Month: August 2011

Monitoring Volume Change Events in PowerShell using WMI

While I was preparing a few demo scripts for a Bangalore IT Pro UG meet session, I tumbled upon on WMI event class Win32_VolumeChangeEvent. This one is interesting. It is derived from Win32_DeviceChangeEvent class and gives us the ability to monitor local drive events directly.For example, you can get a notification when a local drive or mount point gets removed or added. The following table shows a list of event types we can monitor. Note This class may not be there on Windows XP. I have not verified this fact. Value Meaning 1 Configuration Changed 2 Device Arrival 3 Device Removal 4 Docking Let us see a few examples: Adding a new local drive We can monitor a local drive addition using the following query:

Using this, you can monitor removable drives such as external hard drives and flash drives.  Removal of a local drive To monitor the removal of local drive events, we can use the following query:

Registering for the above events

Once we have these event registrations done, we …