Although UTC dates are non-intuitive at first glance, they are relatively easy to convert to a standard date-time format.Luckily, to convert this string to a valid Datetime, we can rely on the SWbem Date Time object.Duration Title Result Result Type -------- ----- ------ ---------- 0,0393308 Tick Count Time Span Get-Date 07/07/2014 System.Date Time 0,0417487 WMI query SWbem Date Time 07/07/2014 System.These strings are compliant with the CIM standards, so to get a valid re-usable System. Like most Windows developers know (while many administrators have never heard of it), starting with Windows Vista in 2006, the Windows Event Logs has been rewritten on top of the Event Tracing for Windows (ETW) technology, which is a system and software diagnostic, troubleshooting and performance monitoring component. The main drawback of using Get-Event Log is that it doesn't support much in the way of filtering.Date Time object we have first to make some rework.# Convert from VT_BSTR to System. A lot of other Windows components were since then built on top of it, such as Resource Monitor, which allows sysadmins to drill down computer performance much better they could do with Task Manager on older versions.$Event12 = Get-Wmi Object -Class Win32_NTLog Event ` -Filter "Log File = 'System' AND Source Name='Microsoft-Windows-Kernel-General' AND Event Code=12" | Select-Object -First 1 $Event12. Timegenerated)$Event6005 = Get-Wmi Object -Class Win32_NTLog Event ` -Filter "Log File = 'System' AND Source Name='Event Log' AND Event Code=6005" | Select-Object -First 1 $Event6005. Timegenerated)$Event12 = Get-Wmi Object -Query "SELECT * FROM Win32_NTLog Event ` WHERE (logfile='System') AND (Source Name='Microsoft-Windows-Kernel-General') AND (Event Code='12')" | Select-Object -First 1 $Event12. Timegenerated)$Event6005 = Get-Wmi Object -Query "SELECT * FROM Win32_NTLog Event ` WHERE (logfile='System') AND (Source Name='Event Log') AND (Event Code='6005')" | Select-Object -First 1 $Event6005. That means you have to retrieve all of the entries, and then use Where-Object to filter.As a consequence those that are based on text parsing or regular expressions might need some correction if you want to run them on a computer with different regional settings. Lot of text in the output, as you can see, and the proceeding to get something meaningful out of it is a bit less comfortable, since some regex pattern matching needs to be done (if you have any kind of question do not hesitate to ask in the comment section below):).

Be wary by the way that this subject is very wide, and I have allowed myself some small off-topics that are meant to shed some light on the pieces of code we are now so used to see out there. In any case, please notice that the following examples have been prepared and tested on computers with European settings for the date (dd/MM/yyyy). The transformation can be achieved with an easy one-liner (for an explication of which you can refer to The main drawback of using systeminfo is that, since it retrieves the list of all the installed patches, it can take quite a long time to be executed, especially on long living systems, and there is nothing you can do to improve statistics server Server Statistics for \SRV01 Statistics since 07/07/2014 Sessions accepted 0 Sessions timed-out 0 Sessions errored-out 0 Kilobytes sent 16 Kilobytes received 0 Mean response time (msec) 0 System errors 0 Permission violations 0 Password violations 0 Files accessed 21 Communication devices accessed 0 Print jobs spooled 0 Times buffers exhausted Big buffers 0 Request buffers 0 The command completed successfully.Furthermore there are a few interesting properties containing precious time-oriented information: Current Time Zone, Install Date, Local Date Time and, can't believe it, Last Boot Up Time.As I explained before, WMI dates are returned as strings and not as datetime objects. Value)Time to pass to exploring the information that can be retrieved from your system event logs and see how they compare, but before we see that, and for better understanding, it's interesting to see how the Microsoft Eventing engine has evolved in the past 10 years.Date Time 0,1307235 WMIC SWbem Date Time 07/07/2014 System.Date Time 0,2467589 Get-Win Event Filter XML 12 07/07/2014 System.

Date Time 0,0429207 WMI Management Date Time Converter 07/07/2014 System.

