http://technet.microsoft.com/en-us/library/hh831746.aspx
http://technet.microsoft.com/en-us/library/cc770989%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc732431.aspx
http://technet.microsoft.com/en-us/library/jj900651.aspx
FSRM allows you to:
Quota Management-
Create quotes for a volume or folder tree, including notifications for thresholds
File Screening Management-
Create file filters to control what can be saved, including notifications for those trying to save blocked files
Storage Reports Management-
Generate or schedule storage reports for disk usage
Classification Management-
File classification - based on certain properties, apply policies such as restricting access, encrypting, expiration.
File Management Tasks-
Extra note: File classification is covered more in 70-412.
Extra note: In Windows Server 2012, the File Server Resource Manager command-line
tools (dirquota.exe, filescrn.exe, and storrept.exe) are deprecated. They're still available but are meant to be replaced by the FSRM powershell cmdlets.
2.2.1 Install the FSRM role
Add Roles and Features in Server Manager, File Server Resource Manager(FS-Resource-Manager) found under File and ISCSI Services(File Services) and File and Storage Services(FileAndStorage-Services). Including the management tools will also install RSAT-FSRM-Mgmt with fsrm.msc and the PS module FileServerResourceManager
install-windowsfeature fs-resource-manager -includemanagementtools
FSRM server options:
right click the "File Resource Manager item" and select Configure Options:
Email notifications
set the SMTP server name/ip
specify default admin recipients
set the default "from" address
send a test e-mail
send-fsrmtestemail
Notification limits
set e-mail notification limits, event log notification limits, command notification limits, report notification limits
Storage reports
configure default canned report properties
Report locations
set folder locations for Incident, Scheduled, and Interactive(On-Demand) reports
File screen audit
Automatic classification
Access-Denied Assistance
Setup messages/e-mails for access-denied assistance when users are denied access to folders/files
get-fsrmadrsetting
set-fsrmadrsetting
Powershell for all of the above configuration settings:
get-fsrmsetting
set-fsrmsetting
2.2.2 configure quotas
Hard quota: stops users from saving anything that would go beyond the quota threshold
Soft Quota: used for notifications and monitoring. Will not stop files from being saved over the threshold.
Create a quota
Create a quota by clicking the Quotas tab under Quota Management, and right clicking the task area and "Create Quota".
Choose a folder in a path to create a quota on
Select "Create quota on path" will create a total quota on all existing and future subfolders and their nested subs. So if you put a 100 MB on a parent folder, you can only store 100 total MB in all folders below it.
You can choose to use a quota template, or create a custom quota.
If you create a custom quota, you are given the option of copying properties from an existing template, adding a description, setting your limit, choosing hard or soft quota, creating notification thresholds, and enable/disable quota after adding it. Click OK.
Once you hit Create, if you chose "custom quota", you are prompted with the option to save it as a template, unless the "Do not ask me to save as a template" option has been checked before.
Powershell:
Create a new basic 100MB quota:
new-fsrmquota -path "c:\quotaparent1" -size 100MB
Use a template:
new-fsrmquota -path "c:\quotaparent1" -template "100 MB Limit"
You can specify -disabled to create it disabled,-softlimit for soft quota, -description, and -threshold to add threshold notifcations(see below)
Create an auto apply quota
The next option only allows you to use a template. You cannot create a custom quota.
Selecting "Auto apply template and create quotas on existing and new subfolders" creates individual quotas for each subfolder that resides in the parent folder, but those quotas also include the total from the nested subs of each subfolder(as if you created an individual "Create quota on path" on each subfolder.) However, the parent folder is not affected; only it's subs and their nested subs.
Note that if you delete the auto-apply quota from the parent folder, the auto-applied quotas on the current subs will still exist.
Also note that you can place a quota on any nested subfolder whose parent(s) already have a quota applied. But it must be more restrictive than the parent, allowing you to place a quota deeper into the directory structure while maintaining the quotas of the parents. You cannot place a less restrictive quota, as the parent's quota is still enforced on all folders below it.
If you right click an applied quota you can edit it's settings. Even if you used a template to create the quota, you can customize the settings further. However, it will still be displayed under the Source templates expanded display.
Powershell:
new-fsrmautoquota -path "c:\quotaparent2" -template "100 MB Limit"
Since you can only choose template for auto quotas, the only other option to note here is -disabled
Quota Template
Creating a quota template is similar to the custom quota process outlined above.
Powershell:
Also similar to creating a quota
new-fsrmquotatemplate -name "Tiny" -size 10MB
-description, -softlimit, -threshold
get-fsrmquotatemplate -name "Tiny"
Display quotas:
You can view quota usage %'s in the Quotas menu, and filter by templates applied, applied quotas, auto apply quotas, as well as specific quota paths.
You can also use the Quota Usage storage report to view quotas that exceed a percentage.
Powershell
get-fsrmquota
get-fsrmquota -path "c:\quotaparent1"
get-fsrmautoquota
With an auto quota, you can still use get-fsrmquota to see all the auto-set quotas below the parent.
You can remove a quota with
remove-fsrmquota -path "c:\quotaparent1"
remove-fsrmautoquota -path "c:\quotaparent2"
Configuring notifications:
While creating or editing an applied quota, or creating/editing a template, you have the option to configure notifications
Adding or editing a notification gives you the following options:
The % of the threshold that triggers this notification
E-mail message:Send an e-mail to a specific address, and/or to the user who exceeded the threshold.
Event Log: Log this notification in the event log.
Command: Run a specific command or script
Report: Generate a report(See 2.2.4)
Powershell:
First you must create an Action object using new-fsrmaction. Then you create a threshold object using new-fsrmquotathreshold. Note that actions and thresholds are not saved independently, so you must use them other ways, such as storing in variables or creating inline when applying to quotas or quota templates. Example of inline:
set-fsrmquota -path "c:\quotaparent1" -threshold (new-fsrmquotathreshold -percentage 85 -action (new-fsrmaction -type emaill -mailto:"admin@contoso.com" -subject "Threshold" -body "Too much stuff"))
Other Quota cmdlets:
set-fsrmautoquota
set-fsrmquotatemplate
update-fsrmquota
update-fsrmautoquota
(update is used to scan a path in order to resync usage reports for the path)
reset-fsrmquota
(update a quota with a template)
2.2.3 configure file screens
Using File Screening Management node in FSRM mmc:
File Groups:
Right click, create file group. Give the group a name then add file extensions or file name patterns that can be included or excluded for this group
Powershell:
new-fsrmfilegroup -name "Various" -includepattern @("*.mp3","*.exe","*.vbs")
Other parameters: -description, -excludepattern
get-fsrmfilegroup -name "Various"
set-fsrmfilegroup -name "Various" -includepattern @("*.exe","*.vbs")
remove-fsrmfilegroup -name "Various"
File Screens:
Right click, create File screen. Enter a path for the screen. Choose a template, or custom file screen properties. Defining custom properties allows the following options:
Settings tab:
Copy settings from a template
Choose:
Active Screening: Do not allow users to save unauthorized files
Passive Screening: Allow users to save. This is for monitoring those unauthorized files.
Select the file groups to block
E-mail message:
Choose "Send e-mail to administrators" and/or "Send e-mail to user"
Event Log
Create a log entry for the event log.
Command
Run a command or script
Report
Generate reports
Powershell:
new-fsrmfilescreen -path "c:\home" -includegroup "Various" -active
new-fsrmfilescreen -path "c:\screenme" -template "Block Image Files"
-description to add a description
-notification adds a notification created using new-fsrmaction
set-fsrmfilescreen -path "c:\home" -includegroup @("Various","E-mail files")
get-fsrmfilescreen
remove-fsrmfilescreen
File screen exceptions
An exception can be applied to a subfolder whose parent has a file screen applied and it needs to be overridden for this sub.
Powershell:
new-fsrmfilescreenexception
get-fsrmfilescreenexception
set-fsrmfilescreenexception
remove-fsrmfilescreenexception
File screening templates
Creating file screen templates is similar to creating a custom property file screen as listed above
new-fsrmfilescreentemplate -name "Various files" -includegroup "Various" -active
get-fsrmfilescreentemplate
set-fsrmfilescreentemplate
remove-fsrmfilescreentemplate
Other File screen cmdlets:
reset-fsrmfilescreen - reset a file screen to the default settings of a specified template
2.2.4 configure reports
To create, and schedule a report, right click the Storage Reports area and select "Schedule a new report task". This task will be saved for reuse
To create a report and run it now, right click and select Generate Reports now. This task will not be saved.
Settings tab:
If you are scheduling a task, you must give it a name. If you're just generating one, the name will be chosen for you as "Interactive Report Task" with the date/time.
Choose reports to include, and choose their parameters
Available canned reports:
Duplicate files - finds files with same size and modified date
File Screening Audit - Use to monitor screening policies. You can configure min number of days in past events occured, as well as pick specific users
File by File Group: List files that match file groups, in order to find those that take up lots of space.
File by Owner: Pick all owners or selected owners. You can include a file matching pattern as well
Files by Property: Used by classification to find files by property value
Folders by property: Used by classification
Large files: You can set the min file size, as well as a file name pattern to match.
Least recently accessed files: Choose min days since last accessed, as well as a file name pattern
Most recently accessed files: Choose max days since last accessed, as well as a file name pattern
Quota usage: Set minimum % quota usage. This checks all quotas.
Select the format(s) you want to save the report as: DHTML, HTML, XML, CSV, Text
Scope tab:
Select the file data groups to include(these are not the same as the File Screen file groups. If you don't select any of them, the report(s) will default to all files):
Application Files
Backup and Archival Files
Group Files
User Files
Choose the volume(s)/folders to check. Note that the reports will recursively check all subfolders below the one you choose.
Delivery tab:
Allows you to enter e-mail addresses to send the report to.
Schedule tab(only available if you chose Schedule a new report taks):
Choose a time, and the days to run the report on. You can choose to limit the max time the report will be able to run(in hours).
If you chose "Generate reports now", once you click OK you are given the option to Generate reports in the background to view later, or to generate now and view after they finish.
Reports are saved in the location set in the FSRM server options. Default is "c:\storagereports"
new-fsrmstoragereport -name "large" -interactive -namespace @("c:\home","c:\storage") -reporttype "LargeFiles" -largefileminimum 50MB -reportformat @("csv","text")
scheduledreport:
Use new-fsrmscheduledtask to create a schedule object.
new-fsrmstoragereport -name "Large Files" -namespace
@("c:\home","c:\storage") -reporttype "LargeFiles" -largefileminimum
50MB -reportformat @("csv","text") -schedule (new-fsrmscheduled task -time (get-date "1:30am") -weekly "Monday)
get-fsrmstoragereport
unless you specify -name, in addition to schedule reports, this will show currently queued/running interactive and incident reports. The interactive and schedule properties tell you which it is.
set-fsrmstoragereport -name "Large Files" -namespace "c:\home"
remove-fsrmstoragereport -name "Large Files"
other commands:
start-fsrmstoragereport, stop-fsrmstoragereport, wait-fsrmstoragereport
Extra note: one more option available in Storage Reports: Add or Remove Reports for a report task just allows you to see all the report tasks and quickly configure the reports they use, instead of editing each report task individually.
2.2.5 (R2) Configure file management tasks
Right-click "File Management Tasks" under FSRM menu and select "Create File Management Task"
General tab: name the task. Check or uncheck Enable
Scope: Choose type of data to include and the folders to include.
Action: Choose a type of task.. If custom, you will need to provide a path to an executable and command line arguments, as well as working directory. Choose the account to run the task as.
Notification: Add an FSRM notification.
Report: Add an FSRM report to generate
Condition: Include conditions for the task
Schedule: Schedule when the task will run.
This task will be added to Task scheduler under Task Scheduler Library->Microsoft->Windows->File Server Resource Manager
No comments:
Post a Comment