Are your end-users complaining about long start-up times of their workstations? Do you still go on-site to check it yourself? If you do, you don’t probably know that nowadays Windows records performance information into an application event log called Diagnostics-Performance. It has been there since Windows Vista.
The Diagnostics-Performance log is very useful when troubleshooting workstation performance problems. It has events about boot (event ID 1xx), shutdown (2xx), standby (3xx) and system performance monitoring (4xx) as well as Desktop Window Manager monitoring (5xx). This article focuses on boot performance events and particularly event ID 100 that stands for “Windows has started up”.
You can find the log under Applications and Services Logs > Microsoft > Windows in the Event Viewer:
Event ID 100 containing the boot duration information is generated some time after each boot. You can see an example of such event in the above screenshot. There are many more attributes available on the Details tab that give even more detailed information on how long each phase or section of the boot takes.
When investigating the ID 100 events, remember that Windows 8(.1) does not actually boot every time you shut down and start up the computer. Instead it goes to standby and generates standby events to the log. Also notice that the Diagnostics-Performance log exists only on workstation versions of Windows, not on servers.
Wouldn’t it be nice to have the boot performance information available summarized in a single place? Miradore has a feature called Custom inventory, which makes it possible to schedule clients to run scripts that report wanted attributes to Miradore server in XML format. I have created a custom inventory script that reads all events from Diagnostics-Performance log that have ID 100, does some calculations and then sends results to Miradore.
Shortly after receiving the script result as a XML file from the client, the results are visible in Miradore user interface. There is a Custom inventory section on device’s asset form. Example below:
In the main Custom inventory view you can see the results from all the devices in one view. It’s also possible to export the data to for example Excel file.
Main boot phase is the duration of the boot starting when BIOS initialization ends and Windows starts to load, ending when desktop appears. Post boot phase starts when desktop appears and ends when Windows has completed all the startup tasks. Boot duration then includes both main and post boot phase durations. The custom inventory reports average value for main and post boot phase durations as well as average, fastest, slowest and last values for the whole boot duration. These values are all in hh:mm:ss format.
The inventory report also shows last boot date and oldest recorded boot date. It’s important to notice that Diagnostics-Performance log might not contain whole history of boot events as the default maximum log size is 1028 KB and oldest events are overwritten once the limit is reached. Boot frequency in days tells how often the device has rebooted on average.
Information sources: http://www.happysysadm.com/2014/07/windows-boot-history-and-boot.html