Author Posts

January 1, 2012 at 12:00 am

by zgwforum at 2012-10-06 18:31:55

Win7

Would like to know if Powershell can be used to do the following:

Produce a LOG FILE of every FILE or FOLDER event and record the following:

File Name
Folder
Drive
Date Created
Created By Which User
Created by which application

If so, what are the major issues I will be up against?

by Klaas at 2012-10-08 01:47:50

You can do it with subscriptions to Wmi-events.
It requires a little study, but certainly can be done. Basically you write a query (WQL) to retrieve the information you want, define an action like write to a log, and then subscribe to an event with Register-WmiEvent.
There's a complete script in Richard Siddaway's 'Powershell and WMI' chapter 8 'filesystem administration', and some examples in Ravikanth Chaganti's free e-book 'WMI Query Language via Powershell'