Windows 10 uptime

One of the things that managers seem to be fascinated with is up time. For Windows server operating systems its a fairly simple calculation

PS>  (Get-Date) - (Get-CimInstance -ClassName Win32_OperatingSystem | select -ExpandProperty LastBootUpTime)


Days              : 0
Hours             : 3
Minutes           : 46
Seconds           : 45
Milliseconds      : 465
Ticks             : 136054659217
TotalDays         : 0.157470670390046
TotalHours        : 3.77929608936111
TotalMinutes      : 226.757765361667
TotalSeconds      : 13605.4659217
TotalMilliseconds : 13605465.9217

You can get a bit more precise by using the time the event log service is started as that’s early in the boot sequence while LastBootUpTime really records when the machine is ready to access. If you want to use the event log methodology see https://richardspowershellblog.wordpress.com/2009/02/14/machine-uptime/

With Windows 10 (actually with Windows 8 or 8.1 as well) this breaks down.

PS> (Get-Date) - (Get-CimInstance -ClassName Win32_OperatingSystem | select -ExpandProperty LastBootUpTime)


Days              : 23
Hours             : 6
Minutes           : 57
Seconds           : 55
Milliseconds      : 371
Ticks             : 20122753718697
TotalDays         : 23.2902242114549
TotalHours        : 558.965381074917
TotalMinutes      : 33537.922864495
TotalSeconds      : 2012275.3718697
TotalMilliseconds : 2012275371.8697

I use my computer a lot but 23 days is a bit excessive even for me.

If we look at the last boot time

PS> Get-CimInstance -ClassName Win32_OperatingSystem | select LastBootUpTime

LastBootUpTime
--------------
11/02/2017 10:00:35

You can see the calculation is correct.

This happens because Windows 10 (and 8 and 8.1) don’t fully power down when you do a Shut Down. They enter an extreme sleep state. This is the reason that start up times shrunk so dramatically when Windows 8 was introduced.

So how can you determine when your Windows 10, 8.1 or 8 machine was used.

You might be tempted to look in the System event log – where you’ll find entries like this each time the Windows machine is woken up

PS> Get-EventLog -LogName system -InstanceId 2147489661 | select -First 1 | Format-List


Index              : 8668
EntryType          : Information
InstanceId         : 2147489661
Message            : The system uptime is 1995412 seconds.
Category           : (0)
CategoryNumber     : 0
ReplacementStrings : {, , , ...}
Source             : EventLog
TimeGenerated      : 06/03/2017 12:17:24
TimeWritten        : 06/03/2017 12:17:24
UserName           :

Unfortunately this takes us back to out 23 days

PS> New-TimeSpan -Seconds 1995412


Days              : 23
Hours             : 2
Minutes           : 16
Seconds           : 52
Milliseconds      : 0
Ticks             : 19954120000000
TotalDays         : 23.0950462962963
TotalHours        : 554.281111111111
TotalMinutes      : 33256.8666666667
TotalSeconds      : 1995412
TotalMilliseconds : 1995412000

Using the event log service start up also gives us the hard power up date

PS> Get-EventLog -LogName system | where{(($_.EventId -eq 6005) -or ($_.EventId -eq 6006)) } | select -First 1 | Format-
List


Index              : 6275
EntryType          : Information
InstanceId         : 2147489653
Message            : The Event log service was started.
Category           : (0)
CategoryNumber     : 0
ReplacementStrings : {}
Source             : EventLog
TimeGenerated      : 11/02/2017 10:00:30
TimeWritten        : 11/02/2017 10:00:30
UserName           :

There is an entry in the System event log for when the machine comes out of its power down mode:

PS> Get-EventLog -LogName system -InstanceId 1 | where Message -Like '*low power*' | select -First 1 | Format-List


Index              : 8683
EntryType          : Information
InstanceId         : 1
Message            : The system has returned from a low power state.

                     Sleep Time: 2017-03-05T22:00:54.261033400Z
                     Wake Time: 2017-03-06T12:17:26.089189400Z

                     Wake Source: 0
Category           : (0)
CategoryNumber     : 0
ReplacementStrings : {2017-03-05T22:00:54.261033400Z, 2017-03-06T12:17:26.089189400Z, 1245, 1590...}
Source             : Microsoft-Windows-Power-Troubleshooter
TimeGenerated      : 06/03/2017 12:17:28
TimeWritten        : 06/03/2017 12:17:28
UserName           : NT AUTHORITY\LOCAL SERVICE

so you could calculate uptime as

PS> (Get-Date) - (Get-EventLog -LogName system -InstanceId 1 | where Message -Like '*low power*' | select -First 1 | sel
ect -ExpandProperty TimeGenerated)


Days              : 0
Hours             : 4
Minutes           : 54
Seconds           : 9
Milliseconds      : 174
Ticks             : 176491748155
TotalDays         : 0.20427285666088
TotalHours        : 4.90254855986111
TotalMinutes      : 294.152913591667
TotalSeconds      : 17649.1748155
TotalMilliseconds : 17649174.8155

If you really wanted to you could dig into the log entries and use the sleep and wake times in the message block

PS> Get-EventLog -LogName system -InstanceId 1 | where Message -Like '*low power*' | select -First 1 | select -ExpandPro
perty ReplacementStrings
2017-03-05T22:00:54.261033400Z
2017-03-06T12:17:26.089189400Z
1245
1590
1501
0
9469
5143
195417
16641
6
5
0
0

0
0
0
PS> $rs = Get-EventLog -LogName system -InstanceId 1 | where Message -Like '*low power*' | select -First 1 | select -ExpandProperty ReplacementStrings

From which you can calculate the time the machine was powered down (asleep)

PS> [datetime]$rs[1] - [datetime]$rs[0]


Days              : 0
Hours             : 14
Minutes           : 16
Seconds           : 31
Milliseconds      : 828
Ticks             : 513918281560
TotalDays         : 0.59481282587963
TotalHours        : 14.2755078211111
TotalMinutes      : 856.530469266667
TotalSeconds      : 51391.828156
TotalMilliseconds : 51391828.156

So how much have I been using the machine in the last week

$now = Get-Date
$start = $now.AddDays(-7)

$events = Get-EventLog -LogName system -InstanceId 1 -After $start  | 
where Message -Like '*low power*'

$lastevt = $events.Count - 1 


## time since last wake up
$usetime = $now - [datetime]$events[0].ReplacementStrings[1]

for ($i=0; $i -lt $lastevt; $i++){
 
  $Sleep = [datetime]$events[$i].ReplacementStrings[0]
  $Wake = [datetime]$events[$i+1].ReplacementStrings[1]
  
  $tt = $sleep - $wake

  $usetime += $tt

}

$usetime
Days              : 2
Hours             : 15
Minutes           : 46
Seconds           : 20
Milliseconds      : 736
Ticks             : 2295807363007
TotalDays         : 2.65718444792477
TotalHours        : 63.7724267501944
TotalMinutes      : 3826.34560501167
TotalSeconds      : 229580.7363007
TotalMilliseconds : 229580736.3007

Calculating Windows 10 uptime isn’t simple but can be done with these techniques

Advertisements
This entry was posted in Powershell, Windows 10. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s