Monitor File Changes & Restart App with PowerShell
Updated on August 7, 2025, by ITarian
Have you ever needed to keep a critical application running based on file activity—like when a config file gets updated, or a log changes state? Knowing how to monitor file change with PowerShell and restart application services or processes in real-time can be a game-changer for IT teams and cybersecurity professionals.
Whether you’re maintaining uptime, reacting to unauthorized file tampering, or automatically reloading services upon changes, PowerShell offers powerful tools to automate it all.
In this guide, we’ll walk you through how to:
- Detect file system changes using PowerShell
- Automatically restart services or apps when changes occur
- Implement security-focused monitoring
- Leverage scripts in production environments
Let’s dive in.
Why Monitor File Changes in the First Place?
Monitoring files for changes is essential in:
- DevOps pipelines (e.g., auto-restart apps after config change)
- Security monitoring (e.g., detect tampering of log or config files)
- IT automation (e.g., restart services after file updates)
- Compliance audits (e.g., alert on unauthorized modifications)
When combined with restart logic, this technique supports self-healing systems, faster recovery, and enhanced security postures.
Tools You’ll Need
To implement this solution, you’ll need:
- PowerShell (preferably version 5.1+ or PowerShell Core 7+)
- Administrator privileges (for restarting apps/services)
- Target application or service name
- File path or folder to monitor
Step-by-Step: How to Monitor File Change with PowerShell
Step 1: Use Register-ObjectEvent to Watch for File Changes
PowerShell’s System.IO.FileSystemWatcher lets you subscribe to file system events.
Here’s a basic setup:
powershell
CopyEdit
$watcher = New-Object System.IO.FileSystemWatcher
$watcher.Path = “C:\Path\To\Monitor”
$watcher.Filter = “settings.json”
$watcher.NotifyFilter = [System.IO.NotifyFilters]::LastWrite
Register-ObjectEvent $watcher Changed -Action {
Write-Host “File has changed. Restarting application…”
Stop-Process -Name “YourAppName” -Force
Start-Process “C:\Path\To\YourApp.exe”
}
This script monitors settings.json for write changes and restarts the specified application when detected.
Step 2: Keep the Script Running
PowerShell scripts with events must stay alive to catch events.
Add this loop at the end of your script:
powershell
CopyEdit
while ($true) {
Start-Sleep -Seconds 5
}
Pro Tip: Use Start-Job or run it as a background task with Windows Task Scheduler or NSSM (Non-Sucking Service Manager).
Step 3: Use Logging for Auditing
Want to track each event for compliance?
Add this inside the -Action block:
powershell
CopyEdit
$timestamp = Get-Date -Format “yyyy-MM-dd HH:mm:ss”
Add-Content “C:\Logs\FileWatcher.log” “$timestamp – File change detected. Restarting application.”
Advanced Example: Monitor Multiple Files & Restart IIS
Need to monitor a web.config and restart IIS when it changes?
powershell
CopyEdit
$watcher = New-Object System.IO.FileSystemWatcher
$watcher.Path = “C:\inetpub\wwwroot\myapp”
$watcher.Filter = “web.config”
$watcher.NotifyFilter = [System.IO.NotifyFilters]::LastWrite
$watcher.IncludeSubdirectories = $false
$watcher.EnableRaisingEvents = $true
Register-ObjectEvent $watcher Changed -Action {
Write-Output “web.config changed. Restarting IIS.”
Restart-Service W3SVC
}
This can also be used for security hardening. If someone modifies web.config unexpectedly, you can trigger alerts and restarts instantly.
How to Restart an Application with PowerShell
There are multiple ways to restart apps. Choose based on context:
1. Restart a Service
powershell
CopyEdit
Restart-Service -Name “Spooler”
2. Kill and Start a Process
powershell
CopyEdit
Stop-Process -Name “notepad” -Force
Start-Process “notepad.exe”
3. Use WMI for Remote Restarts
powershell
CopyEdit
Invoke-Command -ComputerName RemotePC -ScriptBlock {
Stop-Process -Name “AppName” -Force
Start-Process “C:\App\app.exe”
}
Combine these with FileSystemWatcher to build a complete auto-recovery solution.
Security Use Case: Detect File Tampering and Trigger a Response
Let’s say you want to monitor a log file for unauthorized modification and:
- Log the incident
- Alert an admin
- Restart a firewall or app
Example:
powershell
CopyEdit
$watcher = New-Object System.IO.FileSystemWatcher
$watcher.Path = “C:\Logs\Security”
$watcher.Filter = “firewall.log”
$watcher.NotifyFilter = [System.IO.NotifyFilters]::LastWrite
Register-ObjectEvent $watcher Changed -Action {
$time = Get-Date
Add-Content “C:\Logs\security_watch.log” “$time – Unauthorized change detected”
Send-MailMessage -From alert@domain.com -To admin@domain.com -Subject “Log Modified!” -Body “Firewall log changed at $time” -SmtpServer smtp.domain.com
Restart-Service “Windows Defender Firewall”
}
This adds a security automation layer using built-in PowerShell features.
Scheduling the Script to Run at Startup
To ensure your file watcher runs persistently:
Option 1: Task Scheduler
- Open Task Scheduler
- Create a new task
- Trigger: At system startup
- Action: Start PowerShell with argument:
bash
CopyEdit
powershell.exe -ExecutionPolicy Bypass -File “C:\Scripts\watcher.ps1”
Option 2: Convert Script to a Windows Service
Use tools like:
- NSSM (Non-Sucking Service Manager)
- PowerShell modules like New-Service for native services
Troubleshooting Common Issues
| Issue | Solution |
| Script exits immediately | Add a while ($true) loop |
| No action on file change | Ensure EnableRaisingEvents = $true is set |
| Process not restarting | Verify file paths and app permissions |
| Cannot access file | Run PowerShell as Administrator |
Always test your scripts in a controlled environment before deploying to production.
LSI and Secondary Keywords Naturally Included
- PowerShell file watcher
- Automatically restart app
- Monitor folder for changes
- File system monitoring PowerShell
- PowerShell script to restart service
- Detect file modification
- Automate application recovery
FAQs: Monitoring File Changes with PowerShell
1. Can I monitor an entire folder instead of a single file?
Yes! Just change the filter:
powershell
CopyEdit
$watcher.Filter = “*.*”
$watcher.IncludeSubdirectories = $true
2. How do I restart a Windows service automatically?
Use:
powershell
CopyEdit
Restart-Service -Name “ServiceName”
This works well for IIS, SQL Server, or custom services.
3. What file system events can I monitor?
You can monitor:
- Changed (file modified)
- Created (file added)
- Deleted (file removed)
- Renamed (file name changed)
4. Can I run the script as a background service?
Yes. Use Task Scheduler, NSSM, or create a custom Windows service using PowerShell or C#.
5. Is this solution secure for production environments?
With proper permissions, logging, and alerts, this is a lightweight yet powerful method to automate file change monitoring with minimal attack surface.
Final Thoughts
Mastering how to monitor file change with PowerShell and restart application empowers IT leaders to create resilient, responsive, and secure systems. From restarting apps after config updates to detecting suspicious file activity, this strategy reduces downtime and accelerates response times.
This simple yet powerful approach supports:
- Zero-touch automation
- Improved operational uptime
- Rapid security remediation
Ready to automate your IT infrastructure and secure endpoints with real-time monitoring?
Start your FREE Itarian trial now and gain access to robust automation, patching, and file integrity monitoring—all in one cloud-native platform.
Loading...
