
Message  : The process C:\WINDOWS\Explorer.EXE (EMREOZANMEMIS) has initiated the power off of computer EMREOZANMEMIS on behalf of user EMREOZANMEMIS\Emre Ozan Memis for the following reason:
            Other (Unplanned)
            Reason Code: 0x0
            Shutdown Type: power off
            Comment:
 
Date     : 30.08.2021 15:39:33
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 30.08.2021 14:28:40
Computer : localhost
EventID  : 6006
Action   :
User     :
Reason   :
Message  : The Event log service was stopped.
 
Date     : 30.08.2021 14:28:38
Computer : localhost
EventID  : 1074
Action   : shutdown
User     : NT AUTHORITY\SYSTEM
Reason   : No title for this reason could be found
Message  : The process C:\WINDOWS\system32\winlogon.exe (EMREOZANMEMIS) has initiated the shutdown of computer EMREOZANMEMIS on behalf of user NT AUTHORITY\SYSTEM for the following reason: N
           o title for this reason could be found
            Reason Code: 0x500ff
            Shutdown Type: shutdown
            Comment:
 
Date     : 30.08.2021 14:28:38
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 30.08.2021 14:28:13
Computer : localhost
EventID  : 6006
Action   :
User     :
Reason   :
Message  : The Event log service was stopped.
 
Date     : 30.08.2021 14:28:11
Computer : localhost
EventID  : 1074
Action   : restart
User     : EMREOZANMEMIS\Emre Ozan Memis
Reason   : Other (Unplanned)
Message  : The process C:\WINDOWS\Explorer.EXE (EMREOZANMEMIS) has initiated the restart of computer EMREOZANMEMIS on behalf of user EMREOZANMEMIS\Emre Ozan Memis for the following reason: O
           ther (Unplanned)
            Reason Code: 0x0
            Shutdown Type: restart
            Comment:
 
Date     : 30.08.2021 14:27:58
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 30.08.2021 14:27:23
Computer : localhost
EventID  : 6006
Action   :
User     :
Reason   :
Message  : The Event log service was stopped.
 
Date     : 30.08.2021 14:27:17
Computer : localhost
EventID  : 1074
Action   : restart
User     : EMREOZANMEMIS\Emre Ozan Memis
Reason   : Operating System: Service pack (Planned)
Message  : The process C:\WINDOWS\system32\MusNotificationUx.exe (EMREOZANMEMIS) has initiated the restart of computer EMREOZANMEMIS on behalf of user EMREOZANMEMIS\Emre Ozan Memis for the f
           ollowing reason: Operating System: Service pack (Planned)
            Reason Code: 0x80020010
            Shutdown Type: restart
            Comment:
 
Date     : 27.08.2021 11:45:33
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 27.08.2021 11:45:33
Computer : localhost
EventID  : 6008
Action   : 525688
User     :
Reason   :
Message  : The previous system shutdown at 11:43:34 AM on <u+200e>8/<u+200e>27/<u+200e>2021 was unexpected.
 
Date     : 21.08.2021 11:15:07
Computer : localhost
EventID  : 1074
Action   : power off
User     : EMREOZANMEMIS\Emre Ozan Memis
Reason   : Other (Unplanned)
Message  : The process C:\WINDOWS\Explorer.EXE (EMREOZANMEMIS) has initiated the power off of computer EMREOZANMEMIS on behalf of user EMREOZANMEMIS\Emre Ozan Memis for the following reason:
            Other (Unplanned)
            Reason Code: 0x0
            Shutdown Type: power off
            Comment:
 
Date     : 21.08.2021 09:42:47
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 20.08.2021 18:04:55
Computer : localhost
EventID  : 6006
Action   :
User     :
Reason   :
Message  : The Event log service was stopped.
 
Date     : 20.08.2021 18:04:54
Computer : localhost
EventID  : 1074
Action   : shutdown
User     : NT AUTHORITY\SYSTEM
Reason   : No title for this reason could be found
Message  : The process C:\WINDOWS\system32\winlogon.exe (EMREOZANMEMIS) has initiated the shutdown of computer EMREOZANMEMIS on behalf of user NT AUTHORITY\SYSTEM for the following reason: N
           o title for this reason could be found
            Reason Code: 0x500ff
            Shutdown Type: shutdown
            Comment:
 
Date     : 20.08.2021 18:04:37
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 20.08.2021 18:03:58
Computer : localhost
EventID  : 6006
Action   :
User     :
Reason   :
Message  : The Event log service was stopped.
 
Date     : 15.08.2021 18:03:25
Computer : localhost
EventID  : 1074
Action   : power off
User     : EMREOZANMEMIS\Emre Ozan Memis
Reason   : Other (Unplanned)
Message  : The process C:\WINDOWS\Explorer.EXE (EMREOZANMEMIS) has initiated the power off of computer EMREOZANMEMIS on behalf of user EMREOZANMEMIS\Emre Ozan Memis for the following reason:
            Other (Unplanned)
            Reason Code: 0x0
            Shutdown Type: power off
            Comment:
 
Date     : 15.08.2021 15:13:59
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 15.08.2021 10:20:08
Computer : localhost
EventID  : 6006
Action   :
User     :
Reason   :
Message  : The Event log service was stopped.
 
Date     : 15.08.2021 10:20:07
Computer : localhost
EventID  : 1074
Action   : shutdown
User     : NT AUTHORITY\SYSTEM
Reason   : No title for this reason could be found
Message  : The process C:\WINDOWS\system32\winlogon.exe (EMREOZANMEMIS) has initiated the shutdown of computer EMREOZANMEMIS on behalf of user NT AUTHORITY\SYSTEM for the following reason: N
           o title for this reason could be found
            Reason Code: 0x500ff
            Shutdown Type: shutdown
            Comment:
 
Date     : 15.08.2021 10:19:23
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 15.08.2021 10:18:50
Computer : localhost
EventID  : 6006
Action   :
User     :
Reason   :
Message  : The Event log service was stopped.
 
Date     : 12.08.2021 18:14:31
Computer : localhost
EventID  : 1074
Action   : power off
User     : EMREOZANMEMIS\Emre Ozan Memis
Reason   : Other (Unplanned)
Message  : The process C:\WINDOWS\Explorer.EXE (EMREOZANMEMIS) has initiated the power off of computer EMREOZANMEMIS on behalf of user EMREOZANMEMIS\Emre Ozan Memis for the following reason:
            Other (Unplanned)
            Reason Code: 0x0
            Shutdown Type: power off
            Comment:
 
Date     : 11.08.2021 12:02:47
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 11.08.2021 12:01:02
Computer : localhost
EventID  : 6006
Action   :
User     :
Reason   :
Message  : The Event log service was stopped.
 
Date     : 2.08.2021 18:12:37
Computer : localhost
EventID  : 1074
Action   : power off
User     : EMREOZANMEMIS\Emre Ozan Memis
Reason   : Other (Unplanned)
Message  : The process C:\WINDOWS\Explorer.EXE (EMREOZANMEMIS) has initiated the power off of computer EMREOZANMEMIS on behalf of user EMREOZANMEMIS\Emre Ozan Memis for the following reason:
            Other (Unplanned)
            Reason Code: 0x0
            Shutdown Type: power off
            Comment:
 
Date     : 30.07.2021 23:25:13
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 30.07.2021 23:24:38
Computer : localhost
EventID  : 6006
Action   :
User     :
Reason   :
Message  : The Event log service was stopped.
 
Date     : 25.07.2021 13:40:53
Computer : localhost
EventID  : 1074
Action   : power off
User     : EMREOZANMEMIS\Emre Ozan Memis
Reason   : Other (Unplanned)
Message  : The process C:\Windows\System32\RuntimeBroker.exe (EMREOZANMEMIS) has initiated the power off of computer EMREOZANMEMIS on behalf of user EMREOZANMEMIS\Emre Ozan Memis for the fol
           lowing reason: Other (Unplanned)
            Reason Code: 0x0
            Shutdown Type: power off
            Comment:
 
Date     : 23.07.2021 19:28:12
Computer : localhost
EventID  : 6005
Action   :
User     :
Reason   :
Message  : The Event log service was started.
 
Date     : 23.07.2021 19:27:40
Computer : localhost
EventID  : 6006
Action   :
User     :
Reason   :
Message  : The Event log service was stopped.
 
Date     : 23.07.2021 19:27:37
Computer : localhost
EventID  : 1074
Action   : restart
User     : EMREOZANMEMIS\Emre Ozan Memis
Reason   : Other (Unplanned)
Message  : The process C:\WINDOWS\Explorer.EXE (EMREOZANMEMIS) has initiated the restart of computer EMREOZANMEMIS on behalf of user EMREOZANMEMIS\Emre Ozan Memis for the following reason: O
           ther (Unplanned)
            Reason Code: 0x0
            Shutdown Type: restart
            Comment:
 
 
 
 
PS C:\Users\Emre Ozan Memis>

 

Düzenlemek, incelemek yada detaylı işlem için PowerShell ISE kullanmanızı öneririm.

 

14782.Capture.PNG

0 Replies