Monitoring the File System

Microsoft® Windows® 2000 Scripting Guide

File systems are in a constant state of flux: New files are created, old files are deleted, and files are modified in various ways. This behavior is entirely expected, and most of it is of little interest to system administrators; system administrators do not need to be notified every time the operating system creates or deletes a temporary file, or every time a user makes a change to a Word document or a spreadsheet.

On the other hand, certain files and folders are very important to the organization. Because of that, you might want to keep a closer watch on these items. If someone adds a new file to a folder for proposed projects, you might want a notice to that effect sent to specified people. Likewise, these same people might want to be notified if a file is removed from that folder. If you have a file that prescribes the daily routine for all system administrators, you might want to be notified whenever that file is modified.

You can use the WMI event monitoring capabilities to monitor changes to the file system. If you choose to carry out such monitoring, it is highly recommended that you limit your monitoring to a specific file or folder. As noted previously, file systems are in a constant state of flux; attempting to monitor the entire file system on a computer is very slow, very processor intensive, and results in a huge quantity of data, most of which is of no interest to you. By limiting your monitoring to a specific file or folder, you can ensure that you are immediately notified of changes to the file system and that you are notified only of the changes that really matter to you.