- From Alerts to Action: How AI Empowers SOC Analysts to Make Better Decisions
- Herencia, propósito y creatividad confluyen sobre un manto tecnológico en los irrepetibles UMusic Hotels
- OpenAI, SoftBank, Oracle lead $500B Project Stargate to ramp up AI infra in the US
- 오픈AI, 700조원 규모 'AI 데이터센터' 프로젝트 착수··· 소프트뱅크·오라클 참여
- From Election Day to Inauguration: How Cybersecurity Safeguards Democracy | McAfee Blog
How to inventory server storage with PowerShell
Making inventories of computer storage, particularly on severs, is complex due to the number of factors involved. There might be multiple physical media devices each of which contains multiple logical volumes. Volumes could span multiple disks with hardware or software-based RAID configurations. Each volume could be configured with its own drive letter, and folders throughout the file system could be shared on the network.
Those inventories are important because gathering data on physical storage media can identify what type of storage is available and what physical storage capacity servers have. PowerShell can help with those inventories, particularly the Get-PhysicalDisk cmdlet, which uses Windows Management Instrumentation (WMI) under the covers. Get-PhysicalDisk uses WMI to query the MSFT_PhysicalDisk class, with the WMI class providing numeric values for things like MediaType and BusType, while Get-PhysicalDisk returns descriptive text values.
Like most PowerShell cmdlets, Get-PhysicalDisk displays only a very small subset of the information it returns by default. To coax out all the information, Get-PhysicalDisk | Select-Object * will provide the full story. It gathers many, many properties, but here we’ll focus on just a handful that most people will find useful.
Manufacturer, FriendlyName, and SerialNumber are all pretty self-explanatory. MediaType and BusType are both super useful as they will let you know whether you’re dealing with platter-based hard-disk drives or SSDs, as well as what type of connection those drives are using such as SCSI, SATA, or NVMe. The Size property is another obvious win, but be aware it’s returned in bytes, so it makes sense to convert it to GigaBytes to make it more human-friendly (either $_.Size/1024/1024/1024 or $_.Size/1GB as shown in the image).
Obviously, the health of your storage is a huge deal as failure can lead to downtime or even data loss if not anticipated and dealt with, which is why the SMART system exists to help predict disk failure. SMART stands for Self-Monitoring, Analysis and Reporting Technology, and there are a lot of factors and telemetry that go into SMART scores. To streamline the return, Get-PhysicalDisk simply returns an overall health value. (How to retrieve more granular SMART details is discussed later.)
Logical storage volumes make up the logical storage space available to servers and are roughly the Windows equivalent of partitions with the main technical difference being that volumes can be made to span multiple disks. There is some overlap between physical and logical storage, in particular storage capacity and available space.
The Get-Volume cmdlet lists Windows volumes including the drive letter, file system used (FAT32, exFAT, NTFS, etc.), volume label, and capacity details. The cmdlet can easily be leveraged to list volumes with legacy file systems (Get-Volume | Where-Object FileSystem -notin ‘NTFS’,’exFAT’), volumes with no drive letter (Get-Volume | Where-Object DriveLetter -eq $null), or volumes with the remaining space under a particular capacity threshold (Get-Volume | Where-Object {$_.SizeRemaining/$_.Size -lt .25}).
File shares (or network shares) are a common aspect of servers and can indicate a server is functioning as a file server or potentially hosting one or more business applications. It’s a good practice to check for file shares every so often. First, file shares tend to be critical to your business, either because of the systems and applications they support or the files the contain are vital to your users. Second, lost corporate knowledge and turnover in general–in terms of personnel and business requirements–can lead to file shares being abandoned in place. In both cases keeping track of them is important, either to better manage availability or to properly decommission shares that are no longer required.
The aptly named Get-FileShare cmdlet can retrieve file shares, but it has some limitations that are a bit annoying, specifically when trying to identify the local path that corresponds to a share. It’s better to use the Get-SmbShare cmdlet, which includes key functional information like the Name and Path properties, as well as capacity details like ConcurrentUserLimit and CurrentUsers. It can also show the availability of Volume Shadow Copy Service (VSS), the set of interfaces for creating bulk, point-in-time backup of data. Get-SmbShare also provides the Special property that indicates whether a share is a built-in Windows share.
Each of these details has value for admins and can be listed in the PowerShell console using Get-SmbShare | Format-Table ConcurrentUserLimit, CurrentUsers, Name, Path, Description, ShadowCopy, Special. To focus on a specific share, pass the -Name parameter, as in Get-FileShare -Name ‘BusinessFiles’.
A key component of business file shares is the share permissions. PowerShell can help dig into share permissions using the Get-SmbShareAccess cmdlet. Get-SmbShareAccess does require naming one or more shares to be evaluated (Get-SmbShareAccess -Name ‘Data’,’Software’) but to get a full list of permissions for all shares use Get-SmbShareAccess -Name (Get-SmbShare | Select-Object -ExpandProperty Name). This one-liner first lists the available shares by name (code within parenthesis is executed first) and then passes the list to the parameter of the Get-SmbShareAccess cmdlet.
Getting back to SMART telemetry, it can be used to provide telemetry data in detail, and the Get-StorageReliabilityCounter cmdlet is the tool to produce it.
We mentioned earlier that SMART telemetry can retrieve an overall health score for a physical disk, but what if you want to dig into this telemetry in detail and form your own opinions based on those metrics? Fortunately, PowerShell offers tooling to acquire these disk metrics in the form of the Get-StorageReliabilityCounter cmdlet.
SMART metrics apply to physical disks, and requires specifying which disk to analyze or it will fetch the information about all the disks. The easiest way to do this is using Get-Disk | Get-StorageReliabilityCounter which starts with the Get-Disk cmdlet and pipes it to Get-StorageReliabilityCounter. To specify a specific disk, use any of a variety of parameters (Disk ID, friendly name, serial number, etc.). Also, the SMART telemetry for a particular logical volume can be had by chaining together several cmdlets: Get-Volume -DriveLetter C | Get-Partition | Get-Disk | Get-StorageReliabilityCounter. This is a lot of hoops to jump through, which has to do with what sort of values each cmdlet accepts as an input parameter. The disk-health information this retrieves includes read and write errors, latency, temperature, and even the number of hours the disk has been powered on.
Copyright © 2022 IDG Communications, Inc.