(imported topic written by SystemAdmin)
Hello,
What is the most effecient method for searching for a specific file name on a PC? We are looking to find a file that people might have on their computer. Most likely it will have been saved within the c:\documents and settings folder (really their user folder). But need to traverse all the folders under that parent folder. I have an idea of how it should be written - but struggling with a few pieces of it. Any help would be great. Thank you.
Mike
(imported comment written by unruem)
What about this:
exists ((descendants of folder “C:\documents and settings”) whose (name of it = “FILE NAME”))
This may not be the most efficient method though.
(imported comment written by SystemAdmin)
Ahh, that works slick. I was struggling with that “descendants” piece. That helps a ton. Thank you.
Mike
(imported comment written by brolly3391)
That will work, but please use caution and lots of testing whenever using desceendants of. It is, quite possibly, our most dangerous inspector. With that simple phrase you are possibly scanning every file in “C:\documents and settings” which can tie up the BES client for a significant chunk of time.
See this thread for an alternate way to search for a file:
http://forum.bigfix.com/viewtopic.php?id=362
Cheers,
Brolly
(imported comment written by SystemAdmin)
Understood. I had seen the other posts about the dangerous nature of the scan.
If I add add some relevence for say domain=msnetwork (in a pure retrieved property) - would it only query systems that are relevant? Or would it still query every agent? Without creating a specialzed task - I would like to have only scanned certain systems - and leave servers or other domains alone. Thanks.
Time for me to head back to Custom Content training 
Mike
(imported comment written by brolly3391)
Mike,
If this is a one time scan you might consider using descendants of “c:” in a property inside of an analysis and set it to a long refresh time, once every 30 days for example. You can then add the additional relevance to the analysis itself to limit what machines will evaluate it. I do not want to discourage you from using descendants of, just carefully consider it’s usage to avoid a slowdown of responsiveness of your BES infrastructure.
I would also suggest a slight modification of the relevance that unruem proposed.
q: exists descendants whose (name of it = “FILE NAME”) of folder “c:\documents and settings”
A: False
T: 3147.441 ms
I: singular boolean
q: exists ((descendants of folder “C:\documents and settings”) whose (name of it = “FILE NAME”))
A: False
T: 4110.513 ms
I: singular boolean
The first relevance is faster because of the position of the filter.
Cheers,
Brolly
(imported comment written by jessewk)
Mike,
You should create an analysis that has relevance restricting it to the set of machines you want to search. Then, as Brolly suggests, add a property to the analysis that is evaluated infrequently.
Also see Ben’s comment (#13) in this thread about possible issues with the 6.0 descendants inspector: http://forum.bigfix.com/viewtopic.php?pid=1348
-Jesse
(imported comment written by SystemAdmin)
Is there an easy way to also get the file size?
Never mind
Q: (name of it & “–” & size of it as string) of descendants whose (name of it is “Acrobat.exe”) of folder “c:”