All PowerShell Versions
Windows logs all shutdown events in its System event log. From there, you can extract and analyze the information.
Here is a function that looks for the appropriate event log entries, reads the relevant information from the ReplacementStrings array, and returns the shutdown information as objects.
function Get-ShutdownInfo { Get-EventLog -LogName system -InstanceId 2147484722 -Source user32 | ForEach-Object { $result = 'dummy' | Select-Object -Property ComputerName, TimeWritten, User, Reason, Action, Executable $result.TimeWritten = $_.TimeWritten $result.User = $_.ReplacementStrings[6] $result.Reason = $_.ReplacementStrings[2] $result.Action = $_.ReplacementStrings[4] $result.Executable = Split-Path -Path $_.ReplacementStrings[0] -Leaf $result.ComputerName = $_.MachineName $result } }
Now it is easy to check for shutdown problems:
PS> Get-ShutdownInfo | Out-GridView
