Tag Archives: dirquota

PowerShell FSRM Deployment on Windows Server 2012

In order to deploy File Server Resource Manager using PowerShell I’m going to perform the following tasks:

1. Install FSRM role service
2. Create report and templates paths
2. Configure the global FSRM settings
3. Remove built-In file group
4. Create standard file groups
5. Remove built-In file screen templates
6. Create standard file screen template
7. Remove built-In quota templates
8. Create standard quota templates
9. Apply the quotas, file screens, and storage reports

#Install File Server Resource Manager role service
The following code checks if the FSRM role service is already installed, and if not, proceeds with the installation including the Management Tolls (FSRM snap-in and dirquota, filescrn, and storrept command-line utilities).

#Create log, storage reports and quota templates paths

Before configuring the FSRM, I need to set-up few items that will be used later on.
Incident, Scheduled, and Interactive paths should be created to store the generated FSRM reports.
Logging path, as well as templates folder where predefined quota XML templates will be copied (the command-line tool dirquota can be used to export quota templates to XML format).

Using a simple transcript recording to capture the script activities into a log file:

Note: PowerShell ISE does not support transcription. Running it from the console will do the job.

Copy the standard quota templates I’ve stored on a network share locally:

# Configure the global FSRM settings
Windows File Server Resource Manager provides a wide set of reporting functions that give us the opportunity to generate detailed file system reports.
For the sake of demonstration I’m going to configure only the Report Locations and Email Notifications options.

FSRM Global Settings
FSRM Global Settings – Email Notifications & Storage Report Locations

Incident reports are generated automatically when a user exceeds the quota threshold or tries to save an unauthorized file.
Scheduled reports are generated periodically based on a scheduled report task.
Interactive reports are generated on-demand/upon request.

By default, the reports are stored in C:\StorageReports folder, but can be saved in other locations including network shares. In addition, notifications and reports can also be emailed to the specified admin email address.
Set-FsrmSetting cmdlet (comes with FSRM module for PowerShell) will help us to configure the global settings:

For additional parameters, please expand:

Set-FsrmSetting Parameters

Parameter Name Description
AdminEmailAddress Specifies a semicolon-separated list of email addresses for the recipients of any email that the server sends to the administrator.
CommandNotificationLimit Specifies the minimum number of seconds between individual running events of a command-type notification. If multiple command notifications occur, the server runs the command notification only if at least this amount of time has passed since the server last performed this action.
EmailNotificationLimit Specifies the minimum number of seconds between individual running events of an email-type notification. If multiple command notifications occur, the server runs the command notification only if at least this amount of time has passed since the server last performed this action.
EventNotificationLimit Specifies the minimum number of seconds between individual running events of an event-type notification. If multiple command notifications occur, the server runs the command notification only if at least this amount of time has passed since the server last performed this action.
FromEmailAddress Specifies the default email address from which FSRM sends email messages.
ReportClassificationFormat Specifies an array of formats of classification reports that the server generates. The acceptable values for this parameter are:? — DHTML — HTML — XML — CSV — Text
ReportClassificationLog Specifies an array of types of logs that the File Classification Infrastructure can generate during classification. The acceptable values for this parameter are:? — None — ClassificationsInLogFile — ErrorsInLogFile — ClassificationsInSystemLog — ErrorsInSystemLog
ReportClassificationMailTo Specifies a semicolon-separated list of email addresses. The server sends the classification reports to the email addresses after a scheduled classification is complete.
ReportFileGroupIncluded Specifies an array of names of file groups to include in the report. Each string must be the name of a valid file group.
ReportFileOwnerFilePattern Specifies a file pattern string that indicates which files to include in the file by owner report. You can use the wildcard characters * and ? in the string.
ReportFileOwnerUser Specifies an array of users, in Domain\User format, to include files for in the file by owner report. The default value is an empty list, which indicates all users.
ReportFileScreenAuditDaysSince Specifies the minimum number of days since the audit event to include in the report.
ReportFileScreenAuditEnable Indicates that file screen auditing is enabled.
ReportFileScreenAuditUser Specifies an array of user email addresses to include audit events for. The default value is an empty list, which indicates all users.
ReportLargeFileMinimum Specifies the minimum file size to include in the large file report.
ReportLargeFilePattern Specifies a string of files to include in the large file report. You can use the wildcard characters * and ? in the string.
ReportLeastAccessedFilePattern Specifies a string of files to include in the least frequently accessed report. You can use the wildcard characters * and ? in the string.
ReportLeastAccessedMinimum Specifies the minimum number of days since the report was last accessed, to include in the least frequently accessed report.
ReportLimitMaxDuplicateGroup Specifies the maximum number of groups of duplicate files to include in the duplicate files report.
ReportLimitMaxFile Specifies the maximum number of files to include in a storage report.
ReportLimitMaxFileGroup Specifies the maximum number of file groups to include in a file group report.
ReportLimitMaxFileScreenEvent Specifies the maximum number of file screens events to include in a file screen audit report.
ReportLimitMaxFilesPerDuplicateGroup Specifies the maximum number of files in an individual duplicate group to include in a duplicate files report.
ReportLimitMaxFilesPerFileGroup Specifies the maximum number of files in any file group to include in a file group report.
ReportLimitMaxFilesPerOwner Specifies the maximum number of files for any owner to include in a files by owner report.
ReportLimitMaxFilesPerPropertyValue Specifies the maximum number of files for each property value to include in a files by property report.
ReportLimitMaxOwner Specifies the maximum number of owners to include in a files by owner report.
ReportLimitMaxPropertyValue Specifies the maximum number of property values to include in a files by property report.
ReportLimitMaxQuota Specifies the maximum number of quotas to include in a quota usage report.
ReportLocationIncident Specifies a path to a folder where the server stores incident reports.
ReportLocationOnDemand Specifies a path to a folder where the server stores on demand reports.
ReportLocationScheduled Specifies a path to a folder where the server stores scheduled reports.
ReportMostAccessedFilePattern Specifies a string of files to include in the most frequently accessed report. You can use the wildcard characters * and ? in the string.
ReportMostAccessedMaximum Specifies the maximum number of days since the report was last accessed, to include in the most frequently accessed report.
ReportNotificationLimit Specifies the minimum number of seconds between individual running events of a report notification. If multiple report notifications occur, the server runs the report notification only if at least this amount of time have passed since the server last performed this action.
ReportPropertyFilePattern Specifies a string of files to include in the file by property report. You can use the wildcard characters * and ? in the string.
ReportPropertyName Specifies the property name to report on for a file by property report.
ReportQuotaMinimumUsage Specifies the minimum quota usage level to include in the quota usage report.
SmtpServer Specifies the fully qualified domain name (FQDN) or IP address of the SMTP server that FSRM uses to send email.

#Remove built-in File Groups
File Group is a collection of predefined file name patterns which are later used for File Screen and Storage Reports exceptions and classifications.
I have my own preferences, so I’m going to remove the built-in file groups:

and create my enterprise’s standard ones:

Will do the same with the Built-In File Screen Templates:

This time, I will create new FSRM action, so when an event is triggered it will send an email notification to the administrator and the user (FSRM action can create an event log entry, send email notification to one or more recipients, run a specific command, or generate storage reports):

For additional parameters, please expand:

New-FsrmAction Parameters

Parameter Name Description
Body Specifies the content of an email. If you specify this parameter, you must set Email or Event Specify for the Type parameter.
Command Specifies the full path to the program or script. If you specify this parameter, you must set Command for the Type parameter.
CommandParameters Specifies the parameters for the program or script. If you specify this parameter, you must set Command for the Type parameter.
EventType Specifies the event type of the action. If you specify this parameter, you must set Event for the Type parameter. The acceptable values for this parameter are:?
— None
— Information
— Warning
— Error
KillTimeOut Specifies the timeout period, in minutes, after which the process that the action created is ended. Specify the default, -1, to indicate that the server does not end the process. If you specify this parameter, you must set Command for the Type parameter.
MailBCC Specifies a semicolon-separated list of email addresses for the Bcc recipients of an email. Valid email addresses are an administrator email account or the owner of the file. If you specify this parameter, you must set Email for the Type parameter.
MailCC Specifies a semicolon-separated list of email addresses for the Cc recipients of an email. Valid email addresses are an administrator email account or the owner of the file. If you specify this parameter, you must set Email for the Type parameter.
MailTo Specifies a semicolon-separated list of email addresses for the recipients of an email. Valid email addresses are an administrator email account or the owner of the file. If you specify this parameter, you must set Email for the Type parameter.
ReportTypes Specifies an array of report types that the action generates. If you specify this parameter, you must set Report for the Type parameter. The acceptable values for this parameter are:?
— DuplicateFiles
— FilesByFileGroup
— FilesByOwner
— FilesByProperty
— LargeFiles
— LeastRecentlyAccessed
— MostRecentlyAccessed
— QuotaUsage
RunLimitInterval Specifies the minimum interval, in minutes, before the server can run the action again. For example, if the interval expired since the action last ran, the server runs the action again in response to an event; otherwise, the server cannot run the action again. The default value, 60, specifies that there is no limit.
SecurityLevel Specifies the computer account type under which the program or script runs. The acceptable values for this parameter are:?
— LocalService
— NetworkService
— LocalSystem
ShouldLogError Indicates that the server records errors codes from running commands in the event log.
Subject Specifies the subject of an email. The maximum size of a subject is 1 KB. If you specify this parameter, you must set Email for the Type parameter.
Type Specifies the type of the action. This setting determines the action that the server takes in response to a quota or file screen event. The acceptable values for this parameter are:?
— Email
— Event
— Command
— Report
WorkingDirectory Specifies the working directory in which the program or script runs. You must specify a valid path to a folder. FSRM does not support paths to remote computers.

New-FsrmFileScreenTemplate Parameters

Parameter Name Description
Active Indicates that the server will fail any I/O operation that violates the file screen. If you do not specify this parameter, the server does not fail violating I/O operations and still runs any action that is associated with the file screen.
Description Specifies a description for the file screen template.
IncludeGroup Specifies an array of names of file groups that you want to exclude from file screening.
Name Specifies the name for the file screen template.
Notification Specifies an array of notification action objects. You can use the New-FsrmFmjNotificationAction cmdlet to create a FsrmFmjNotificationAction object.

File Screen Notification variables:
[File Screen Path], [File Screen Remote Paths], [File Screen System Path], [Violated File Group], [Source File Path], [Source File Owner],[Source File Owner Email], [Source Process Id], [Source Process Image], [Source Io Owner], [Source Io Owner Email], [Server], [Server Domain], [Admin Email], [Source File Remote Paths]

#Remove the Built-In Quota Templates

#Create Standard Quota Templates

 

Quota Notification variables:
[Quota Path], [Quota Remote Paths], [Quota System Path], [Quota Limit], [Quota Limit KB], [Quota Limit MB], [Quota Limit GB], [Quota Limit TB], [Quota Threshold], [Quota Used], [Quota Used KB], [Quota Used MB], [Quota Used GB], [Quota Used TB], [Quota Used Percent], [Quota Peak], [Quota Peak KB], [Quota Peak MB], [Quota Peak GB], [Quota Peak TB], [Quota Peak Percent], [Quota Peak Time], [Quota Free], [Quota Free KB], [Quota Free MB], [Quota Free GB], [Quota Free TB], [Quota Free Percent], [Source File Path], [Source File Owner], [Source File Owner Email], [Source Process Id], [Source Process Image], [Source Io Owner], [Source Io Owner Email], [Server], [Server Domain], [Admin Email], [Source File Remote Paths]