How to get detailed information on Windows boot and shutdown performance in PowerShell?
In Windows 7 administrators have the possibility to monitor boot and shutdown performance by reviewing event logs. The most common one is located at Event Viewer > Application and Services Logs > Microsoft > Windows > Diagnostics-Performance > Operational. Events with an ID of 100 for boot up and 200 for shutdown will give you some basic information on the general tab, for example, when did the last boot up or shutdown happen and how long took it to complete and more detailed information on the Details tab.
On the Details tab you can find even more. Here is how to get this information programatically with the help of powershell. Run the following commands from an elevated powershell:
$bootevents = Get-WinEvent -FilterHashtable @{logname="Microsoft-Windows-Diagnostics-Performance/Operational"; id=100}
$bootevent = [xml]$bootevents[0].ToXml()
$bootevent.Event.EventData.Data
$shutdownevents = Get-WinEvent -FilterHashtable @{logname="Microsoft-Windows-Diagnostics-Performance/Operational"; id=200}
$shutdownevent = [xml]$shutdownevents[0].ToXml()
$shutdownevent.Event.EventData.Data
These upper 3 lines will get all events from the named logfile with the event id 100. Afterwards in converts the first result to xml, which now can be used in different ways. At this time we just want to print it on the screen. The lower 3 lines will do the same for shutdown events with event id 200.
This is the boot result for my computer:
Name #text ---- ----- BootTsVersion 2 BootStartTime 2012-01-10T07:33:36.656000300Z BootEndTime 2012-01-10T07:35:43.438676400Z SystemBootInstance 167 UserBootInstance 122 BootTime 78563 MainPathBootTime 30263 BootKernelInitTime 28 BootDriverInitTime 1521 BootDevicesInitTime 1809 BootPrefetchInitTime 0 BootPrefetchBytes 0 BootAutoChkTime 0 BootSmssInitTime 7424 BootCriticalServicesInitTime 534 BootUserProfileProcessingTime 4625 BootMachineProfileProcessingTime 10802 BootExplorerInitTime 2383 BootNumStartupApps 17 BootPostBootTime 48300 BootIsRebootAfterInstall false BootRootCauseStepImprovementBits 0 BootRootCauseGradualImprovementBits 0 BootRootCauseStepDegradationBits 0 BootRootCauseGradualDegradationBits 0 BootIsDegradation false BootIsStepDegradation false BootIsGradualDegradation false BootImprovementDelta 0 BootDegradationDelta 0 BootIsRootCauseIdentified false OSLoaderDuration 1026 BootPNPInitStartTimeMS 28 BootPNPInitDuration 1990 OtherKernelInitDuration 1006 SystemPNPInitStartTimeMS 2990 SystemPNPInitDuration 1340 SessionInitStartTimeMS 4337 Session0InitDuration 5181 Session1InitDuration 1192 SessionInitOtherDuration 1050 WinLogonStartTimeMS 11761 OtherLogonInitActivityDuration 691 UserLogonWaitDuration 8463
And here is the shutdown result:
Name #text ---- ----- ShutdownTsVersion 1 ShutdownStartTime 2012-01-07T15:06:38.501239300Z ShutdownEndTime 2012-01-07T15:07:03.559344800Z ShutdownTime 25058 ShutdownUserSessionTime 2728 ShutdownUserPolicyTime 37 ShutdownUserProfilesTime 84 ShutdownSystemSessionsTime 20852 ShutdownPreShutdownNotificationsTime 15732 ShutdownServicesTime 5007 ShutdownKernelTime 1477 ShutdownRootCauseStepImprovementBits 0 ShutdownRootCauseGradualImprovementBits 0 ShutdownRootCauseStepDegradationBits 0 ShutdownRootCauseGradualDegradationBits 0 ShutdownIsDegradation false ShutdownTimeChange 0
Have a look at this blog post to learn how to push this data into a SQL database with powershell.