by zgwforum at 2012-10-06 18:31:55
Win7by Klaas at 2012-10-08 01:47:50
Would like to know if Powershell can be used to do the following:
Produce a LOG FILE of every FILE or FOLDER event and record the following:
File Name
Folder
Drive
Date Created
Created By Which User
Created by which application
If so, what are the major issues I will be up against?
You can do it with subscriptions to Wmi-events.
It requires a little study, but certainly can be done. Basically you write a query (WQL) to retrieve the information you want, define an action like write to a log, and then subscribe to an event with Register-WmiEvent.
There’s a complete script in Richard Siddaway’s ‘Powershell and WMI’ chapter 8 ‘filesystem administration’, and some examples in Ravikanth Chaganti’s free e-book ‘WMI Query Language via Powershell’