filipnet/Get-RebootEvents.ps1

## Get-RebootEvents.ps1
<#
.SYNOPSIS
    Tracks system shutdown and reboot events.

.DESCRIPTION
    This script retrieves event ID 1074 from the System log to identify shutdown and reboot events.
    It can generate reports for a single server or multiple servers.

.PARAMETER Computer
    The target computer name (default: local computer).

.PARAMETER ComputerList
    A file containing a list of remote computers (one per line).

.EXAMPLE
    .\Get-RebootEvents.ps1 -Computer "PC123"
    Retrieves reboot events for PC123.

.EXAMPLE
    .\Get-RebootEvents.ps1 -ComputerList "computers.txt"
    Retrieves reboot events for multiple servers listed in `computers.txt`.

.NOTES
    - Requires administrative privileges.
    - Ensure WinRM is enabled for remote queries.
    - Event ID 1074 logs shutdown/reboot events.
#>

param (
    [string]$Computer = $env:COMPUTERNAME,
    [string]$ComputerList
)

function Get-RebootReport {
    param (
        [string]$TargetComputer
    )

    Write-Host "Generating reboot report for: $TargetComputer" -ForegroundColor Cyan

    try {
        Get-WinEvent -ComputerName $TargetComputer -FilterHashtable @{LogName='System'; ID=1074} |
        ForEach-Object {
            [PSCustomObject]@{
                Date   = $_.TimeCreated
                User   = $_.Properties[6].Value
                Action = $_.Properties[4].Value
                Reason = $_.Properties[2].Value
            }
        } | Format-Table -AutoSize
    }
    catch {
        Write-Host "Error retrieving events from $TargetComputer: $_" -ForegroundColor Red
    }
}

if ($ComputerList) {
    if (Test-Path $ComputerList) {
        $Servers = Get-Content $ComputerList
        foreach ($Server in $Servers) {
            Get-RebootReport -TargetComputer $Server
        }
    }
    else {
        Write-Host "File $ComputerList not found!" -ForegroundColor Red
    }
}
else {
    Get-RebootReport -TargetComputer $Computer
}
	<#
	.SYNOPSIS
	Tracks system shutdown and reboot events.

	.DESCRIPTION
	This script retrieves event ID 1074 from the System log to identify shutdown and reboot events.
	It can generate reports for a single server or multiple servers.

	.PARAMETER Computer
	The target computer name (default: local computer).

	.PARAMETER ComputerList
	A file containing a list of remote computers (one per line).

	.EXAMPLE
	.\Get-RebootEvents.ps1 -Computer "PC123"
	Retrieves reboot events for PC123.

	.EXAMPLE
	.\Get-RebootEvents.ps1 -ComputerList "computers.txt"
	Retrieves reboot events for multiple servers listed in `computers.txt`.

	.NOTES
	- Requires administrative privileges.
	- Ensure WinRM is enabled for remote queries.
	- Event ID 1074 logs shutdown/reboot events.
	#>

	param (
	[string]$Computer = $env:COMPUTERNAME,
	[string]$ComputerList
	)

	function Get-RebootReport {
	param (
	[string]$TargetComputer
	)

	Write-Host "Generating reboot report for: $TargetComputer" -ForegroundColor Cyan

	try {
	Get-WinEvent -ComputerName $TargetComputer -FilterHashtable @{LogName='System'; ID=1074} \|
	ForEach-Object {
	[PSCustomObject]@{
	Date = $_.TimeCreated
	User = $_.Properties[6].Value
	Action = $_.Properties[4].Value
	Reason = $_.Properties[2].Value
	}
	} \| Format-Table -AutoSize
	}
	catch {
	Write-Host "Error retrieving events from $TargetComputer: $_" -ForegroundColor Red
	}
	}

	if ($ComputerList) {
	if (Test-Path $ComputerList) {
	$Servers = Get-Content $ComputerList
	foreach ($Server in $Servers) {
	Get-RebootReport -TargetComputer $Server
	}
	}
	else {
	Write-Host "File $ComputerList not found!" -ForegroundColor Red
	}
	}
	else {
	Get-RebootReport -TargetComputer $Computer
	}
No results found