Start by going into Event Viewer (Windows+R or the Start Menu and type eventvwr.msc). Navigate to the System Log under Windows, we then want to use Filter Current Log to allow us to only show Events with certain attributes (such as Source or IDs).
In our case, we want to filter on Event Source: USER32. Then for Event IDs we want to see only 1074. If you are after unexpected shutdowns, use 6008. Once that’s in (like the pic on the right), click OK and this will filter the event log based on our requirements. You can scroll through and see what and who initiated a shutdown.