0 votes

I am a newb as it relates to Agent Ransack and File Locator Pro, bare with me.

My task is to search all domain joined laptops at a client's organization for a particular service account which is continuously being locked out when we change it's password, we think some rogue dev / systems administrator may have some script/task/workflow that is causing the lockouts.

I am having trouble writing an expression to search the entire system volume on a Windows machine for all files containing the string "crm-web". When I use the GUI version of the software I am able to run the search using-

filelocatorpro.exe -d c:\; -sophos; -windows; -amd; -amd64; -hiberfil; -pagefile; -swapfile; -$windows; -winsxs  -o C:\temp\%COMPUTERNAME%-filelocatorTEST.txt

However, when I use the command line switch -d (same as look in apparently) followed by the above expression my command fails saying the flags -sophos, -windows etc. are not valid commands.

One final question: Is there a way to change the output from a text file to an XML file? It makes parsing the content MUCH easier.

by (20 points)
Thank you so much, you are my hero today Dave!

1 Answer

0 votes

You need to use quotes to group the whole expression together, e.g.:

filelocatorpro.exe -d "c:\; -sophos; -windows; -amd; -amd64; -hiberfil; -pagefile; -swapfile; -$windows; -winsxs"

You can change the output format to XML using the -ofx command line parameter:

Couple of other points:
- The location filters only works on folders not file names so '-pagefile' only works with folders that may be called 'pagefile'. Use the File name field to exclude file names.
- Was the '$' deliberate?

by (31.4k points)
Yes, the $windows was deliberate. When running this search in filelocator before the $windows was added it was searching $windows directories, even though I had added -windows.
-windows should've worked.
Thank you so much, you are my hero today Dave!
Another thing, can you please tell me what is wrong with this syntax?

filelocatorpro.exe -c "crm-web" -d "c:\windows\system32\tasks; c:\windows\tasks -ofx "C:\TEMP\%COMPUTERNAME%-CRMWEBTasks.xml"

I am getting an error unexpected command line parameter: c:\temp\%computername%\crmwebtasks.xml
You haven't closed the quotes on the -d parameter
filelocatorpro.exe -c "crm-web" -d "%systemdrive%\windows\system32\tasks; %systemdrive%\windows\tasks" -ofx "%systemdrive%\TEMP\%COMPUTERNAME%-CRMWEBTasks.xml"

Unfortunately, this still does not work. Is there something missing here?
What's the error? Rather than going back and forth here, please send the response to support@mythicsoft.com