In Windows 7 administrators have the possibility to monitor boot and shutdown performance by reviewing event logs. The most common one is located at Event Viewer > Application and Services Logs > Microsoft > Windows > Diagnostics-Performance > Operational. Events with an ID of 100 for boot up and 200 for shutdown will give you some basic information on the general tab, for example, when did the last boot up or shutdown happen and how long took it to complete and more detailed information on the Details tab.
On the Details tab you can find even more. Here is how to get this information programatically with the help of powershell. Run the following commands from an elevated powershell:
These upper 3 lines will get all events from the named logfile with the event id 100. Afterwards in converts the first result to xml, which now can be used in different ways. At this time we just want to print it on the screen. The lower 3 lines will do the same for shutdown events with event id 200.
This is the boot result for my computer:
Name #text
—- —–
BootTsVersion 2
BootStartTime 2012-01-10T07:33:36.656000300Z
BootEndTime 2012-01-10T07:35:43.438676400Z
SystemBootInstance 167
UserBootInstance 122
BootTime 78563
MainPathBootTime 30263
BootKernelInitTime 28
BootDriverInitTime 1521
BootDevicesInitTime 1809
BootPrefetchInitTime 0
BootPrefetchBytes 0
BootAutoChkTime 0
BootSmssInitTime 7424
BootCriticalServicesInitTime 534
BootUserProfileProcessingTime 4625
BootMachineProfileProcessingTime 10802
BootExplorerInitTime 2383
BootNumStartupApps 17
BootPostBootTime 48300
BootIsRebootAfterInstall false
BootRootCauseStepImprovementBits 0
BootRootCauseGradualImprovementBits 0
BootRootCauseStepDegradationBits 0
BootRootCauseGradualDegradationBits 0
BootIsDegradation false
BootIsStepDegradation false
BootIsGradualDegradation false
BootImprovementDelta 0
BootDegradationDelta 0
BootIsRootCauseIdentified false
OSLoaderDuration 1026
BootPNPInitStartTimeMS 28
BootPNPInitDuration 1990
OtherKernelInitDuration 1006
SystemPNPInitStartTimeMS 2990
SystemPNPInitDuration 1340
SessionInitStartTimeMS 4337
Session0InitDuration 5181
Session1InitDuration 1192
SessionInitOtherDuration 1050
WinLogonStartTimeMS 11761
OtherLogonInitActivityDuration 691
UserLogonWaitDuration 8463
And here is the shutdown result:
Name #text
—- —–
ShutdownTsVersion 1
ShutdownStartTime 2012-01-07T15:06:38.501239300Z
ShutdownEndTime 2012-01-07T15:07:03.559344800Z
ShutdownTime 25058
ShutdownUserSessionTime 2728
ShutdownUserPolicyTime 37
ShutdownUserProfilesTime 84
ShutdownSystemSessionsTime 20852
ShutdownPreShutdownNotificationsTime 15732
ShutdownServicesTime 5007
ShutdownKernelTime 1477
ShutdownRootCauseStepImprovementBits 0
ShutdownRootCauseGradualImprovementBits 0
ShutdownRootCauseStepDegradationBits 0
ShutdownRootCauseGradualDegradationBits 0
ShutdownIsDegradation false
ShutdownTimeChange 0
Have a look at this blog post to learn how to push this data into a SQL database with powershell.
Why not every boot logs an event 100? What to configure if I want?