查Windows开机耗时是否正常

2024-04-12 16:02:43 浏览数 (1)

本文介绍通过powershell命令快速定位开机耗时是否正常(日志只是列出时间点,需要自己对比时间差,一般来说,开机耗时不会超过1分钟,那些明显超过的,我们可以结合如下命令判断主要卡在了哪个阶段)

正常开机过程如上图,Windows启动过程:os loader(winload.exe ntoskrnl.exe ) → 加载驱动 → smss.exe → autochk.exe → smss.exe → csrss.exe → smss.exe → wininit.exe → csrss.exe → winlogon.exe → services.exe → lsass.exe → svchost.exe → 登录就绪(LogonUI.exe、dwm.exe )

异常举例:smss.exe → autochk.exe → smss.exe → csrss.exe 这个过程中,从autochk.exe → smss.exe耗费了将近5分钟

#查开机耗时

代码语言:powershell复制
Get-WinEvent -FilterHashtable @{logname='System';id=@(12,6005);StartTime=(Get-Date).AddDays(-1) } -EA 0| Where-Object {$_.ProviderName -eq "Microsoft-Windows-Kernel-General" -or $_.ProviderName -eq "User32" -or $_.ProviderName -eq "EventLog" } |Sort-Object -Property TimeCreated

#查开机各阶段耗时

代码语言:powershell复制
Get-WinEvent -FilterHashtable @{logname='Security';id=@(4688);StartTime=(Get-Date).AddDays(-1) } -EA 0| Where-Object {$_.ProviderName -eq "Microsoft-Windows-Security-Auditing"} |Sort-Object -Property TimeCreated

以上2句命令还可以合并成一句

代码语言:powershell复制
(Get-WinEvent -FilterHashtable @{logname='System';id=@(12,6005);StartTime=(Get-Date).AddDays(-1)} -EA 0| Where-Object {$_.ProviderName -eq "Microsoft-Windows-Kernel-General" -or $_.ProviderName -eq "User32" -or $_.ProviderName -eq "EventLog"})   (Get-WinEvent -FilterHashtable @{logname='Security';id=@(4688);StartTime=(Get-Date).AddDays(-1)} -EA 0 | Where-Object {$_.ProviderName -eq "Microsoft-Windows-Security-Auditing"}) | Sort-Object -Property TimeCreated

像上图这种一直循环事件ID4688的,大概率是开启了ClearPageFileAtShutdown这个注册表导致在重启或关机阶段持续了很久,解决方案:

代码语言:javascript复制
reg add "HKLMSYSTEMCurrentControlSetControlSession ManagerMemory Management"  /v "ClearPageFileAtShutdown" /d 0 /t REG_DWORD /f

#查最近1天的开关机、重启记录

代码语言:javascript复制
Get-WinEvent -FilterHashtable @{logname='System';id=@(12,13,6005,6006,6008,41,1074,7001);StartTime=(Get-Date).AddDays(-1) }  |Sort-Object -Property TimeCreated

#查最近1天登录相关的记录

代码语言:javascript复制
Get-WinEvent -FilterHashtable @{logname='Application';id=@(1530,1531,1532);StartTime=(Get-Date).AddDays(-1)} -ErrorAction SilentlyContinue |Sort-Object -Property TimeCreated
windowsserver 云服务器 windows

0 人点赞