File Change Tripwire

File Change Tripwire

Download
Overview History Discussion
I

Ian

Administrator
Joined
Oct 27, 2013
Messages
1,736
Reaction score
630
Ian submitted a new article:

File Change Tripwire - A simple PowerShell script to monitor selected folders/filetypes for changes, then e-mail results.

This PowerShell script will monitor your selected folders for any created, modified, renamed or deleted files. You'll then be e-mailed a list of all the changes at a set interval, along with a time and details of each filename. This script could be set to run in the background to monitor important folder for security intrusions - for example, on a Windows based webserver.

All of the variables you need to configure are listed in the first two blocks of code. You'll need an SMTP server to...
Click to expand...

Read more about this article...
 
Last edited:
Regedit32

Regedit32

Moderator
Joined
Mar 4, 2016
Messages
3,617
Reaction score
1,139
This is a great script Ian.

Something you might consider including is a function to confirm the User belongs to the Administrative Group.

For example:

Code: 
function ConfirmUserIsAdministrator {
    [CmdletBinding()]
    Param()
    ${CmdletName} = $Pscmdlet.MyInvocation.MyCommand.Name
    ${Identity} = [System.Security.Principal.WindowsIdentity]::GetCurrent()
    ${Principal} = new-object System.Security.Principal.WindowsPrincipal(${Identity})
    ${IsAdmin} = $Principal.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)
   
    if (-not ${IsAdmin}) {
        Write-Error -Message "${CmdletName}: User is not an administrator. To continue run application as administrator." `
                    -RecommendedAction "Run application as administrator" `
    }
    else {
        Write-Host "Scanning selected directory"
    }
}
ConfirmUserIsAdministrator

# Then your code goes here for the $Event's
 
I

Ian

Administrator
Joined
Oct 27, 2013
Messages
1,736
Reaction score
630
A handy snippet! I'll integrate that when I give it an overhaul :).
 
Regedit32

Regedit32

Moderator
Joined
Mar 4, 2016
Messages
3,617
Reaction score
1,139
That snippet is based on a non termination error message [ i.e. the program is not stopped as a result ].

If you use this you'll see a red error message in the console, if user is not the admin or is not running the script as administrator. Thus they would need to close it and re-open when one or both conditions are met.

If you'd rather have the script terminate then you'd nee to use a throw error.
 
I

Ian

Administrator
Joined
Oct 27, 2013
Messages
1,736
Reaction score
630
I think I'll be re-using this snippet across a few scripts, thanks for posting it :D. I'm hoping to add a few items from the "to do" list to the tripwire script, so I'll include this then.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

SOLVED All PDF files changed to Avast HTML Documents 16
SOLVED How do I change file icons 7
Change Or Add A Host File 6
Changes in File Explorer are reverted when reopened 0
File explorer - Date Created changes whenever file is updated - HELP!! 4
SOLVED Change order of items in File Explorer jump list 1
Change profile picture and screen....... 1
SOLVED htm & mp3 file associations change since latest update version “1511” 1

Top