Event Logs to Investigate Machine Restarts

The following are Powershell commands that can help do a quick assessment of machine restarts. This will query the event logs and pull event ID 1074 that will provide the nature of the restart including the process and user account used to initiate the restart. This will provide output to Out-Gridview get-eventlog -log system | where…