Finding The Correct File Path For a Powershell Script
So i have been working on this script at home
Copy-Item "$env:SystemRoot\System32\Winevt\Logs\Security.evtx" "C:\CommFiles\LogFile_$(get-date -uformat %d-%m-%Y-%H.%M.%S).evtx"
if(-not $?) {
Write-Warning "Copy Failed"
} else {
Remove-Item "$env:SystemRoot\System32\Winevt\Logs\Security.evtx"
}
and i know it works because i used it at home and it has the same file path that i use in office but i keep getting this warning
Copy-Item : Could not find a part of the path 'C:\windows\System32\Winevt\Logs\Security.evtx'.
At line:1 char:1
+ Copy-Item "$env:SystemRoot\System32\Winevt\Logs\Security.evtx" "C:\Co ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Copy-Item], DirectoryNotFoundException
+ FullyQualifiedErrorId :
System.IO.DirectoryNotFoundException,Microsoft.PowerShell.Commands.CopyItemCommand
i suspect that im not in the right directory but because of my limited knowledge on powershell im uncertain of what the right one might be for my case. im using this script to copy my event viewer log to a new file path for organised
The file path can be found with the following steps:
- Open Event Viewer as an administrator or a user with permission to view the security log.
- Right-click the security log object on the left and open Properties.
Or you can get the full path with powershell by checking the registry - note that this also requires running powershell as an admin user:
PS C:\> (Get-ItemProperty HKLM:\system\CurrentControlSet\Services\EventLog\Security\).file
C:\WINDOWS\System32\winevt\Logs\Security.evtx
Since your error specifically says DirectoryNotFound, try and find which directory it fails to open:
gci C:\
gci C:\windows\
gci C:\windows\System32\
gci C:\windows\System32\Winevt\
gci C:\windows\System32\Winevt\Logs\
And investigate the permissions on it:
(get-acl C:\Windows\System32\winevt\).Access | select IdentityReference,FileSystemRights
IdentityReference FileSystemRights
----------------- ----------------
NT AUTHORITY\Authenticated Users Read, Synchronize
NT AUTHORITY\SYSTEM FullControl
BUILTIN\Administrators FullControl
NT SERVICE\EventLog DeleteSubdirectoriesAndFiles, Write, ReadAndExecute, Synchronize
If everything seems fine there, consider trying the same thing on a different PC? I've had filesystem/harddrive issues that behaved like this, but it's not very likely
- get-service needs local account - how to consolidate report
- How to exit from ForEach-Object in PowerShell
- MS Graph Powershell - User with no manager - error
- VS Code: Is it possible to pass arguments to an integrated terminal profile without quotes?
- Applying XSL to XML with PowerShell : Exception calling "Transform"
- Capturing standard out and error with Start-Process
- PowerShell script to return versions of .NET Framework on a machine?
- PowerShell - cast a variable type based on a variable definition
- Assigning a Token Lifetime Policy to an application in Microsoft EntraID seems to have no effect
- Is there a PowerShell equivalent to the dir /w of the old Windows command prompt?
- Powershell update object property value not as expect
- "Run with PowerShell" gives execution policy error but running directly in PowerShell window does not
- PowerShell equivalent for package.json or requirements.txt
- Powershell - Why is Using Invoke-WebRequest Much Slower Than a Browser Download?
- How is child_process.exec('powershell "$userInput = Read-Host;"') handled in node.js?
- Powershell Set-MpPreference -DisableRealtimeMonitoring $true not working correctly
- Running a command as Administrator using PowerShell?
- How to run multiple commands at once with pause in PowerShell?
- When Converting excel to csv for empty cells quotes not coming
- Can't use sed when using ssh with ms powershell to linux host
- Using Try/Catch for PowerShell to switch between the two cmdlet gro group member?
- PowerShell Script Failing at insert records
- Webscrape table with powershell
- Connecting to remote server failed using WinRM from PowerShell
- VB.net string comparison with Powershell return output
- Laravel 4 + Iron: How to register a queue?
- PowerShell only accept Int
- How do I automatically create and use variable names?
- Loop through variables not through an Array
- Why and how are these two $null values different?