November 18, 2011

Powershell Get-ReliabilityRecords

The WMI Win32_ReliabilityRecords class can provide really useful information about the health of a Windows computer. The following Powershell function provides a more convenient interface to the class.

For example, grouping the output highlights the product that is faulting most often.

PS C: >Get-ReliabilityRecords -ApplicationError | Group ProductName

Script Get-ReliabilityRecords.ps1

function Get-ReliabilityRecords {
<#
.SYNOPSIS
Gets the Win32_ReliabilityRecords from a local or remote computer.

.DESCRIPTION
Win32_ReliabilityRecords class contains information about reliability events including:
MSI Installation, WindowsUpdate, Plug and Play installs, Application hangs

.PARAMETER  ComputerName
The name of the computer to query.

.PARAMETER  MicrosoftWindowsWindowsUpdateClient
Switch that filters the records to show Microsoft-Windows-WindowsUpdate-Client events.

.PARAMETER  ApplicationHang
Switch that filters the records to show Application Hang events.

.PARAMETER  ApplicationAddonEventProvider
Switch that filters the records to show Application-Addon-Event-Provider events.

.PARAMETER  ApplicationError
Switch that filters the records to show Application Error events.

.PARAMETER  MsiInstaller
Switch that filters the records to show MsiInstaller events.

.PARAMETER  MicrosoftWindowsUserPnp
Switch that filters the records to show Microsoft-Windows-UserPnp events.

.EXAMPLE
PS C:\> Get-ReliabilityRecords -ComputerName PC1

.EXAMPLE
PS C:\> Get-ReliabilityRecords -ComputerName PC1 -ApplicationError

.EXAMPLE
PS C:\> "PC1","PC2" | Get-ReliabilityRecords -ApplicationAddonEventProvider

.NOTES
Script Version: 1.0.0
Last update:
2011-10-24 : Initial Release


#>
[CmdletBinding(
SupportsShouldProcess=$False,
SupportsTransactions=$False,
ConfirmImpact="Low",
DefaultParameterSetName="")]
param(
[Parameter(Position=0, Mandatory=$False, ValueFromPipeline=$True,ValueFromPipeLineByPropertyName=$True)]
[String]$ComputerName=$Env:COMPUTERNAME
,
[Parameter(Position=1)]
[Switch]$MicrosoftWindowsWindowsUpdateClient
,
[Parameter(Position=2)]
[Switch]$ApplicationError
,
[Parameter(Position=3)]
[Switch]$MsiInstaller
,
[Parameter(Position=4)]
[Switch]$MicrosoftWindowsUserPnp    
,
[Parameter(Position=5)]
[Switch]$ApplicationHang
,
[Parameter(Position=6)]
[Switch]$ApplicationAddonEventProvider    
)

BEGIN{
$FilterOptions=@{
MicrosoftWindowsWindowsUpdateClient = "Microsoft-Windows-WindowsUpdateClient"
ApplicationHang = "Application Hang"
ApplicationAddonEventProvider = "Application-Addon-Event-Provider"
ApplicationError = "Application Error"
MsiInstaller = "MsiInstaller"
MicrosoftWindowsUserPnp = "Microsoft-Windows-UserPnp"
}
}

PROCESS{
[string]$Filter=$null

$PSBoundParameters.Keys | ForEach-Object{
if($FilterOptions.ContainsKey($_)){
if($Filter){
$Filter+= " OR SourceName = '$($FilterOptions.Item($_))'"
}else{
$Filter = "SourceName = '$($FilterOptions.Item($_))'"
}
}
}

Get-WmiObject -ComputerName $ComputerName -Class Win32_ReliabilityRecords -Filter $Filter |
select ComputerName, EventIdentifier, InsertionStrings, Logfile, Message,ProductName, RecordNumber, SourceName, @{N="TimeGenerated"; E={($_.ConvertToDatetime($_.TimeGenerated)).ToString("u")}},User

}
END{}

}

No comments:

Post a Comment