File Change Tripwire

File Change Tripwire 1.0


Ian

Administrator
Joined
Oct 27, 2013
Messages
1,537
Reaction score
520
Ian submitted a new article:

File Change Tripwire - A simple PowerShell script to monitor selected folders/filetypes for changes, then e-mail results.

This PowerShell script will monitor your selected folders for any created, modified, renamed or deleted files. You'll then be e-mailed a list of all the changes at a set interval, along with a time and details of each filename. This script could be set to run in the background to monitor important folder for security intrusions - for example, on a Windows based webserver.

All of the variables you need to configure are listed in the first two blocks of code. You'll need an SMTP server to...
Read more about this article...
 
Last edited:

Regedit32

Moderator
Joined
Mar 4, 2016
Messages
2,937
Reaction score
910
This is a great script Ian.

Something you might consider including is a function to confirm the User belongs to the Administrative Group.

For example:

Code:
function ConfirmUserIsAdministrator {
    [CmdletBinding()]
    Param()
    ${CmdletName} = $Pscmdlet.MyInvocation.MyCommand.Name
    ${Identity} = [System.Security.Principal.WindowsIdentity]::GetCurrent()
    ${Principal} = new-object System.Security.Principal.WindowsPrincipal(${Identity})
    ${IsAdmin} = $Principal.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)
   
    if (-not ${IsAdmin}) {
        Write-Error -Message "${CmdletName}: User is not an administrator. To continue run application as administrator." `
                    -RecommendedAction "Run application as administrator" `
    }
    else {
        Write-Host "Scanning selected directory"
    }
}
ConfirmUserIsAdministrator

# Then your code goes here for the $Event's
 
  • Like
Reactions: Ian
Ad

Advertisements

Ian

Administrator
Joined
Oct 27, 2013
Messages
1,537
Reaction score
520
A handy snippet! I'll integrate that when I give it an overhaul :).
 

Regedit32

Moderator
Joined
Mar 4, 2016
Messages
2,937
Reaction score
910
That snippet is based on a non termination error message [ i.e. the program is not stopped as a result ].

If you use this you'll see a red error message in the console, if user is not the admin or is not running the script as administrator. Thus they would need to close it and re-open when one or both conditions are met.

If you'd rather have the script terminate then you'd nee to use a throw error.
 
  • Like
Reactions: Ian
Ad

Advertisements

Ian

Administrator
Joined
Oct 27, 2013
Messages
1,537
Reaction score
520
I think I'll be re-using this snippet across a few scripts, thanks for posting it :D. I'm hoping to add a few items from the "to do" list to the tripwire script, so I'll include this then.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top