My organization requires the filtering, and removal of all .PFX and .P12 files from our computers and servers. The script we are currently running every week does not go deep enough or far enough per higher guidance. What I'm trying to do is take my current working script, and filter for both file extensions. The person who wrote the script is all but gone from this world so I'm working on a script I didn't write but I'm trying to become familiar with.
I've already tried changing some of the variables inside of the Get-ChildItem cmdlt to apply the filtering there instead of a variable. This includes attempts like:
$Files = Get-ChildItem -Path \\$client\c$\Users -Filter -filter {(Description -eq "school") -or (Description -eq "college")} -Recurse -ErrorAction SilentlyContinue
Here is a portion of the Code, not the entire thing. There is logging and notes and other administrative tasks that are done other than this, I've only included the portion of the code that is creating errors.
$computers = Get-ADComputer -Filter * -SearchBase "AD OU PATH OMITTED"
$destination = "****\Software\aPatching_Tools\Log Files\Soft Cert\Workstations\AUG 19\WEEK 2"
$ext = "*.pfx"
foreach ($computer in $computers)
{
$client = $computer.name
if (Test-Connection -ComputerName $client -Count 1 -ErrorAction SilentlyContinue)
{
$outputdir = "$destination\$client"
$filerepo = "$outputdir\Files"
$files = Get-ChildItem -Path \\$client\c$\Users -Filter $ext -Recurse -ErrorAction SilentlyContinue
if (!$files)
{
Write-Host -ForegroundColor Green "There are no .pfx files on $client."
}
else
{
Write-Host -ForegroundColor Cyan "PFX files found on $client"
The expected and normal operation of the script is that it goes through each machine, tests it, moves on if it's offline, or if it's online, there is a 4-5 minute pause while it searches and moves on.
The errors I get when I make changes such as doing a $ext = "*.p12", ".pfx" is that -Filter does not support this operation. Or if I try the above mentioned change to the filtering, the script takes 1-2 seconds per machine, and with at times, 15-20 users in the C:\Users folder, it's nearly impossible to search that fast over the network.
Instead of passing your extensions as the -filter, pass them using -include - that is, $files = Get-ChildItem -Path \\$client\c$\Users\* -include $ext -Recurse -ErrorAction SilentlyContinue. You can then define $ext as an array of strings, e.g., $ext = "*.pfx","*.p12", and Get-ChildItem will return only those files with the indicated extensions.