locked
Help with the power shell script for recursive search of the C drive RRS feed

  • Question

  • I have the following script to search for specific patterns in the C drive


    Two issues : 


    First:

    I have to run this on 1200 hosts, which takes ever for it to complete - Is it possible to update the below so that it runs faster


    Second:


    I wanted to exclude few paths which contains in $Exclu - it is running but not excluding the paths them. Can you please help?


    $output = ForEach ($System in $sys) {


      $LocStr= @("\\$System\c$\")


     $Extensions = @('*.cfg','*.bat','*.xml','*.properties','*.ini','*.config')
     $Exclu = @("*Monitoring*","*winsxs*","*hp_manifest*","System32")
     $Pattern = [RegEx]"password=|passwd=|passphrase=|pwd=|psw=|\<password\>"
           ForEach ($Loc in $LocStr){


    Get-ChildItem -Path "$Loc" -Exclude $Exclu -Recurse -Include $Extensions |Select-String -Pattern $Pattern| Select-Object Path, Filename, Pattern, LineNumber, Line

    }


    }

    $output | Export-Csv  $Param2

                      
    Thursday, March 22, 2018 3:13 PM

All replies

  • No way to make this faster as script but you can use a jobs or a workflow to run the searches in parallel.

    help about_workflow
    help about_jobs


    \_(ツ)_/


    Thursday, March 22, 2018 8:37 PM
  • thanks. I will look into it. any issues with the logic on excluding?

     $Exclu = @("*Monitoring*","*winsxs*","*hp_manifest*","System32")

    I want to exclude any thing in the path above.

    Get-ChildItem -Path "$Loc" -Exclude $Exclu

    Thursday, March 22, 2018 9:06 PM
  • Only you can tell if that works.

    Do not quote variables for no reason.  This will cause unpredictable results.

    Get-ChildItem -Path $Loc -Exclude $Exclu


    \_(ツ)_/

    Thursday, March 22, 2018 9:09 PM
  • No way to make this faster as script but you can use a jobs or a workflow to run the searches in parallel.

    help about_workflow
    help about_jobs


    \_(ツ)_/


    I would add .. 

    Use its own host resources to do the job, dont use UNC paths 

    Use invoke-command together with background jobs ...  (i usually use 15 of them to get fast results)

    Thursday, March 22, 2018 10:38 PM