Blog

Eastern is sharing technical stuff about IT
Powershell: Process all files in current folders and subfolders

You want to do something with all the files, or a selection of files, in the current folder or subfolder? In a Command Prompt or in VBscript this is a little hassle. In PowerShell is this very easy.

At first start your PowerShell ISE

PowerShell ISE

In this type type the following code:

# collect all files in current folder and subfolders, matching extension .evtx
# to only process the current folder remove the '-Recurse' option
$evtfiles = get-childitem -Filter *.evtx -Recurse
 
foreach ($evtfile in $evtfiles)
{
    # Display the filename including path to the console
    write-host "Scanning" $evtfile.fullname

    # Display only the filename to the console
    write-host "Scanning" $evtfile.name
   
    # command example with wevtutil (Windows Event Viewer Commandline)
    wevtutil qe $evtfile.fullname /lf:true "/q:*[System[(EventID=1085)]]" /f:text   
 
}

So you can quickly process a certain command to all the files you filtered.

UAC with VBscript

You know this? Like to run an VBscript with elevated rights but the User Account Control (UAC) is preventing it. Normally you will open the Command Line as Administrator, and run your script. There is an more easy way to do this.

When you include the following code in your VBscript:

Option Explicit

' Windows UAC Settings for this script
Dim UAC
UAC=True

'this is at the start of your script
CheckStartModeUAC

' msgbox or your own program :)
Msgbox "UAC right now!"

Sub CheckStartModeUAC
	' Force to start with elevated prompt if neccessary on that OS
	If UACTurnedOn = True And UAC=True Then
		' UAC Enabled
	
		' Returns the running executable as upper case from the last \ symbol
		Dim strStartExe, oSh, completearguments, x
		
		' Receive launcher
		strStartExe = UCase( Mid( wscript.fullname, instrRev(wscript.fullname, "\") + 1 ) )
		
		' Collect arguments
		for x = 0 to wscript.arguments.count - 1
			completearguments = completearguments & " """ & wscript.arguments(x) & """"
		next
		
		If Instr(completearguments, "uac") then
			' Already launched with uac
		Else
			' Launch this script in UAC mode
			completearguments = completearguments & " uac"
			'Msgbox strStartExe & " """ & wscript.scriptfullname & """ " & completearguments
			
			set oSh = CreateObject("Shell.Application")
			
			oSh.ShellExecute strStartExe, """" & wscript.scriptfullname & """ " & completearguments, "", "runas", 1
			'oSh.ShellExecute strStartExe, wscript.scriptfullname & " " & completearguments, "runas", 1
			wscript.quit
		End if
	End If	
End Sub

Function UACTurnedOn ()
	' Check for UAC enabled computer
	 On Error Resume Next
	 
	 Dim oShell

	 Set oShell = CreateObject("WScript.Shell")
	 If oShell.RegRead("HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA") = 0 Then
		  UACTurnedOn = false
	 Else
		  UACTurnedOn = true
	 End If
End Function

You will get the popupbox when you double-click on the script. Maybe you have to change your script a little bit, but it is still nice :)