Solved

windows "last execute"?

Posted on 2015-01-28
7
144 Views
Last Modified: 2015-01-29
In a single directory, there are many batch commands.

I would like to know which .bats are actually executed when a certain .bat is kicked off. The scripts are convoluted and there are many of them -- I can't determine which ones actually get run in a particular chain of command. I recall a Unix  command like ls -ltu which would have given me this info. Is there such a thing for windows?
0
Comment
Question by:j-pink
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 92

Expert Comment

by:John Hurst
ID: 40576135
Have you looked in Event Viewer?  That may tell you when programs executed - I am not certain.

You can go to Local Security Policies (try secpol.msc) and look for audit policy under local policies. If you turn that on, you may be able to see when programs execute.

For batch files, you may need to look at the program being called and audit it.

It might be faster to parse the scripts.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 40576141
There is a "last access" date, but that might be unreliable for your challenge. No "last executed", sorry.
If I need to know the sequence and names of files used by a program, I monitor that with ProcMon from www.sysinternals.com and a filter on process name - cmd.exe here.
0
 
LVL 11

Accepted Solution

by:
zalazar earned 500 total points
ID: 40577093
-ltu will list files in a directory, sorted by access time

On the latest versions of Windows updating the last access timestamp on files is disabled. You can check the current setting by opening a command prompt with Administrative permissions (cmd.exe)
And then type:
fsutil behavior query disablelastaccess

Open in new window


1 = Last access timestamps are disabled
0 = Last access timestamps are enabled
Please see also:
https://technet.microsoft.com/en-us/library/cc785435.aspx

To enable access timestamps on files you have to type:
fsutil behavior set disablelastaccess 0

Open in new window

Then reboot your computer

Keep in mind that this can have some performance impact on your computer. Especially on directories with a large number of files.

After the access timestamps are enabled these can be displayed by starting a command prompt (cmd.exe)
and then "cd" to the directory with batchfiles. Then type:
dir /A /T:A

Or by opening a File Explorer
Go to the directory with the batchfiles
Right click on a column, add the field "Date accessed"

You have to find out if you get reliable results as it might be that by only listing the file, the timestamp is also updated.
0
Do email signature updates give you a headache?

Are you constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

 
LVL 68

Expert Comment

by:Qlemo
ID: 40577152
This is the reason I posted a reliable alternative approach in http:#a40576141
0
 

Author Closing Comment

by:j-pink
ID: 40577391
In this case nobody lists or looks at the files but me. I can leave them alone until this research is complete.
I like this solution because I can implement it myself. I am an application person and will have to get "approval" from the windows person to do this. I tried it on my own computer/node and it works for what I need.

It may be that he will prefer to implement the security policy method, or even a process monitor. But this was the best way for me to solve the problem independently.  Thank you.
0
 

Author Comment

by:j-pink
ID: 40578263
p.s  Doing an "ls" ( or windows explorer window open or refresh) does not change the lastaccess date and time, per my tests.
0
 
LVL 11

Expert Comment

by:zalazar
ID: 40578308
Thanks for the update and good to hear that this method is what you need. Thanks also for the info that the explorer does not change the last access date/time.
0

Featured Post

Promote certifications in your email signature

Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now