Powershell Detect a BSOD via WMI + Event Log

$username = ".\username"
$password = convertto-securestring -AsPlainText -force -String 'password'
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password
$server = 'ServerName'
$ts = New-TimeSpan -Days 1
$current = (get-date -DisplayHint Date) - $ts
$WBEMDate = [management.managementDateTimeConverter]::ToDmtfDateTime($current) 
$crashLog = gwmi -computername $server -Credential $cred -query "select * from Win32_NTLogEvent where Logfile = 'System' and SourceName = 'Microsoft-Windows-Kernel-Power' and Type ='Critical' and TimeWritten > '$WBEMDate'"

foreach ($item in $crashlog){
    write-host "$server experienced an unexpected power event:"
    write-host " Message:" $item.Message
    $CrashTime = [management.managementDateTimeConverter]::ToDateTime($item.TimeGenerated)
    write-host " Occured at: $CrashTime"    
}

Jeremy Tirrell

Read more posts by this author.