gather last reboot events
function Write-Log { param ( [string]$Message, [string]$LogFilePath = "C:\Windows\Logs\Software\LastRebootEvent.log" ) $Timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss" $LogMessage = "$Timestamp : $Message" $LogDir = [System.IO.Path]::GetDirectoryName($LogFilePath) if (!(Test-Path -Path $LogDir)) { New-Item -ItemType Directory -Path $LogDir -Force } $LogMessage | Out-File -FilePath $LogFilePath -Append -Encoding UTF8 } Write-Log "Starting to gather last reboot events..." # Event IDs to filter: 1074 (user/system initiated restart/shutdown), 6005 (system startup), 6006 (clean shutdown), 6008 (unexpected shutdown) $EventIDs = @(1074, 6005, 6006, 6008) # Get events from the System log within the last 90 days $Events = Get-WinEvent -FilterHashtable @{ ...