Why does WQL LIKE operator not work on drive c, but works fine on drive d?
https://stackoverflow.com/questions/13040835
-
14-07-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianPregunta
I'm learning about File System Monitoring to speed up my 3rd and 4th backups of my mail server. I have a nice VB Script that works flawlessly on drive D, but when I query changes to drive C, nothing is returned if I use a wildcard.
Here are my queries:
This works fine for c:\sc, but does not return subfolder changes:
Select * From __InstanceOperationEvent Within 10 Where TargetInstance Isa 'CIM_DataFile' And ((TargetInstance.Drive='c:' And TargetInstance.Path = '\\sc\\'))
This works fine for d:\sc, and does return subfolder changes:
Select * From __InstanceOperationEvent Within 10 Where TargetInstance Isa 'CIM_DataFile' And ((TargetInstance.Drive='d:' And TargetInstance.Path LIKE '\\sc\\%'))
This one returns no changes at all. No error messages are returned, and the script continues to run:
Select * From __InstanceOperationEvent Within 10 Where TargetInstance Isa 'CIM_DataFile' And ((TargetInstance.Drive='c:' And TargetInstance.Path LIKE '\\sc\\%'))
The double parenthesis are so that I can add similar queries connected with "OR".
My system drive is drive C.
Drive D is a removable USB drive.
Have I changed some setting on my system drive that is preventing this from working?
Or perhaps the query is returning too many results?
I have been searching about this for a few hours. Any insight will be greatly appreciated.
Solución
This is because when you uses the LIKE operator in a WQL sentence with the CIM_DataFile class, the WMI scan for the full drive to find a match, now since you USB drive have a more small (and simple) tree folder structure the WMI can return the results more quickly. but when you uses the C drive the WMI still running the Query until find all the matches. So the recommendation is don't use the LIKE operator with CIM_DataFile , instead just use the = operator like so :
Select * From __InstanceOperationEvent Within 1 Where TargetInstance ISA 'CIM_DataFile' And ((TargetInstance.Drive='c:' And TargetInstance.Path = '\\sc\\'))
P.D: If you are using the LIKE operator because you expect monitor changes in multiple folders, this is not possible, instead you must use one WQL and event watcher per folder.
