none
The Right Loop for a beginner RRS feed

  • Question

  • Hi Everybody,

    I'm a beginner in Powershell and this is my first question on this useful forum.

    This post could be called "Looking for Locky", so let's try to explain what I'm not able to do and why I require your help:

    Recently, a user within our organization has been contaminated by a recent version of Locky ransonware, the time to react , CIFS Shares have been impacted.

    What am I aiming to do:

    Run a script which could quickly list the file servers impacted:

    $srvlist = get-content c:\temp\srvlist.txt (list of files servers in organization)

    foreach ($srv in srvlist) {gci e: (for example) -recurse -include "*.locky")}

    something like that.

    BUT i would like is that, as soon as a file ".locky" is found,  the script goes to the next server in server list without waiting the get-chiltitem to complete on this server -> indeed if infected it will have to be restored, so need to check futhermore, then the sooner check the rest of server in server list is the better.

    I hope my question is enough clear.

    Thank you all for your suggestions.

    Dv

     

    Friday, October 7, 2016 9:19 AM

Answers

  • I have 15 Text files name Looky in the PSTesting Folder

    'Home','Localhost' | Foreach { If (Get-ChildItem \\$_\PSTesting\ -Filter *looky* -Recurse) { Write-Host "Looky Found on $_" } }

    Output: Looky Found on Home Looky Found on Localhost


    Friday, October 7, 2016 11:43 AM

All replies

  • Can you post your script and state what the problem is that you are having with the script.


    \_(ツ)_/

    Friday, October 7, 2016 9:48 AM
  • foreach ($srv in srvlist) {gci e: (for example) -recurse -include "*.locky")}

    Get-Childitem doesn't have Computername parameter. The above command is getting files from localmachine.

    Use Invoke-Command

    Invoke-Command -ComputerName Server1,Server2 -Script {Get-ChildItem E:\}

    Friday, October 7, 2016 10:11 AM
  • I do not have any real script :-/

    In the emergency, what I did was simply

    $svrlist = get-content c:\temp\srvlist.txt

    foreach ($srv in $srvlist) {gci \\$srv\E$ -recurse -include "*.locky"}

    but what I would have wanted to do was rather something like

    if

    find xxxxx.locky

    goto next in $srvlist

    Friday, October 7, 2016 11:03 AM
  • invoke-command indeed would have been a way to accelerate the search by parallelizing it.

    This is an improvment which i will keep in mind. thx.

    Friday, October 7, 2016 11:05 AM
  • If (Get-ChildItem \\$srv\E$ -Recurse -Include "*.locky") {
        Write-Host 'Found'
    }

    Friday, October 7, 2016 11:08 AM
  • Vincent,

    This would have returned:

    for srv1

    Found

    Found

    Found

    etc..

    Then for srv2

    Found

    Found

    Found...

    etc..

    But if I find a single file "x.locky" on srv1 , no need for me to have the list of all the locky files on this server (I will in any cases restore the whole share of this server) and then immediately after having echoed the first "Found" on srv1 , make immediatly get-chilitem on srv2

    (not sure if I'm clear :-) )

    (in any case thank you for the previous answers)

    Friday, October 7, 2016 11:29 AM
  • I have 15 Text files name Looky in the PSTesting Folder

    'Home','Localhost' | Foreach { If (Get-ChildItem \\$_\PSTesting\ -Filter *looky* -Recurse) { Write-Host "Looky Found on $_" } }

    Output: Looky Found on Home Looky Found on Localhost


    Friday, October 7, 2016 11:43 AM