Make sure KB2863058 is installed in the domain’s servers with PowerShell

August 26, 2013

Hello everyone!

Last week, Microsoft has released an update that changes the operating system’s time zone change in certain countries.

In the past, the time zone here in Israel would change in around the month of September. our ministry of the interior decided that it would change the time zone in October 27th, which forced Microsoft to release a new update – the last update was released in December 2012, and that update referred to the time zone shift in September, which isn’t relevant.

I was assigned by the head of IT to write a script that checks if the update is installed on our Windows servers, and log the data in 2 files – the first,  on which server it is installed, and on the second, on which servers it is not installed.

Of course, I could have done it with a killer one liner, but I wrote a script, although quick and dirty, I thought folks could find it helpful, so feel free change it and adjust.

### Make sure AcitveDirectory PowerShell module is installed and available, otherwise,
###use Get-Content with a text file that contains server names.
Import-Module activedirectory
New-Item -Path c:\KB2863058.txt -Type file -Force
New-Item -Path c:\KB2863058_FAILED.txt -Type file -Force
$servers = Get-ADComputer -Filter 'operatingsystem -like "*server*"' | 
select -ExpandProperty name
foreach ($server in $servers) {
if (Test-Connection $server -Quiet -Count 1) {
   try {
    Get-HotFix -Id KB2863058 -ComputerName $server -ErrorAction Stop
    Add-Content -Path C:\KB2863058.txt -Value "$(Get-Date)`t $server`t $($update.InstalledOn)"
   }
   catch {
    "$(Get-Date)`t $server`t`t NO UPDATE" | Out-File c:\KB2863058_FAILED.txt -Append
   }
}
else {
   "$(Get-Date)`t NO CONNECTION`t`t NO CONNECTION" | Out-File c:\KB2863058_FAILED.txt -Append 
}

}

The script creates 2 files. first is C:\KB2863058.txt, which contains all server names where the update was applied. the second, C:\KB2863058_FAILED.txt, contains all server names that wasn’t reached, or whether the update wasn’t applied.
I could use PowerShell Remoting to query the servers in parallel, but WINRM is not enabled in most of them, and writing a workflow is a bit of an overkill for this kind of a task (on my opinion).

Keep on smiling 🙂

Advertisements

Set User’s Home Folder That Is Managed With FSRM – PowerShell

October 24, 2012

Managing Home Folders with FSRM

Important! The following article only applies to FSRM Roles that are installed on Windows Server 2003/2008/R2, as 2012 FSRM has it’s own PowerShell module!

In our organization, we got users asking us to increase their Home Folder’s capacity on a daily basis. We manage these home folders on our file servers using the File Server Resource Manager (FSRM) server role.

Everytime you want to set a quota limit that is managed wtih FSRM, you have to do it with the FSRM MMC, and its biggest downside, is that even when you only need to set just one quota limit, you need to wait for all the other data to load, and that can take well more than 8 or so seconds on most occasions – enough time to set quotas for multiple users through a script.

Where I work, we got at least 1000 quotas on each file server, scattered around 8 file server across the country. loading all that data over WAN can sometimes be annoying.

Now when it comes to setting those quotas with powershell, one possibility is to load the Fsrm.FsrmQuotaManager COM Object into the shell and use it to set Quotas. But this COM object doesn’t exists in Windows 7, only on the server itself (Server 2003 / 2008 ) and I don’t want to access the relevant file server with Remote Desktop every time I need set a quota limit… and my security team doesn’t allow me to start PS Sessions to most of our servers..

Using dirquota.exe With PowerShell to Set Home Folders That are Managed with FSRM

Throughout my search for a solution, I found out that Microsoft’s Storage Team supply the dirquota.exe utility, that comes along when you install the FSRM RSAT Tool (in “turn windows features on or off”, select Remote Server Administration Tools > File Services Tools > File Server resource Manager Tools)

I’ve played with it, and like most .exe utilities, it’s not as syntax-friendly and easy to use as a PowerShell Cmdlet. one of the reasons is that you have to type the original path of that folder (D:\Users\James), and that can be a problem, because that path can be different from one file server to another. therefore, it’s easier for me to use a UNC.

So I decided I’ll just write a Cmdlet that will pass its data to the relevent parameters of dirquota.exe.

instead of finding out the true location of the UNC (D:\Users\James. or is it E:\Users\James? errh!) and then use dir quota:

PS C\:> dirquota.exe q m /remote:FileServer /path:D:\Users\James /Limit:1400MB

I will run a PowerShell Cmdlet:

PS C:\> Set-FSRMQuota -User James -Limit 1700

Lets get to Work!

Writing the Script Cmdlet

By understanding how dirquota.exe accpets input, I know 3 things:

  • I need to know the name of the file server that is hosting the home folder.
  • I need to know the home folder’s original path on that server.
  • I’ll need to take this data, and populate dirquota’s appropriate parameters.

Sounds like a classic PowerShell mission…

For the first task, we will use Get-ADUser to store the user information in a variable.

Next, we’ll export the UNC out of the user’s HomeDirectory attribute:

Now I’ll need to extract the Share name and the Server name out of the UNC. I’ll try to minimize the use of string editing. first,

I’ll use Get-Item to extract the shared folder’s name:

PS C:\> $FolderUNC = (Get-Item $UNC).parent | select -ExpandProperty name

and then I’ll just trim the original UNC in two phases:

PS C:\> $ServerUNC ($UNC -Replace “$FolderUNC.*”).Trim(‘\’)

Note that im using “Select -ExpandProperty” (Select is an alias for Select-Object). I do it because I need that object as a type of string, because the original object is the type of ActiveDirectory.Management.ADUser, and it’s value is something that i cant edit, or attach to Get-Item.

Now, We need to find the UNC’s original path on the file server. For this task, I’ll use WMI’s Win32_Share class. I’ll use it on $ServerUNC, because that is the file server that hosts the home folder. I’ll filter the results with Where-Object to try to find a folder that its name matches $FolderUNC:

We’ll extract that path and save it in a variable:


Only thing left, is to populate dirquota’s “/limit:” parameter, which accepts data as a number, followed by a “MB” suffix (for example – “1700MB”). because the final script is accessible like a Cmdlet, it has a variable that accept’s parameter input, with a “param ()” block at the start of the script. We will use this for illustration:

Now we can run direquota.exe and populate its parameters with all the data we collected. this command will live inside the final script:

dirquota.exe q m /remote:$serverUNC /path:$path\$($ad.SamAccountName) /limit:$limit
Quotas modified successfully

Informing us that the “Quotas modified successfully” is very helpful. but i want a final report on the operation I just did! I’ll store all the data that I collected into a custom object that I’ll create using New-Object:

finally, We will put everything we wrote in an Advanced Function construct, so we can use it like we wanted to in the first place – without typing the File Server and the original path, because the file servers and the path’s can be configured and named differently from one server or user to another.

PS C:\> Set-FSRMQuota -User James -Limit 500

This is how the final script looks like.

A link to download from MS TechNet gallery:

Set-FSRMQuota