Powershell Capability Question

This topic contains 0 replies, has 1 voice, and was last updated by  Forums Archives 5 years, 9 months ago.

  • Author
    Posts
  • #5174

    by zgwforum at 2012-10-06 18:31:55

    Win7

    Would like to know if Powershell can be used to do the following:

    Produce a LOG FILE of every FILE or FOLDER event and record the following:

    File Name
    Folder
    Drive
    Date Created
    Created By Which User
    Created by which application

    If so, what are the major issues I will be up against?

    by Klaas at 2012-10-08 01:47:50

    You can do it with subscriptions to Wmi-events.
    It requires a little study, but certainly can be done. Basically you write a query (WQL) to retrieve the information you want, define an action like write to a log, and then subscribe to an event with Register-WmiEvent.
    There's a complete script in Richard Siddaway's 'Powershell and WMI' chapter 8 'filesystem administration', and some examples in Ravikanth Chaganti's free e-book 'WMI Query Language via Powershell'

You must be logged in to reply to this topic.