Would like to know if Powershell can be used to do the following:
Produce a LOG FILE of every FILE or FOLDER event and record the following:
File Name Folder Drive Date Created Created By Which User Created by which application
If so, what are the major issues I will be up against?
by Klaas at 2012-10-08 01:47:50
You can do it with subscriptions to Wmi-events. It requires a little study, but certainly can be done. Basically you write a query (WQL) to retrieve the information you want, define an action like write to a log, and then subscribe to an event with Register-WmiEvent. There's a complete script in Richard Siddaway's 'Powershell and WMI' chapter 8 'filesystem administration', and some examples in Ravikanth Chaganti's free e-book 'WMI Query Language via Powershell'