{"id":208694,"date":"2024-01-19T09:24:18","date_gmt":"2024-01-19T09:24:18","guid":{"rendered":"https:\/\/www.ninjaone.com\/script-hub\/upptack-analysera-blue-screens-of-death-bsod-powershell\/"},"modified":"2024-03-05T11:35:46","modified_gmt":"2024-03-05T11:35:46","slug":"upptack-analysera-blue-screens-of-death-bsod-powershell","status":"publish","type":"script_hub","link":"https:\/\/www.ninjaone.com\/sv\/script-hub\/upptack-analysera-blue-screens-of-death-bsod-powershell\/","title":{"rendered":"Hur man uppt\u00e4cker och analyserar Blue Screens of Death (BSOD) med PowerShell"},"content":{"rendered":"

Blue Screen of Death (BSOD)<\/a>\u00a0\u00e4r en term som f\u00e5r det att g\u00e5 kalla k\u00e5rar l\u00e4ngs ryggraden p\u00e5 m\u00e5nga datoranv\u00e4ndare. Det \u00e4r en stoppfelssk\u00e4rm som visas p\u00e5 ett Windows-datorsystem efter ett allvarligt systemfel. BSOD orsakas ofta av h\u00e5rdvaru- eller drivrutinsproblem, men kan \u00e4ven utl\u00f6sas av programvarufel, vilket leder till ett abrupt stopp i systemets funktioner. Att f\u00f6rst\u00e5 och diagnostisera dessa fel \u00e4r av st\u00f6rsta vikt inom IT-omr\u00e5det, och i den h\u00e4r artikeln beskrivs ett PowerShell-skript som \u00e4r utformat f\u00f6r att uppt\u00e4cka och logga dessa ov\u00e4ntade avst\u00e4ngningar.<\/p>\n

Bakgrund<\/h2>\n

Skriptet anv\u00e4nder BlueScreenView-verktyget fr\u00e5n Nirsoft<\/a>, ett verktyg som \u00e4r s\u00e4rskilt utformat f\u00f6r att analysera minidumpfiler som genereras under en BSOD. F\u00f6r IT-proffs och tj\u00e4nsteleverant\u00f6rer (MSP) \u00e4r det ov\u00e4rderligt att automatisera processen f\u00f6r att uppt\u00e4cka och analysera dessa minidumpfiler, eftersom det ger en systematisk metod f\u00f6r fels\u00f6kning.<\/p>\n

Manus<\/h2>\n
#Requires -Version 5.1\r\n\r\n<#\r\n.SYNOPSIS\r\n    Conditional script for detecting BSOD's. Uses BlueScreenView from Nirsoft.\r\n.DESCRIPTION\r\n    Conditional script for detecting BSOD's. Uses BlueScreenView from Nirsoft.\r\n    Will always show the number of Unexpected shutdowns if system is setup to log those events.\r\n        This doesn't always mean that there was a BSOD as this includes things like holding the power button or pressing the rest button.\r\n    When a mini dump is detected in C:WindowsMinidump then this will output the results and exit with an exit code of 1.\r\n    When none have been found then this will exit with an exit code of 0.\r\n    When it couldn't download or extract BlueScreenView then this will exit with an exit code of 2.\r\n.OUTPUTS\r\n    None\r\n.NOTES\r\n    This should be the default, but in case this was modified instructions below.\r\n    Minimal Setup:\r\n        Open System Properties.\r\n        Click on Settings under Startup and Recovery.\r\n        Make sure that \"Write an event to the system log\" is checked.\r\n        Under System failure change to \"Write debugging information\" to Automatic memory dump.\r\n    Minimum OS Architecture Supported: Windows 10, Windows Server 2016\r\n    Release Notes:\r\n    Initial Release\r\n    (c) 2023 NinjaOne\r\n    By using this script, you indicate your acceptance of the following legal terms as well as our Terms of Use at https:\/\/www.ninjaone.com\/terms-of-use.\r\n    Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms. \r\n    Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party. \r\n    Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library or website belonging to or under the control of any other software provider. \r\n    Warranty Disclaimer: The script is provided \u201cas is\u201d and \u201cas available\u201d, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations. \r\n    Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks. \r\n    Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script. \r\n    EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).\r\n#>\r\n\r\n[CmdletBinding()]\r\nparam ()\r\n\r\nprocess {\r\n    if (-not (Test-IsElevated)) {\r\n        Write-Error -Message \"Access Denied. Please run with Administrator privileges.\"\r\n        exit 1\r\n    }\r\n\r\n    # Get unexpected shutdown events from System log\r\n    $UnexpectedShutdownEvents = Get-WinEvent -FilterHashtable @{LogName = 'System'; ID = 6008 }\r\n    if ($UnexpectedShutdownEvents) {\r\n        Write-Host \"Unexpected shutdowns found: $($UnexpectedShutdownEvents.Count)\"\r\n        Write-Host \"\"\r\n    }\r\n\r\n    # Check if any minidumps exist and exit if none are found\r\n    if (-not $(Get-ChildItem -Path \"C:WindowsMinidump\" -ErrorAction SilentlyContinue)) {\r\n        Write-Host \"No mini dumps found.\"\r\n        exit 0\r\n    }\r\n    \r\n    # Download Blue Screen View, run, and export results to a csv file\r\n    try {\r\n        Invoke-WebRequest -Uri $BlueScreenViewUrl -OutFile $ZipPath -ErrorAction Stop\r\n        Expand-Archive -Path $ZipPath -DestinationPath $ENV:Temp -Force -ErrorAction Stop\r\n        Start-Process -FilePath $ExePath -ArgumentList \"\/scomma \"\"$CsvPath\"\"\" -Wait -ErrorAction Stop\r\n    }\r\n    catch {\r\n        Write-Host \"Blue Screen View Command has Failed: $($_.Exception.Message)\"\r\n        # Clean Up\r\n        Remove-DownloadedFiles -Path $CsvPath, $ZipPath, $ExePath, \"$($ENV:Temp)BlueScreenView.chm\", \"$($ENV:Temp)readme.txt\"\r\n        exit 2\r\n    }\r\n\r\n    # Convert the CSV to an array of objects\r\n    $MiniDumps = Get-Content -Path $CsvPath |\r\n        ConvertFrom-Csv -Delimiter ',' -Header $Header |\r\n        Select-Object -Property @{\r\n            'n' = \"Timestamp\";\r\n            'e' = { [DateTime]::Parse($_.timestamp, [System.Globalization.CultureInfo]::CurrentCulture) }\r\n        }, Dumpfile, Reason, Errorcode, CausedByDriver\r\n\r\n    # Clean Up\r\n    Remove-DownloadedFiles -Path $CsvPath, $ZipPath, $ExePath, \"$($ENV:Temp)BlueScreenView.chm\", \"$($ENV:Temp)readme.txt\"\r\n\r\n    # Output the results\r\n    $MiniDumps | Out-String | Write-Host\r\n\r\n    if ($MiniDumps) {\r\n        exit 1\r\n    }\r\n    exit 0\r\n}\r\nbegin {\r\n    function Test-IsElevated {\r\n        $id = [System.Security.Principal.WindowsIdentity]::GetCurrent()\r\n        $p = New-Object System.Security.Principal.WindowsPrincipal($id)\r\n        $p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)\r\n    }\r\n    function Remove-DownloadedFiles {\r\n        param([string[]]$Path)\r\n        process { Remove-Item -Path $Path -Force -ErrorAction SilentlyContinue }\r\n    }\r\n\r\n    # CSV Headers\r\n    $Header = @(\r\n        \"Dumpfile\"\r\n        \"Timestamp\"\r\n        \"Reason\"\r\n        \"Errorcode\"\r\n        \"Parameter1\"\r\n        \"Parameter2\"\r\n        \"Parameter3\"\r\n        \"Parameter4\"\r\n        \"CausedByDriver\"\r\n    )\r\n\r\n    # Build path variables\r\n    $CsvFileName = \"bluescreenview-export.csv\"\r\n    $BlueScreenViewZip = \"bluescreenview.zip\"\r\n    $BlueScreenViewExe = \"BlueScreenView.exe\"\r\n    $BlueScreenViewUrl = \"https:\/\/www.nirsoft.net\/utils\/$BlueScreenViewZip\"\r\n    $ZipPath = Join-Path -Path $ENV:Temp -ChildPath $BlueScreenViewZip\r\n    $ExePath = Join-Path -Path $ENV:Temp -ChildPath $BlueScreenViewExe\r\n    $CsvPath = Join-Path -Path $ENV:Temp -ChildPath $CsvFileName\r\n}\r\nend {}<\/pre>\n
 <\/p>\n\n\n
Detaljerad uppdelning<\/strong><\/h2>\n
    \n
  1. F\u00f6rkunskapskrav:<\/strong> Skriptet kr\u00e4ver PowerShell version 5.1 och \u00e4r utformat f\u00f6r Windows 10 och Windows Server 2016.<\/li>\n
  2. Initialisering:<\/strong> Den b\u00f6rjar med att s\u00e4kerst\u00e4lla att den har administrat\u00f6rsbeh\u00f6righet, vilket \u00e4r n\u00f6dv\u00e4ndigt f\u00f6r att komma \u00e5t systemloggar och minidumpfiler.<\/li>\n
  3. Ov\u00e4ntade avst\u00e4ngningar:<\/strong> Skriptet s\u00f6ker sedan efter ov\u00e4ntade avst\u00e4ngningsh\u00e4ndelser i systemloggen.<\/li>\n
  4. Minidump Check:<\/strong> Den s\u00f6ker efter minidump-filer i den angivna katalogen.<\/li>\n
  5. Integration av BlueScreenView:<\/strong> Om minidump-filer uppt\u00e4cks laddar skriptet ner och k\u00f6r BlueScreenView och exporterar resultaten till en CSV-fil.<\/li>\n
  6. Parsning av data:<\/strong> CSV-data konverteras till en upps\u00e4ttning objekt som anv\u00e4ndaren kan visa.<\/li>\n
  7. Reng\u00f6ring:<\/strong> Efter analysen tas alla nedladdade eller extraherade filer bort.<\/li>\n<\/ol>\n
    Potentiella anv\u00e4ndningsomr\u00e5den<\/h2>\n
    T\u00e4nk dig en IT-expert, Alex, som har uppm\u00e4rksammats p\u00e5 \u00e5terkommande BSOD:s p\u00e5 ett f\u00f6retags designavdelning. Ist\u00e4llet f\u00f6r att manuellt g\u00e5 igenom varje system anv\u00e4nder Alex detta skript. P\u00e5 n\u00e5gra \u00f6gonblick identifierar han en specifik drivrutin som orsakar BSOD, vilket m\u00f6jligg\u00f6r en m\u00e5linriktad l\u00f6sning. Detta skript blir d\u00e4rmed ett kraftfullt verktyg i hans fels\u00f6kningsarsenal.<\/p>\n
    J\u00e4mf\u00f6relser<\/h2>\n
    H\u00e4ndelsevisaren i Windows ger insikter, men saknar den detaljerade minidump-analys som BlueScreenView erbjuder. Detta script \u00f6verbryggar detta gap p\u00e5 ett effektivt s\u00e4tt och erbjuder en mer helt\u00e4ckande metod \u00e4n manuella metoder.<\/p>\n
    Vanliga fr\u00e5gor<\/h2>\n
      \n
    • Fr\u00e5ga:<\/strong> Kan detta skript k\u00f6ras p\u00e5 \u00e4ldre Windows-versioner?
      \nSvar: Den \u00e4r optimerad f\u00f6r Windows 10 och Windows Server 2016. \u00c4ldre versioner kanske inte st\u00f6der alla funktioner.<\/li>\n
    • Fr\u00e5ga:<\/strong> Vad h\u00e4nder om BlueScreenView inte kan laddas ner eller extraheras?
      \nSvar: Om det finns ett problem avslutas skriptet med felkod 2. Se till att du har en stabil internetanslutning och tillr\u00e4ckliga beh\u00f6righeter.<\/li>\n
    • Fr\u00e5ga:<\/strong> Hur kan jag anv\u00e4nda skriptet p\u00e5 \u00e4ldre Windows-versioner?
      \nSvar: \u00c4ven om skriptet \u00e4r utformat f\u00f6r nyare versioner kan du beh\u00f6va \u00e4ndra vissa parametrar eller integrera \u00e4ldre verktyg f\u00f6r kompatibilitet med \u00e4ldre Windows-versioner.<\/li>\n<\/ul>\n
      Konsekvenser f\u00f6r s\u00e4kerheten<\/h2>\n
      BSOD \u00e4r inte bara ett irritationsmoment, de kan \u00e4ven vara ett s\u00e4kerhetsproblem. En \u00e5terkommande BSOD kan vara ett tecken p\u00e5 att en skadlig enhet f\u00f6rs\u00f6ker kompromettera systemet. Genom att logga och analysera dessa h\u00e4ndelser kan IT-personal identifiera potentiella hot och s\u00e4kerst\u00e4lla systems\u00e4kerheten.<\/p>\n
      Rekommendationer<\/h2>\n
        \n
      • K\u00f6r alltid skriptet med administrat\u00f6rsbeh\u00f6righet f\u00f6r att s\u00e4kerst\u00e4lla full funktionalitet.<\/li>\n
      • Uppdatera regelbundet BlueScreenView-verktyget f\u00f6r att dra nytta av de senaste funktionerna och s\u00e4kerst\u00e4lla kompatibilitet.<\/li>\n
      • \u00d6vervaka system f\u00f6r \u00e5terkommande BSOD eftersom de kan tyda p\u00e5 djupare s\u00e4kerhetsproblem.<\/li>\n<\/ul>\n
        Avslutande tankar<\/h2>\n
        I den dynamiska IT-v\u00e4rlden ger verktyg som NinjaOne, i kombination med skript som det som diskuterats, yrkesverksamma m\u00f6jlighet att uppr\u00e4tth\u00e5lla systemh\u00e4lsa och s\u00e4kerhet. Att uppt\u00e4cka och analysera BSOD-loggar och ov\u00e4ntade avst\u00e4ngningar blir en str\u00f6mlinjeformad process som s\u00e4kerst\u00e4ller effektiv och s\u00e4ker drift.<\/p>\n","protected":false},"author":35,"featured_media":207078,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","_lmt_disableupdate":"no","_lmt_disable":""},"operating_system":[4212],"use_cases":[4252],"class_list":["post-208694","script_hub","type-script_hub","status-publish","has-post-thumbnail","hentry","script_hub_category-windows"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.ninjaone.com\/sv\/wp-json\/wp\/v2\/script_hub\/208694","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ninjaone.com\/sv\/wp-json\/wp\/v2\/script_hub"}],"about":[{"href":"https:\/\/www.ninjaone.com\/sv\/wp-json\/wp\/v2\/types\/script_hub"}],"author":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/sv\/wp-json\/wp\/v2\/users\/35"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/sv\/wp-json\/wp\/v2\/comments?post=208694"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/sv\/wp-json\/wp\/v2\/media\/207078"}],"wp:attachment":[{"href":"https:\/\/www.ninjaone.com\/sv\/wp-json\/wp\/v2\/media?parent=208694"}],"wp:term":[{"taxonomy":"script_hub_category","embeddable":true,"href":"https:\/\/www.ninjaone.com\/sv\/wp-json\/wp\/v2\/operating_system?post=208694"},{"taxonomy":"use_cases","embeddable":true,"href":"https:\/\/www.ninjaone.com\/sv\/wp-json\/wp\/v2\/use_cases?post=208694"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}