Archives

Monthly Archive for: ‘October, 2012’
Powershell: Process all files in current folders and subfolders

You want to do something with all the files, or a selection of files, in the current folder or subfolder? In a Command Prompt or in VBscript this is a little hassle. In PowerShell is this very easy.

At first start your PowerShell ISE

PowerShell ISE

In this type type the following code:

# collect all files in current folder and subfolders, matching extension .evtx
# to only process the current folder remove the '-Recurse' option
$evtfiles = get-childitem -Filter *.evtx -Recurse
 
foreach ($evtfile in $evtfiles)
{
    # Display the filename including path to the console
    write-host "Scanning" $evtfile.fullname

    # Display only the filename to the console
    write-host "Scanning" $evtfile.name
   
    # command example with wevtutil (Windows Event Viewer Commandline)
    wevtutil qe $evtfile.fullname /lf:true "/q:*[System[(EventID=1085)]]" /f:text   
 
}

So you can quickly process a certain command to all the files you filtered.