Geekly Articles each Day
📜 ⬆️ ⬇️

Solve 9 Windows Server 2008 management tasks using PowerShell. Part 2


Using PowerShell, you can solve many tasks of managing Windows Server 2008 much faster than GUIs assume. The last article covered the most common tasks that can be implemented using PowerShell. Today we consider the remaining 4.

6. Get the 10 most recent event log errors
7. We reset access control to the folder
8. Calculate server uptime (uptime)
9. Get information about Service Pack

Original article here . We invite interested persons under cat.

')

6. We get the last 10 errors in the event log



Every morning, you may browse the event logs for the last 10 errors in the system event log on one or more computers. You can simplify this task by using the Get-EventLog cmdlet.
It is necessary to clarify the name of the event log and the type of record. A typical command for a particular task looks like this:

image

In our case, the event log is' system 'and the type of entry is' Error " If we do not specify the computer name, information is collected from the local machine.
Note the messages (Message Column) that are not fully displayed. Let's change the team a little bit so that we can see them completely.

image

We simply passed the output of the previous command to ft , the abbreviation for Format-Table and set the mappings for the table of the following properties: Timewritten , Source , EventID and Message . We also added -wrap and -auto for a more beautiful display. -wrap activates text wrapping, and -auto activates automatic formatting.
What it looks like:

image

Create another version of this command. It sorts the properties by Source and then groups them. The output is passed to more to display only what fits on the screen.

image

Example:

image

Please note that items are grouped by source. First comes EventLog , then Microsoft-Windows-GroupPolicy . - More - indicates the completion of the display, you must press any key in order to view additional information.
All of the Get-EventLog commands that were demonstrated are running on the local computer. Now we will show how to do this on a remote machine.
For example, I need to look at the last 5 errors on domain controllers in an office in Chicago (computer names are chi-dc01 and chi-dc02). Suppose I need to sort and group the results by Machine Name . I would also like to display the following properties of Timewritten , Source , EventID and Message . And again I add -wrap, -auto and more “for beauty”.

image

We get at the output.

image

In the previous post , considering the task number 5 (obtaining information on free space on disks), we considered how to make an HTML report and put it on an Internet server; The same can be done with this task.

7. Reset Folder Access Control

There are many examples when NTFS permissions on a folder are configured wrongly. If this happens, you might want to ask access control for this folder. This is implemented using the Set-Acl cmdlet ( Set-ACL ).
The easiest approach is to use Get-Acl to extract the ACL (Access Control List) from the “good” folder and copy it to the problematic folder. Replace the existing ACL. Although it is possible to create an ACL object from scratch, the first method (copying) is desirable, and now I will demonstrate why.
Suppose that there is a sales folder on the computer CHI-FP01 and this folder has a “good” copy of the ACL. Copy the ACL and save it to the $ acl variable.

image

Let's take a look at the information in the ACL:

image

See the Access property on the right? In fact, this is another object. To view its contents, run the command:

image

What's inside:

image

As you can see, these are access control entries. If you want to see only references (identity references), whose names coincide with “Sales”, then run the following command:

image

Now if we use the same command to view the contents of the Access property belonging to the created chicagosales folder, we will not get anything. Note the use of abbreviations:

image

One of the possible reasons why the values ​​are not displayed may be incorrect issue of NTFS rights.
Obviously, the solution to this problem is to copy the “good” ACL into the “bad” one. But first you need to get the current NTFS chicagosales folder rights and save to an XML file. This is necessary to restore the ACL, if suddenly something goes wrong (import an XML file).

image

After this is done, run the Set-Acl command for chicagosales using $ acl copied from a good folder.

image

Let's check if the procedure was successfully implemented: Use the same command that we used earlier to display links to those whose names match “Sales”.

image

Now chicagosales NTFS permissions are the same as for the sales folder. Thus, you have an easy way to manage permissions, allowing you to quickly solve access control problems.

8. Getting information about server uptime (uptime)

It may be interesting for your management to regularly receive information about the server’s uptime. We use for this WMI class Win32_OperatingSystem. It will display the work time. Local and remote command launch is possible. The property that interests us is LastBootUpTime . But since it is displayed in WMI format, we will need to convert to a more acceptable format.
Let's start with an example of running locally under Windows 7.
First, save the results of GetWmiObject to the $ wmi variable.

image

There are several properties in $ wmi that we will work with, namely CSName (computer name) and LastBootUpTime .

image

LastBootUpTime is displayed in WMI format, so it needs to be converted. Save the converted value to the $ boot variable.

image

We use the ConverToDateTime method, which is included in all WMI objects that you get when you run GetWmiObject . The parameter you pass to this method is the LastBootUpTime property of the WMI object $ wmi .
By requesting information about $ boot , you will receive the following, which is much clearer than the previous LastBootUpTime variant:

image

To determine the running time of the machine, read the $ boot from the current date / time, which can be obtained using Get-Date .

image

The result is displayed as a TimeSpan object. Convert it to a string for a more visual representation using ToString ().

image

We see that the car was started 2 days 5 hours 46 minutes, etc.
And now all that we have considered, we write in the form of a function called get-boot . First, look at it completely.

image

The function has a parameter that takes the name of the computer and makes it the name of the local computer by default.

image

Then we use a fragment of the Process script, where the property “computer name” is passed to the function. “$ _” Indicates that the computer name is set as a variable. Otherwise, the computer name will be interpreted as a parameter.

image

The GetWmiObject expression included in the Process script fragment specifies the name of the remote computer.

image

There will also be several hash tables. We will change the CSName property to Computername so that we can get a more visual display. The LastBoot property is the LastBootUpTime value that was converted using the ConvertToDateTime () method . And there is the Uptime property, which is a TimeSpan object that shows how long the machine has been running.

image

If we run the script locally (for example, we do not need to specify the computer name), the default function takes the name of the local computer. Here's what happens on the output:

image

As in the case with task 2 of the previous post (“Reboot or shutdown of the server”), you can save server names into a text file, process those that are ping and pass their names to the get-boot function.

image

9. Getting information about the service pack



Getting information about the service pack is important for several reasons. First, you can be in the process of installing the update and it is important for you to find computers with a certain SP. Secondly, you can inventory or audit your computers, so you will need information about SP.
For this, we will again use WMI and the Win32_Operating System class. Pay attention to some properties: the ServicePackMajorVersion is an integer (1, 2 or 0); ServicePackMinorVersion and CSDVersion , which displays information in a string, for example, “Service Pack 1”.
When working, we are primarily interested in the properties CSName (computer name), Caption (OS), CSDversion and ServicePackMajorVersion .
A typical expression looks like this:

image

As we see this machine under Windows 7 does not use any SP, so ServicePackMajorVersion is 0, and CSDVersion is empty.
Create a function Get-SP . As a parameter, we take the computer name, which is the same as the local computer name by default.

image

And again we use the Process script block. So if the computer name is passed, the $ computername variable will be set as the transfer object. The main part of the function is an expression of the class Get-Wmiobject / Win32_operatingsystem .
As before, create a couple of hash tables. CSName translate to ComputerName . Instead of the Caption property we use the Operating System . And instead of CSDVersion - SPName . Finally, instead of ServicePackMajorVersion , we simply use Version .

image

Here is an example of a function running locally:

image

Now you can take computers from a text file, ping them and transfer their names to the get-sp function created. Result:

image

You can see that CHI-DC02 does not have Service Pack 1, which was recently released for Server 2008 R2. And this gives reason to think about updating the Service Pack on this computer.

Upd:
The post is a translation of an article from the portal petri.co.il
Top 10 Server 2008 Tasks done with PowerShell - Part 2

Source: https://habr.com/ru/post/165503/

More articles:


All Articles