How to search a file located in LocalRemote System using PowerShell
As you can see, this is about a simple WMI query + Powershell for searching a file with the file extension. In this script, we are connecting to the WMI service of a LocalRemote computer and executing the query to get the file details. After getting the details we setup a foreach loop for the collection to extract the details.
Below is the two important WMI query which we are executing through Powershell. I am searching files with the BMP extension.
$SearchObject = Get-Wmiobject -namespace "rootCIMV2" -computername $System -Query "Select * from CIM_DataFile Where Extension = 'bmp'" $query = "ASSOCIATORS OF {Win32_LogicalFileSecuritySetting='" + $filepath + "'} WHERE AssocClass=Win32_LogicalFileOwner ResultRole=Owner"
Note: As per the below script, we are running the query against the entire file system which will take a long time to get the details based on the number of files present on the targeted machine. Also, you can search multiple extensions as well by adding AND or OR operator.
Below is the information which we are additionally getting from the script.
1 2 3 4 5 6 7 8 |
MACHINE_NAME PING_STATUS FILE_PATH USER_NAME FILE_SIZE LAST_MODIFIED SYSTEM_MAKE SYSTEM_MODEL |
Below is the script which is created based on a project requirement. In this script, I have copied the system hostnames in a .TXT file for searching from multiple systems. ( This is required only if you are searching the files in multiple systems.)
$details = @() $PCList = Get-Content C:tempPC.TXT foreach ($System in $PCList) { $pstsize = "" $modified = "" $Make = "" $model = "" $SearchObject = $null If(!(Test-Connection -Cn $System -BufferSize 16 -Count 1 -ea 0 -quiet)) { $Result = @{ MACHINE_NAME = "$System" PING_STATUS = "FAILED" FILE_PATH = "N/A" USER_NAME = "N/A" FILE_SIZE = "N/A" LAST_MODIFIED = "N/A" SYSTEM_MAKE = "N/A" SYSTEM_MODEL = "N/A" } $Details += New-Object PSObject -Property $Result } Else { $MakeDetails = Get-WmiObject -Class win32_computersystem -ComputerName $System $Make = $MakeDetails.Manufacturer $Model = $MakeDetails.Model $SearchObject = Get-Wmiobject -namespace "rootCIMV2" -computername $System -Query "Select * from CIM_DataFile Where Extension = 'bmp'" #$SearchObject = Get-WmiObject CIM_Datafile -ComputerName $System | Where-Object {$_.Extension -eq 'txt'} if($SearchObject) { foreach ($ObjectFile in $SearchObject) { $filepath = $ObjectFile.Drive + $ObjectFile.Path + $ObjectFile.FileName + "." + $ObjectFile.Extension $query = "ASSOCIATORS OF {Win32_LogicalFileSecuritySetting='" + $filepath + "'} WHERE AssocClass=Win32_LogicalFileOwner ResultRole=Owner" $FileOwner = Get-Wmiobject -namespace "rootCIMV2" -computername $System -Query $query $FileOwnerName = $FileOwner.AccountName $output = $System + "," + $filepath + "," + $filepath + "," + $ObjectFile.FileSize/1KB + "," + $ObjectFile.LastModified $modified = $ObjectFile.LastModified $pstsize = $ObjectFile.FileSize/1KB $Result = @{ MACHINE_NAME = "$System" PING_STATUS = "SUCCESS" FILE_PATH = "$filepath" USER_NAME = "$FileOwnerName" FILE_SIZE = "$pstsize" LAST_MODIFIED = "$modified" SYSTEM_MAKE = "$Make" SYSTEM_MODEL = "$model" } $Details += New-Object PSObject -Property $Result } } else { $Result = @{ MACHINE_NAME = "$System" PING_STATUS = "SUCCESS" FILE_PATH = "NO PST FILE FOUND" USER_NAME = "N/A" FILE_SIZE = "N/A" LAST_MODIFIED = "N/A" SYSTEM_MAKE = "$Make" SYSTEM_MODEL = "$model" } $Details += New-Object PSObject -Property $Result } } } $pathofcsv = "C:TEMP" + "FILE_DETAILS" + "$date" + ".csv" $Details | export-csv -Path $pathofcsv -Append -NoTypeInformation
The output of the script will be as given below.