Direct Inward Dialing: +1 408 916 9892
Continuous monitoring of file modifications is essential to keep tabs on unauthorized changes and to identify anomalous file accesses. IT administrators need to keep track of all the changes made to critical files, not only to fulfill compliance requirements but to defend against external and internal data breaches
The following is a comparison between the procedures for obtaining the last modified file in Windows file server with PowerShell and ADAudit Plus.
The following script fetches the name of the files and corresponding subfolders that have been modified in the 'Logs' folder within the past '1' day along with the time when the files were modified.
$path="C:\Windows\Temp"
$NoOfDirs=Get-ChildItem $path | Where-Object {$_.PSIsContainer -eq $True}
ForEach($dir in $NoOfDirs )
{
Get-ChildItem "$path\$($dir.name)" -Recurse |
Where-Object {($_.LastWriteTime -gt ([DateTime]::Now.Adddays(-1))) -and ($_.PSIsContainer -eq $False) } |
Select-Object @{l='Folder';e={$dir.Name}},Name,LastWriteTime |
Sort-Object -pro LastWriteTime -Descending |
Select -First 1
}
Out-File -FilePath C:\Windows\Logs\Report1.html
(Mention the location where report needs to be saved)
To obtain the files last modified in a different folder, specify the appropriate folder path in the script.
$path="Desired folder path"
The report can be fetched in .csv or .txt format by altering the same.
Out-File -FilePath C:\Windows\Logs\Report1.csv
In addition to the name of the file and time of modification, the following are some of the details provided by AD Audit Plus:
Following are some limitations to obtaining a report on last modified file using native tools like Windows PowerShell:
ADAudit Plus will automatically scan all DCs in the domain to retrieve information about last modified file, generate the report and present it in a simple and intuitively designed UI.
