KW82
asked on
HOW DO I DISCOVER LAST REBOOT TIME IN WIN NT4?
IS THERE AN EASY WAY TO TELL IF A WINDOWS NT 4.0 MACHINE HAS BEEN REBOOTED ? LOOKING AT THE c/a/d SECURITY BOX WILL TELL ME WHEN I LAST LOGGED ON BUT NOT IF THE MACHINE HAS BEEN SHUTDOWN.
ALSO... IF THIS IS POSSIBLE, IS THERE A WAY TO DISTINGUISH BETWEEN A POWEROFF/ON AND A c/a/d SHUTDOWN RESTART IN THE SAME WAY AS MS SCANDISK?
ANY HELP GREATLY APPRECIATED.
THANKS
ALSO... IF THIS IS POSSIBLE, IS THERE A WAY TO DISTINGUISH BETWEEN A POWEROFF/ON AND A c/a/d SHUTDOWN RESTART IN THE SAME WAY AS MS SCANDISK?
ANY HELP GREATLY APPRECIATED.
THANKS
search microsoft's site for an uptime.exe, or just load up task manager and look at the cpu time of system idle process, or you can just scan through your event viewer's system log and look for the times event viewer started, since it usually gets loaded up by default
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
system idle process has never reached 100 for me, so it's a fairly good estimate, who knows, maybe uptime just calculates that
My point is if you use MS Access or run a distributed computing program such as SETI at home, this eats up CPU cycles which takes away from the Idle process. For example, on my system, my system Idle process is at 119:47. But Seti is as 58:46. Plus various other services and applications total in excess of 45 minutes. If I close ANY program once it's opened, it causes my time count to be instantly off. If you add all this time together, my uptime is about 179 hrs 18 minutes. According to "UpTime" my system has only been on for 4 days 1 hour and 19 minutes (97:19) - which is more accurate - (I have dual CPUs and with each single second or realtime idleness, both CPUs experience it and therefore 1 second is equal to 2. Now Uptime (from one of the resource kits) appears fairly accurate - according to the workstation service, my system has been up since May 4 at 5:14 pm
leew: i was wrong, i ran some tests and system idle time does stop when the cpu is fully used
the new uptime 2.0 in windows 2000 is very good, it calculates uptime availability as well, as well as some other useful facts, but it doesn't work for NT4 i don't believe
the new uptime 2.0 in windows 2000 is very good, it calculates uptime availability as well, as well as some other useful facts, but it doesn't work for NT4 i don't believe
Look for the 6005 message in the event viewer - this will tell you when the event log was last started (ie when it was rebooted).
A power on / off will cause a dirty shutdown message in the event log - message ID 6008.
A power on / off will cause a dirty shutdown message in the event log - message ID 6008.
The way I do this is to enable "Restart, Shutdown and System" in the audit policy of User Manager.
You'll have to restart your system. This will log event 512 in the system log of the event viwer whenever the system boots.
Ramon Berger
You'll have to restart your system. This will log event 512 in the system log of the event viwer whenever the system boots.
Ramon Berger
rwberger,
Please reread the comments - you'll find I've already given that as an answer - to be courteous, I did not lock the question by "answering" it so others could also make suggestions.
Please reread the comments - you'll find I've already given that as an answer - to be courteous, I did not lock the question by "answering" it so others could also make suggestions.
rwberger changed the proposed answer to a comment
ASKER
Thanks all for valid and helpful contributions, especially "leew."
I am however sure that there must be a way to distinguish between a cold reboot and a CAD shutdown/restart because Windows can tell the difference when it restarts - ie it runs scandisk or it doesn't.
Any ideas anyone??
I am however sure that there must be a way to distinguish between a cold reboot and a CAD shutdown/restart because Windows can tell the difference when it restarts - ie it runs scandisk or it doesn't.
Any ideas anyone??
I'll try again :
Look for the 6005 message in the event viewer - this will tell you when the event log was last started (ie when it was rebooted).
A power on / off will cause a dirty shutdown message in the event log - message ID 6008. Every time a dirty shutdown is detected, SCANDISK will be run.
So - 6005 will tell you when there's been a graceful reboot.
6008 will tell you when there's been a power off, or a blue screen (which will be listed in the event viewer as well).
Look for the 6005 message in the event viewer - this will tell you when the event log was last started (ie when it was rebooted).
A power on / off will cause a dirty shutdown message in the event log - message ID 6008. Every time a dirty shutdown is detected, SCANDISK will be run.
So - 6005 will tell you when there's been a graceful reboot.
6008 will tell you when there's been a power off, or a blue screen (which will be listed in the event viewer as well).
ASKER
OK, guess I missed that one Tim. Sorry.
No probs - I thought you may have missed it !