Solved

HOW DO I DISCOVER LAST REBOOT TIME IN WIN NT4?

Posted on 2000-05-08
13
348 Views
Last Modified: 2013-12-28
IS THERE AN EASY WAY TO TELL IF A WINDOWS  NT 4.0 MACHINE HAS BEEN  REBOOTED ? LOOKING AT THE c/a/d SECURITY BOX WILL TELL ME WHEN I LAST LOGGED ON BUT NOT IF THE MACHINE HAS BEEN SHUTDOWN.  

ALSO... IF THIS IS POSSIBLE,  IS THERE A WAY TO  DISTINGUISH BETWEEN A POWEROFF/ON AND A c/a/d SHUTDOWN RESTART IN THE SAME WAY AS MS SCANDISK?

ANY HELP GREATLY APPRECIATED.

THANKS
0
Comment
Question by:KW82
  • 3
  • 3
  • 3
  • +2
13 Comments
 

Expert Comment

by:khang242
ID: 2789336
search microsoft's site for an uptime.exe, or just load up task manager and look at the cpu time of system idle process, or you can just scan through your event viewer's system log and look for the times event viewer started, since it usually gets loaded up by default
0
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 50 total points
ID: 2789506
Uptime may work - it depends on what it's basing that on.

If your CPU is ever used, looking at system idle process is by far the least accurate way to do it.

Provided you don't stop and/or restart either the server service or the workstation service, you can type "net statistics workstation" (or "... server") and that will tell you when those service started.

A FAIRLY reliable way is to track event log start and stop messages.  But if that service is stopped and started manually, you'll get an inaccurate reading.

The best way to track this is to go to user manager and enable auditing for "Restart, Shutdown, and System" - This will log an event to the security log every reboot.

As for differentiating between a Warm Boot and a Cold boot, (Power OFF/ON tvs. "Shutdown and Restart" option) unless the security log tells you the exact kind of shutdown done - possible, but I'm not certain - there's no way to tell, short of putting a boot password in BIOS so if anyone reboots it, they can't go any further than the boot-up screen.  But doing this could seriously affect your business if this server is generally required to be up 24x7.
0
 

Expert Comment

by:khang242
ID: 2790304
system idle process has never reached 100 for me, so it's a fairly good estimate, who knows, maybe uptime just calculates that
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 2790362
My point is if you use MS Access or run a distributed computing program such as SETI at home, this eats up CPU cycles which takes away from the Idle process.  For example, on my system, my system Idle process is at 119:47.  But Seti is as 58:46.  Plus various other services and applications total in excess of 45 minutes.  If I close ANY program once it's opened, it causes my time count to be instantly off.  If you add all this time together, my uptime is about 179 hrs 18 minutes.  According to "UpTime" my system has only been on for 4 days 1 hour and 19 minutes (97:19) - which is more accurate - (I have dual CPUs and with each single second or realtime idleness, both CPUs experience it and therefore 1 second is equal to 2.  Now Uptime (from one of the resource kits) appears fairly accurate - according to the workstation service, my system has been up since May 4 at 5:14 pm
0
 

Expert Comment

by:khang242
ID: 2790404
leew: i was wrong, i ran some tests and system idle time does stop when the cpu is fully used

the new uptime 2.0 in windows 2000 is very good, it calculates uptime availability as well, as well as some other useful facts, but it doesn't work for NT4 i don't believe
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 2791855
Look for the 6005 message in the event viewer - this will tell you when the event log was last started (ie when it was rebooted).
A power on / off will cause a dirty shutdown message in the event log - message ID 6008.
0
Swamped with email signature updates?

Have you been given a load of changes to make to your users’ email signatures? Having to manually implement multiple signatures for every department? Let Exclaimer save you from being swamped with email signature updates!

 

Expert Comment

by:rwberger
ID: 2794407
The way I do this is to enable "Restart, Shutdown and System" in the audit policy of User Manager.

You'll have to restart your system. This will log event 512 in the system log of the event viwer whenever the system boots.

Ramon Berger
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 2794479
rwberger,

Please reread the comments - you'll find I've already given that as an answer - to be courteous, I did not lock the question by "answering" it so others could also make suggestions.

0
 

Expert Comment

by:rwberger
ID: 2794641
rwberger changed the proposed answer to a comment
0
 

Author Comment

by:KW82
ID: 2795925
Thanks all for valid and helpful contributions, especially "leew."

I am however sure that there must be a way to distinguish between a cold reboot and a CAD shutdown/restart because Windows can tell the difference when it restarts - ie it runs scandisk or it doesn't.

Any ideas anyone??
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 2801101
I'll try again :

Look for the 6005 message in the event viewer - this will tell you when the event log was last started (ie when it was rebooted).

A power on / off will cause a dirty shutdown message in the event log - message ID 6008.   Every time a dirty shutdown is detected, SCANDISK will be run.

So - 6005 will tell you when there's been a graceful reboot.

6008 will tell you when there's been a power off, or a blue screen (which will be listed in the event viewer as well).
0
 

Author Comment

by:KW82
ID: 2801730
OK, guess I missed that one Tim. Sorry.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 2803667
No probs - I thought you may have missed it !
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
login windows 10 4 42
Complete list of Microsoft tech support phone numbers 5 82
PDFMate free PDF Merger. Security concern 8 88
Windows IPv6 DHCP server 8 38
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Recently Microsoft released a brand new function called CONCAT. It's supposed to replace its predecessor CONCATENATE. But how does it work? And what's new? In this article, we take a closer look at all of this - we even included an exercise file for…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now