In order to deploy File Server Resource Manager using PowerShell I’m going to perform the following tasks:
1. Install FSRM role service
2. Create report and templates paths
2. Configure the global FSRM settings
3. Remove built-In file group
4. Create standard file groups
5. Remove built-In file screen templates
6. Create standard file screen template
7. Remove built-In quota templates
8. Create standard quota templates
9. Apply the quotas, file screens, and storage reports
#Install File Server Resource Manager role service
The following code checks if the FSRM role service is already installed, and if not, proceeds with the installation including the Management Tolls (FSRM snap-in and dirquota, filescrn, and storrept command-line utilities).
|
1 2 3 4 |
If (-not(Get-WindowsFeature FS-Resource-Manager | Where-Object {$_.Installed -match “True”})) {Install-WindowsFeature –Name FS-Resource-Manager –IncludeManagementTools} else {Write-host "FSRM is already installed" -ForegroundColor Green} |
#Create log, storage reports and quota templates paths
Before configuring the FSRM, I need to set-up few items that will be used later on.
Incident, Scheduled, and Interactive paths should be created to store the generated FSRM reports.
Logging path, as well as templates folder where predefined quota XML templates will be copied (the command-line tool dirquota can be used to export quota templates to XML format).
|
1 2 3 4 5 6 |
$hostname=gc env:computername $Incidentspath="\\FILESERVER01\quota$\$hostname\Reports\Incidents" $Scheduledpath="\\FILESERVER01\quota$\$hostname\Reports\Scheduled" $Interactivepath="\\FILESERVER01\quota$\$hostname\Reports\Interactive" New-Item -Itemtype Directory -path "D:\FSRM\Templates", "D:\FSRM\Logs", ` "\\FILESERVER01\quota$\$hostname", "$Incidentspath", "$Scheduledpath", "$Interactivepath" |
Using a simple transcript recording to capture the script activities into a log file:
|
1 2 |
$logfile = "D:\FSRM\Logs\FSRM_Deploy_$(get-date -format `"yyyyMMdd_hhmmsstt`").log" Start-Transcript -path $logfile |
Note: PowerShell ISE does not support transcription. Running it from the console will do the job.
Copy the standard quota templates I’ve stored on a network share locally:
|
1 |
Copy-Item "\\FILESERVER01\W2K12_Production_Install\Templates\*.xml" D:\FSRM\Templates -Force |
# Configure the global FSRM settings
Windows File Server Resource Manager provides a wide set of reporting functions that give us the opportunity to generate detailed file system reports.
For the sake of demonstration I’m going to configure only the Report Locations and Email Notifications options.
Incident reports are generated automatically when a user exceeds the quota threshold or tries to save an unauthorized file.
Scheduled reports are generated periodically based on a scheduled report task.
Interactive reports are generated on-demand/upon request.
By default, the reports are stored in C:\StorageReports folder, but can be saved in other locations including network shares. In addition, notifications and reports can also be emailed to the specified admin email address.
Set-FsrmSetting cmdlet (comes with FSRM module for PowerShell) will help us to configure the global settings:
|
1 2 3 4 5 6 |
Set-FsrmSetting -SmtpServer "SMTP.SMTPSERVER.COM" ` -AdminEmailAddress "admin@yourdomain.com" ` -FromEmailAddress "admin@yourdomain.com" ` -ReportLocationScheduled "$Scheduledpath" ` -ReportLocationIncident "$Incidentspath" ` -ReportLocationOnDemand "$Interactivepath" |
For additional parameters, please expand:
Set-FsrmSetting Parameters
| Parameter Name | Description |
| AdminEmailAddress | Specifies a semicolon-separated list of email addresses for the recipients of any email that the server sends to the administrator. |
| CommandNotificationLimit | Specifies the minimum number of seconds between individual running events of a command-type notification. If multiple command notifications occur, the server runs the command notification only if at least this amount of time has passed since the server last performed this action. |
| EmailNotificationLimit | Specifies the minimum number of seconds between individual running events of an email-type notification. If multiple command notifications occur, the server runs the command notification only if at least this amount of time has passed since the server last performed this action. |
| EventNotificationLimit | Specifies the minimum number of seconds between individual running events of an event-type notification. If multiple command notifications occur, the server runs the command notification only if at least this amount of time has passed since the server last performed this action. |
| FromEmailAddress | Specifies the default email address from which FSRM sends email messages. |
| ReportClassificationFormat | Specifies an array of formats of classification reports that the server generates. The acceptable values for this parameter are:? — DHTML — HTML — XML — CSV — Text |
| ReportClassificationLog | Specifies an array of types of logs that the File Classification Infrastructure can generate during classification. The acceptable values for this parameter are:? — None — ClassificationsInLogFile — ErrorsInLogFile — ClassificationsInSystemLog — ErrorsInSystemLog |
| ReportClassificationMailTo | Specifies a semicolon-separated list of email addresses. The server sends the classification reports to the email addresses after a scheduled classification is complete. |
| ReportFileGroupIncluded | Specifies an array of names of file groups to include in the report. Each string must be the name of a valid file group. |
| ReportFileOwnerFilePattern | Specifies a file pattern string that indicates which files to include in the file by owner report. You can use the wildcard characters * and ? in the string. |
| ReportFileOwnerUser | Specifies an array of users, in Domain\User format, to include files for in the file by owner report. The default value is an empty list, which indicates all users. |
| ReportFileScreenAuditDaysSince | Specifies the minimum number of days since the audit event to include in the report. |
| ReportFileScreenAuditEnable | Indicates that file screen auditing is enabled. |
| ReportFileScreenAuditUser | Specifies an array of user email addresses to include audit events for. The default value is an empty list, which indicates all users. |
| ReportLargeFileMinimum | Specifies the minimum file size to include in the large file report. |
| ReportLargeFilePattern | Specifies a string of files to include in the large file report. You can use the wildcard characters * and ? in the string. |
| ReportLeastAccessedFilePattern | Specifies a string of files to include in the least frequently accessed report. You can use the wildcard characters * and ? in the string. |
| ReportLeastAccessedMinimum | Specifies the minimum number of days since the report was last accessed, to include in the least frequently accessed report. |
| ReportLimitMaxDuplicateGroup | Specifies the maximum number of groups of duplicate files to include in the duplicate files report. |
| ReportLimitMaxFile | Specifies the maximum number of files to include in a storage report. |
| ReportLimitMaxFileGroup | Specifies the maximum number of file groups to include in a file group report. |
| ReportLimitMaxFileScreenEvent | Specifies the maximum number of file screens events to include in a file screen audit report. |
| ReportLimitMaxFilesPerDuplicateGroup | Specifies the maximum number of files in an individual duplicate group to include in a duplicate files report. |
| ReportLimitMaxFilesPerFileGroup | Specifies the maximum number of files in any file group to include in a file group report. |
| ReportLimitMaxFilesPerOwner | Specifies the maximum number of files for any owner to include in a files by owner report. |
| ReportLimitMaxFilesPerPropertyValue | Specifies the maximum number of files for each property value to include in a files by property report. |
| ReportLimitMaxOwner | Specifies the maximum number of owners to include in a files by owner report. |
| ReportLimitMaxPropertyValue | Specifies the maximum number of property values to include in a files by property report. |
| ReportLimitMaxQuota | Specifies the maximum number of quotas to include in a quota usage report. |
| ReportLocationIncident | Specifies a path to a folder where the server stores incident reports. |
| ReportLocationOnDemand | Specifies a path to a folder where the server stores on demand reports. |
| ReportLocationScheduled | Specifies a path to a folder where the server stores scheduled reports. |
| ReportMostAccessedFilePattern | Specifies a string of files to include in the most frequently accessed report. You can use the wildcard characters * and ? in the string. |
| ReportMostAccessedMaximum | Specifies the maximum number of days since the report was last accessed, to include in the most frequently accessed report. |
| ReportNotificationLimit | Specifies the minimum number of seconds between individual running events of a report notification. If multiple report notifications occur, the server runs the report notification only if at least this amount of time have passed since the server last performed this action. |
| ReportPropertyFilePattern | Specifies a string of files to include in the file by property report. You can use the wildcard characters * and ? in the string. |
| ReportPropertyName | Specifies the property name to report on for a file by property report. |
| ReportQuotaMinimumUsage | Specifies the minimum quota usage level to include in the quota usage report. |
| SmtpServer | Specifies the fully qualified domain name (FQDN) or IP address of the SMTP server that FSRM uses to send email. |
#Remove built-in File Groups
File Group is a collection of predefined file name patterns which are later used for File Screen and Storage Reports exceptions and classifications.
I have my own preferences, so I’m going to remove the built-in file groups:
|
1 2 |
Remove-FsrmFileGroup -Name "Audio and Video Files", "Image Files", "Office Files", "E-mail Files","Executable Files", ` "System Files", "Compressed Files", "Web Page Files", "Text Files", "Backup Files", "Temporary Files" -Confirm:$false |
and create my enterprise’s standard ones:
|
1 2 3 4 5 |
New-FsrmFileGroup -Name "Access Database" –IncludePattern "*.mdb" New-FsrmFileGroup -Name "Photographs and Graphics" –IncludePattern @("*.bmp", "*.dib", "*.eps", "*.gif", "*.img", ` "*.jfif", "*.jpe", "*.jpeg", "*.jpg", "*.pcx", "*.png", "*.ps", "*.psd", "*.raw", "*.rif", "*.spiff", "*.tif", "*.tiff") New-FsrmFileGroup -Name "Music and Video" –IncludePattern @("*.aac", "*.aif", "*.aiff", "*.asf", "*.asx", "*.au", "*.avi", "*.flac", "*.m3u", "*.mid", "*.midi", "*.mov", "*.mp2", "*.mp3", ` "*.mp4", "*.mpa", "*.mpe", "*.mpeg", "*.mpeg2", "*.mpeg3", "*.mpg", "*.ogg", "*.qt", "*.qtw", "*.ram", "*.rm", "*.rmi", "*.rmvb", "*.snd", "*.swf", "*.vob", "*.wav", "*.wax", "*.wma", "*.wmv", "*.wvx") |
Will do the same with the Built-In File Screen Templates:
|
1 |
Remove-FsrmFileScreenTemplate -Name "Block Audio and Video Files", "Block Executable Files", "Block Image Files", "Block E-mail Files", "Monitor Executable and System Files" -Confirm:$false |
This time, I will create new FSRM action, so when an event is triggered it will send an email notification to the administrator and the user (FSRM action can create an event log entry, send email notification to one or more recipients, run a specific command, or generate storage reports):
|
1 2 3 4 5 |
$FscreenNotification = New-FsrmAction -Type Email ` -MailTo "[Source Io Owner Email]" ` -Subject "Unauthorized file from the [Violated File Group] file group detected" ` -Body "User [Source Io Owner] attempted to save [Source File Path] to [File Screen Path] on the [Server] server. This file is in the [Violated File Group] file group." |
For additional parameters, please expand:
New-FsrmAction Parameters
| Parameter Name | Description |
| Body | Specifies the content of an email. If you specify this parameter, you must set Email or Event Specify for the Type parameter. |
| Command | Specifies the full path to the program or script. If you specify this parameter, you must set Command for the Type parameter. |
| CommandParameters | Specifies the parameters for the program or script. If you specify this parameter, you must set Command for the Type parameter. |
| EventType | Specifies the event type of the action. If you specify this parameter, you must set Event for the Type parameter. The acceptable values for this parameter are:? — None — Information — Warning — Error |
| KillTimeOut | Specifies the timeout period, in minutes, after which the process that the action created is ended. Specify the default, -1, to indicate that the server does not end the process. If you specify this parameter, you must set Command for the Type parameter. |
| MailBCC | Specifies a semicolon-separated list of email addresses for the Bcc recipients of an email. Valid email addresses are an administrator email account or the owner of the file. If you specify this parameter, you must set Email for the Type parameter. |
| MailCC | Specifies a semicolon-separated list of email addresses for the Cc recipients of an email. Valid email addresses are an administrator email account or the owner of the file. If you specify this parameter, you must set Email for the Type parameter. |
| MailTo | Specifies a semicolon-separated list of email addresses for the recipients of an email. Valid email addresses are an administrator email account or the owner of the file. If you specify this parameter, you must set Email for the Type parameter. |
| ReportTypes | Specifies an array of report types that the action generates. If you specify this parameter, you must set Report for the Type parameter. The acceptable values for this parameter are:? — DuplicateFiles — FilesByFileGroup — FilesByOwner — FilesByProperty — LargeFiles — LeastRecentlyAccessed — MostRecentlyAccessed — QuotaUsage |
| RunLimitInterval | Specifies the minimum interval, in minutes, before the server can run the action again. For example, if the interval expired since the action last ran, the server runs the action again in response to an event; otherwise, the server cannot run the action again. The default value, 60, specifies that there is no limit. |
| SecurityLevel | Specifies the computer account type under which the program or script runs. The acceptable values for this parameter are:? — LocalService — NetworkService — LocalSystem |
| ShouldLogError | Indicates that the server records errors codes from running commands in the event log. |
| Subject | Specifies the subject of an email. The maximum size of a subject is 1 KB. If you specify this parameter, you must set Email for the Type parameter. |
| Type | Specifies the type of the action. This setting determines the action that the server takes in response to a quota or file screen event. The acceptable values for this parameter are:? — Event — Command — Report |
| WorkingDirectory | Specifies the working directory in which the program or script runs. You must specify a valid path to a folder. FSRM does not support paths to remote computers. |
New-FsrmFileScreenTemplate Parameters
| Parameter Name | Description |
| Active | Indicates that the server will fail any I/O operation that violates the file screen. If you do not specify this parameter, the server does not fail violating I/O operations and still runs any action that is associated with the file screen. |
| Description | Specifies a description for the file screen template. |
| IncludeGroup | Specifies an array of names of file groups that you want to exclude from file screening. |
| Name | Specifies the name for the file screen template. |
| Notification | Specifies an array of notification action objects. You can use the New-FsrmFmjNotificationAction cmdlet to create a FsrmFmjNotificationAction object. |
File Screen Notification variables:
[File Screen Path], [File Screen Remote Paths], [File Screen System Path], [Violated File Group], [Source File Path], [Source File Owner],[Source File Owner Email], [Source Process Id], [Source Process Image], [Source Io Owner], [Source Io Owner Email], [Server], [Server Domain], [Admin Email], [Source File Remote Paths]
#Remove the Built-In Quota Templates
|
1 2 3 |
Remove-FsrmQuotaTemplate "100 MB Limit", "200 MB Limit Reports to User",` "200 MB Limit with 50 MB Extension", "250 MB Extended Limit", ` "Monitor 200 GB Volume Usage", "Monitor 500 MB Share" -Confirm:$false |
#Create Standard Quota Templates
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
#Quota Templates $template10GB = "10GB_User_Limit" $template10GB_ext= "10GB_User_Limit_500MB_Extension" #Create FSRMActions $FSRMActionEvent = New-FsrmAction Event -EventType Information -Body "User [Source Io Owner] has exceeded the [Quota Threshold]% quota threshold for the quota on [Quota Path] on server [Server]. The quota limit is [Quota Limit MB] MB, and [Quota Used MB] MB currently is in use ([Quota Used Percent]% of limit)." $FSRMActionEmail = New-FsrmAction Email -MailTo "[Source Io Owner Email]" -Subject "[Quota Threshold]% quota threshold exceeded" -Body "User [Source Io Owner] has exceeded the [Quota Threshold]% quota threshold for the quota on [Quota Path] on server [Server]. The quota limit is [Quota Limit MB] MB, and [Quota Used MB] MB currently is in use ([Quota Used Percent]% of limit)." $FSRMActionEmail_100 = New-FsrmAction Email -MailTo "[Source Io Owner Email]" -Subject "[Quota Threshold]% quota threshold exceeded" -Body "User [Source Io Owner] has reached the quota limit for quota on [Quota Path] on server [Server]. The quota limit is [Quota Limit MB] MB and the current usage is [Quota Used MB] MB ([Quota Used Percent]% of limit). An automatic one-time extension has been granted of 500 MB." $FSRMActionEvent_100 = New-FsrmAction Event -EventType Information -Body "[Source Io Owner] has reached the quota limit for quota on [Quota Path] on server [Server]. An automatic one-time extension of 500 MB has been granted." $FSRMActionCommand = New-FsrmAction Command -Command "%windir%\system32\dirquota.exe" -CommandParameters "quota modify /path:[Quota Path] /sourcetemplate:$template10GB_ext" -KillTimeOut 1 -SecurityLevel LocalSystem #Quota thresholds $Threshold_80 = New-FsrmQuotaThreshold -Percentage 80 -action $FSRMActionEvent, $FSRMActionEmail $Threshold_95 = New-FsrmQuotaThreshold -Percentage 95 -action $FSRMActionEvent, $FSRMActionEmail $Threshold_100 = New-FsrmQuotaThreshold -Percentage 100 -action $FSRMActionEvent_100, $FSRMActionEmail_100, $FSRMActionCommand #Create quota template New-FsrmQuotaTemplate -name $template10GB -Description $template10GB -size 10GB -Threshold $Threshold_80, $Threshold_95, $Threshold_100 |
Quota Notification variables:
[Quota Path], [Quota Remote Paths], [Quota System Path], [Quota Limit], [Quota Limit KB], [Quota Limit MB], [Quota Limit GB], [Quota Limit TB], [Quota Threshold], [Quota Used], [Quota Used KB], [Quota Used MB], [Quota Used GB], [Quota Used TB], [Quota Used Percent], [Quota Peak], [Quota Peak KB], [Quota Peak MB], [Quota Peak GB], [Quota Peak TB], [Quota Peak Percent], [Quota Peak Time], [Quota Free], [Quota Free KB], [Quota Free MB], [Quota Free GB], [Quota Free TB], [Quota Free Percent], [Source File Path], [Source File Owner], [Source File Owner Email], [Source Process Id], [Source Process Image], [Source Io Owner], [Source Io Owner Email], [Server], [Server Domain], [Admin Email], [Source File Remote Paths]