How to search a file located in LocalRemote System using PowerShell

As you can see,  this is about a simple WMI query + Powershell for searching a file with the file extension. In this script, we are connecting to the WMI service of a LocalRemote computer and executing the query to get the file details. After getting the details we setup a foreach loop for the collection to extract the details.

 Below is the two important WMI query which we are executing through Powershell. I am searching files with the BMP extension.

$SearchObject = Get-Wmiobject -namespace "rootCIMV2" -computername $System -Query "Select * from CIM_DataFile Where Extension = 'bmp'" $query = "ASSOCIATORS OF {Win32_LogicalFileSecuritySetting='" + $filepath + "'} WHERE AssocClass=Win32_LogicalFileOwner ResultRole=Owner"

Note: As per the below script, we are running the query against the entire file system which will take a long time to get the details based on the number of files present on the targeted machine. Also, you can search multiple extensions as well by adding AND or OR  operator.

Below is the information which we are additionally getting from the script.

1
2
3
4
5
6
7
8
 
MACHINE_NAME
PING_STATUS
FILE_PATH
USER_NAME
FILE_SIZE
LAST_MODIFIED
SYSTEM_MAKE
SYSTEM_MODEL


Below is the script which is created based on a  project requirement. In this script, I have copied the system hostnames in a .TXT file for searching from multiple systems. ( This is required only if you are searching the files in multiple systems.)

$details = @()
$PCList = Get-Content C:tempPC.TXT

foreach ($System in $PCList)
{
$pstsize = ""
$modified = ""
$Make = ""
$model = ""
$SearchObject = $null

If(!(Test-Connection -Cn $System -BufferSize 16 -Count 1 -ea 0 -quiet))
{
$Result = @{
MACHINE_NAME = "$System"
PING_STATUS = "FAILED"
FILE_PATH = "N/A"
USER_NAME = "N/A"
FILE_SIZE = "N/A"
LAST_MODIFIED = "N/A"
SYSTEM_MAKE = "N/A"
SYSTEM_MODEL = "N/A"
}
$Details += New-Object PSObject -Property $Result
}
Else
{

$MakeDetails = Get-WmiObject -Class win32_computersystem -ComputerName $System
$Make = $MakeDetails.Manufacturer
$Model = $MakeDetails.Model

$SearchObject = Get-Wmiobject -namespace "rootCIMV2" -computername $System -Query "Select * from CIM_DataFile Where Extension = 'bmp'"
#$SearchObject = Get-WmiObject CIM_Datafile -ComputerName $System | Where-Object {$_.Extension -eq 'txt'}

if($SearchObject)
{

foreach ($ObjectFile in $SearchObject)
{

$filepath = $ObjectFile.Drive + $ObjectFile.Path + $ObjectFile.FileName + "." + $ObjectFile.Extension
$query = "ASSOCIATORS OF {Win32_LogicalFileSecuritySetting='" + $filepath + "'} WHERE AssocClass=Win32_LogicalFileOwner ResultRole=Owner"
$FileOwner = Get-Wmiobject -namespace "rootCIMV2" -computername $System -Query $query

$FileOwnerName = $FileOwner.AccountName

$output = $System + "," + $filepath + "," + $filepath + "," + $ObjectFile.FileSize/1KB + "," + $ObjectFile.LastModified
$modified = $ObjectFile.LastModified
$pstsize = $ObjectFile.FileSize/1KB

$Result = @{
MACHINE_NAME = "$System"
PING_STATUS = "SUCCESS"
FILE_PATH = "$filepath"
USER_NAME = "$FileOwnerName"
FILE_SIZE = "$pstsize"
LAST_MODIFIED = "$modified"
SYSTEM_MAKE = "$Make"
SYSTEM_MODEL = "$model"
}
$Details += New-Object PSObject -Property $Result
}
}
else
{
$Result = @{
MACHINE_NAME = "$System"
PING_STATUS = "SUCCESS"
FILE_PATH = "NO PST FILE FOUND"
USER_NAME = "N/A"
FILE_SIZE = "N/A"
LAST_MODIFIED = "N/A"
SYSTEM_MAKE = "$Make"
SYSTEM_MODEL = "$model"
}
$Details += New-Object PSObject -Property $Result
}
}
}

$pathofcsv = "C:TEMP" + "FILE_DETAILS" + "$date" + ".csv"
$Details | export-csv -Path $pathofcsv -Append -NoTypeInformation

The output of the script will be as given below.

File search using powershell