I was talking to a friend the other day and he was using my user experience script in his RMM system for a while. He told me that he loved having the ability to measure the users experience but he had some clients with in-house applications that would write errors to the system log constantly, or he had other clients with crashing services that could not be prevented.

This caused him to disable the User Experience Monitoring script for those clients, which is a shame because it’s what we should be focusing on as MSPs these days. I figured I’d make a lighter version that does not rely on the Windows Reliability Index instead. That way we could avoid some of the crashing services or other issues. So lets get to the script!

The Script

Instead of grabbing the Reliability index – We’re collecting all logs for the last 15 minutes and counting how many AppHangs have been experienced. An AppHang is when the application gives the famous “Not responding” pop-up. We also grab hard application crashes, but filter our those that we don’t want to see such as the LOB application spoken about above.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19

$IDs = "1002", "1000"
$ExcludedApplications = "*Slack*"
$MaxCount = '1'

$LogFilter = @{
LogName = 'Application'
ID = $IDs
StartTime = (get-date).AddMinutes(-15)
}

$Last15Minutes = Get-WinEvent -FilterHashTable $LogFilter -ErrorAction SilentlyContinue | where-object { $\_.message -notlike $ExcludedApplications }

if ($Last15Minutes.count -ge $MaxCount) {
write-host "Unhealthy - The maximum application crash logs are higher than $MaxCount"
}

if (!$Last15Minutes) {
write-host "Healthy - No app crash logs found"
}

Now this is just an example on how you can achieve this really – If anything I’d suggest to expand on this and get some information to compile your own reliability score. I also don’t specifically love getting Windows Events instead of directly monitoring yourself, but Apphangs aren’t really documented elsewhere.

And that’s it! as always, Happy PowerShelling 🙂