Automate Folder Verification on Windows with the FolderManifest CLI

• →Generate a JSON baseline once, then verify against it on a schedule.
• →verify exits 1 on drift — your script alerts only when something actually changed.
• →Task Scheduler runs it without anyone logged in.
• →verify is read-only — safe to run unattended every night.

Why automate verification?

A folder you check by hand is a folder you check until you forget. Silent corruption, an over-eager sync client, a ransomware process, or a well-meaning colleague who "tidied up" — the damage usually happens between the times a human remembers to look. Automated verification closes that gap: the folder checks itself every night and only interrupts you when something is actually wrong.

The FolderManifest CLI is built for exactly this. generate and verify are scriptable, the exit codes are stable, and each command runs as a short-lived headless process — so it slots into Windows Task Scheduler without the app window open. The result is a simple, durable safety net: a nightly job that turns "I hope those files are fine" into "I would have been told if they weren't."

Step 1: Generate a baseline

Capture a SHA-256 baseline of the folder as JSON (the machine format verify reads). Do this once, when you know the folder is in a good state.

foldermanifest generate "C:\Backups\Invoices" --format json --out invoices-baseline

That writes invoices-baseline.json. Store it somewhere the folder's own contents can't quietly overwrite it — ideally a separate drive or directory — so a baseline tampered alongside the data can't pass verification. Treat the baseline like a known-good fingerprint of the folder at a moment you trust.

Step 2: Write a verify script

The script runs verify and reacts to the exit code: 0 means unchanged, 1 means drift. Here it is as a Windows batch file that emails on drift (swap in your own alerting):

@echo off
foldermanifest verify "C:\Backups\Invoices" --manifest "D:\baselines\invoices-baseline.json" --quiet
if %ERRORLEVEL%==0 (
  echo OK: invoices unchanged
) else if %ERRORLEVEL%==1 (
  echo DRIFT: invoices changed - sending alert
  powershell -Command "Send-MailMessage -To 'oncall@example.com' -From 'alerts@example.com' -Subject 'Invoice folder changed' -SmtpServer 'smtp.example.com'"
) else (
  echo CLI error or no license - exit %ERRORLEVEL%
)

The final else is the part most scripts forget: a lapsed trial or a usage error must not look like "all clear." Handling every non-zero, non-1 code as a failure is what keeps the schedule honest.

What the exit codes mean

Every FolderManifest command returns a stable exit code, so a scheduled task can act on the result without parsing any output. These four codes are the whole contract:

Step 3: Schedule it with Windows Task Scheduler

Register the batch file to run every night at 02:00. The fastest path is one line from an elevated Command Prompt:

schtasks /Create ^
  /TN "FolderManifest Verify Invoices" ^
  /TR "C:\scripts\verify-invoices.bat" ^
  /SC DAILY /ST 02:00 /RL HIGHEST /F

Prefer the GUI? Open Task Scheduler → Create Task, add a Daily trigger at your chosen time, and set the action to start C:\scripts\verify-invoices.bat. Then run it once to confirm it works end to end:

schtasks /Run /TN "FolderManifest Verify Invoices"

Check the result with schtasks /Query /TN "FolderManifest Verify Invoices" /V /FO LIST, which prints the last run time and last result code.

Run it unattended (no one logged in)

For a server or a workstation that isn't always signed in, configure the task to run whether or not the user is logged on. In the GUI that's the "Run whether user is logged on or not" radio button on the General tab; from the command line, supply the run-as account:

schtasks /Create ^
  /TN "FolderManifest Verify Invoices" ^
  /TR "C:\scripts\verify-invoices.bat" ^
  /SC DAILY /ST 02:00 /RL HIGHEST /F ^
  /RU "DOMAIN\svc-foldermanifest" /RP *

Two requirements make unattended runs reliable: the run-as account must have read access to the folder and its baseline, and the machine must hold an active FolderManifest trial or license. The verify command needs no interactive desktop, so headless and service contexts are fully supported.

Step 4: Scale with a reproducible --config

One folder is rarely the whole story. Instead of a script per folder, list every job in a JSON config and run them with a single command. The exit code is the worst result among the jobs, so the schedule still reduces to "did anything fail?"

{
  "jobs": [
    { "cmd": "verify", "paths": ["C:\\Backups\\Invoices"], "manifest": "D:\\baselines\\invoices-baseline.json" },
    { "cmd": "verify", "paths": ["C:\\Backups\\Contracts"], "manifest": "D:\\baselines\\contracts-baseline.json" },
    { "cmd": "generate", "paths": ["C:\\Backups\\Daily"], "format": "json", "out": "D:\\baselines\\daily" }
  ]
}

foldermanifest --config nightly.json

Point a single Task Scheduler job at this command and you've automated the whole routine. Commit nightly.json to your ops repo and it becomes version-controlled and reviewable — see the reproducible --config guide for the full pattern. New folder to watch? Add three lines, not a new scheduled task.

Logging & history

For an audit trail, append each run's outcome to a dated log and keep the HTML reports. A small change to the batch file captures both:

@echo off
set STAMP=%date:~-4%-%date:~4,2%-%date:~7,2%
foldermanifest verify "C:\Backups\Invoices" ^
  --manifest "D:\baselines\invoices-baseline.json" ^
  --report "D:\reports\invoices-%STAMP%" >> "D:\logs\invoices-verify.log" 2>&1
echo %STAMP% exit=%ERRORLEVEL% >> "D:\logs\invoices-verify.log"

Task Scheduler's History tab records every launch and its result code independently, so even without custom logging you have a built-in record of when the job ran and whether it passed. For a primer on how the underlying hashes work, see verifying folder integrity with CRC32 & SHA-256.