Recursive file search using WMI Query and CIM_DataFile

Recursive file search using WMI Query and CIM_DataFile



I want to be able to query a remote windows desktop for a particular file however I have the following constraints:



This has led me to the following query:
SELECT * FROM CIM_DataFile WHERE Drive ='C:'AND FileName='Fake' AND Extension='dll'


SELECT * FROM CIM_DataFile WHERE Drive ='C:'AND FileName='Fake' AND Extension='dll'



This takes a relatively long time in comparison to something like Get-childitem in powershell which allows me to refine my search by folders and subfolders.


Get-childitem



I could always do something like:
SELECT * FROM CIM_DataFile WHERE Drive ='C:'AND FileName='Fake' AND Extension='dll' AND Path like '\Windows\System32\%' however this query increases the load on the remote and doesn't actually take any less time.


SELECT * FROM CIM_DataFile WHERE Drive ='C:'AND FileName='Fake' AND Extension='dll' AND Path like '\Windows\System32\%'



Is there any way I can use WMI to do some type of recursive search?





Get-CimInstance Win32_Directory -Filter "Name = 'C:\Windows\System32'" |Get-CimAssociatedInstance -Association Win32_Subdirectory
– Mathias R. Jessen
Aug 16 at 21:19


Get-CimInstance Win32_Directory -Filter "Name = 'C:\Windows\System32'" |Get-CimAssociatedInstance -Association Win32_Subdirectory





You don't say what OS and PS version (source and target). There are cmdlets one can use without PSRemoting enabled. technet.microsoft.com/en-us/library/ff699046.aspx or the Mathias touted route.
– postanote
Aug 16 at 21:35





1 Answer
1



If you don't have PowerShell remoting enabled on the target machine you'll have to use DCOM to connect to WMI. DCOM connectivity is turned off by default on modern windows systems so you'll have to enable it - in which case you'd be better off enabling PowerShell remoting.



If you have to use WMI you'll need something like this


function get-wmifile
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
[string]$path,
[string]$file
)

if ($path.IndexOf('\') -le 0 )
$path = $path.replace('', '\')


if ($path.IndexOf('*') -ge 0 )
$path = $path.replace('*', '%')


Write-Verbose -Message "Path to search: $path"

$folders = Get-CimInstance -ClassName Win32_Directory -Filter "Name LIKE '$path'"
foreach ($folder in $folders)
if ($file)
where Name -Like "*$file"
else
Get-CimAssociatedInstance -InputObject $folder -ResultClassName CIM_DataFile





Use the function as


PS> get-wmifile -path 'c:test*'

Name
----
c:testcounters.csv
c:testp1.txt
c:testtest.md
c:test2p1.txt
c:test2test3p2.txt
c:testscriptseventlogchanges.txt
c:testscriptstempfolderlog.csv
c:testscriptstest.ps1



or to find a file


PS> get-wmifile -path 'c:test*' -file 'p1.txt'

Name
----
c:testp1.txt
c:test2p1.txt



As you say using Get-ChildItem would be much quicker than WMI. There isn't a way to speed up the WMI - accessing file data is slow - so my recommendation is to stick with get-ChildItem






By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

-

Popular posts from this blog

Help:Category

Image
Help:Category From Wikipedia, the free encyclopedia Jump to navigation Jump to search For guidelines on the use of categories in Wikipedia, see Wikipedia:Categorization. For a basic readers' guide see Help:Categories. For quick answers, see the readers' FAQ or the editors' FAQ on categories. For a list of categories, see Special:Categories. This is an information page. It describes the editing community's established practice on some aspect or aspects of Wikipedia's norms and customs. It is not one of Wikipedia's policies or guidelines, as it has not been thoroughly vetted by the community. Shortcut H:CAT Wikipedia data structure Namespaces Subject namespaces Talk namespaces 0 (Main/Article) Talk 1 2 User User talk 3 4 Wikipedia Wikipedia talk 5 6 File File talk 7 8 MediaWiki MediaWiki talk 9 10 Template Template talk 11 12 Help Help talk 13 14 Category Category talk 15 100 Portal Portal talk 101 108 Book Book tal...
Read more

How can temperature be calculated given relative humidity and dew point?

Image
How can temperature be calculated given relative humidity and dew point? While looking into the better indicator of how miserable it feels outside, either dew point or relative humidity, I came across this statement: The optimum combination for human comfort is a dewpoint of about 60 F and a RH of between 50 and 70% (this would put the temperature at about 75 F). Source: http://www.theweatherprediction.com/habyhints/190/ This led me to this calculator that will calculate the temperature given relative humidity and dew point - for example a dew point of 70 degrees F and a relative humidity of 90% results in a temperature of 73.11 degrees F. The web site for this calculator says the values are based on the August-Roche-Magnus approximation and gives the following equation to calculate temperature: $T =243.04 Large fracfrac17.625 TD243.04+TD-lnleft(fracRH100right)17.625+lnleft(fracRH100right)- frac17.625 TD243.04+TD$ Given the equation I'm still having a hard time figuring out...
Read more

I have a recursive function to validate tree graph and need a return condition

Image
I have a recursive function to validate tree graph and need a return condition I have a tree graph. Each node has attribute 'amount'. The rule governing the attribute value of root is this, The root 'amount' value is the sum of the 'amount' attribute of each of it's children. This continues to the last node with children. In other words this tree's attributes are unlike a sum tree, because the root node is not the sum of each node in the tree. Here is a toy example as graph G: nodedict = 'apples': 'amount': 5.0, 'bananas': 'amount': 10.0, 'tomato': 'amount': 50.0, 'total_fruits': 'amount': 15.0, 'total_vegetables': 'amount': 9.0, 'carrot': 'amount': 3.0, 'squash': 'amount': 6.0, 'total_fruits_and_vegetables': 'amount': 74.0 edgelist = [('total_fruits', 'apples'), ('total_fruits', 'bananas...
Read more