Year: 2014

Considerations When an IT Employee Leaves

Recently I’ve helped clients and even off-boarded IT employees from our own team. There are quite a few considerations you must make when someone in IT leaves a company or even just moves to another team within the same company. This article is going to focus heavily on the employee leaving the company; but you will run into some of the same obstacles with them moving to a new area in the company. The “normal” HR off-boarding or cross-boarding doesn’t usually cover the amount of access that these employees have, and the IT staff themselves must make many additional considerations to make things as smooth as possible.

At a high level you have to consider the following:

  • How many accounts do they have?
  • Are these accounts tied to any applications?
  • Which devices use a shared password they know?
  • What access rosters are they on?
  • What knowledge will be lost when they leave?
  • Who is going to take over ownership of their current tasks?

Let’s dive into these questions in more depth and explore some possible solutions to them.

Building a Desired State Configuration (DSC) Lab

Recently I presenting at the Indianapolis PowerShell User Group and talked about Desired State Configuration. The presentation was 100% demonstrations, and I decided it would be a good idea to provide all of the PowerShell commands/instructions I used to build my lab environment for the presentation.

Note: Please note that these instructions were written using multiple Experimental DSC Resources, Microsoft and I myself provide no guarantee that these will work in a production environment. I strongly encourage that you use test environments that do not matter until you feel comfortable with DSC.

Pre-requisites

  • Licensed/Trial Media for Windows Server 2012 R2
  • An installed/updated Sys prepped VM Parent Disk
    • Stored at D:\Templates\Server2012R2.vhdx
  • a Virtual Switch within Hyper-V Configured as a Private, named “Private Network”
  • At least 7GB of free memory
    • You can adjust this all the way down to just 4GB
  • Downloaded copy of the latest DSC Resource Kit – Download Here

Now before we dive into the scripting component of this blog post I want you to know that this is not 100% automated. You will have some manual steps here and there, it is possible to 100% automate – but that will require significantly more effort. Please continue reading for instructions on this demonstration.

PowerShell: Check for user accounts running Windows Services

Recently I worked with a client to validate that if a user account were to be disabled that it wasn’t going to break any of their currently running applications. You can be bitten by an accidental miss-configuration where an end-users account is running a Windows Service or possibly at a lower level in a specific application such as SQL Server jobs. Luckily with the Power of PowerShell, we can conquer the Windows Services! It is also possible to create a SQL Query or even PowerShell scripts to query SQL, but we are not covering that in this article.

Checking Windows Services:

The biggest concern I had was the Windows Services. It is easy enough for a junior admin to install SQL and specify their account as the Service Account, THIS IS BAD! However, with some pure PowerShell, we can perform a visual inspection, or with some minor adjustments, we could look for a service running with a specific user.

Get-CimInstance -ComputerName (Get-ADComputer -Filter 'OperatingSystem -like "Windows Server*"' | Select -ExpandProperty Name) -Query "SELECT Name, StartName FROM Win32_Service WHERE StartName <> 'LocalSystem'" | ? { $_.StartName -notlike 'NT AUTHORITY*' -and $_.StartName -notlike 'NT SERVICE*' } | Select Name, StartName, PSComputerName

In the above example, we are using a parenthetical command along with the Get-CimInstance Cmdlet. The command that executes first is the Get-ADComputer. This command requires the ActiveDirectory module is available on your computer system. It uses the filter parameter to look for any computer that is running Windows Server (any version).

Then it passes those values to the Get-CimInstance, which performs an initial WQL Query, which doesn’t allow and statements. Therefore, we have to pipe it’s returned values to a where statement which continues filtering for us. The end of the command provides the service name, the user account running it, and the computer this service is on.

I was able to run this against the client’s environment, and within a few minutes, we knew it was safe to disable the account.

GriffinMonitor Module v1.5 – Additional Functionality

This evening I’ve decided to add additional functionality to the GriffinMonitor Module. I noticed that I am filling up my storage on my lab server fairly quickly. With that in mind I knew I needed to know once I am about to max it out. I’ve decided to write a fairly simple alert for remaining disk space per volume. Before we dive into how to use the cmdlet and the code itself please reference the previous blog post on Monitoring Storage Pool Health – GriffinMonitor Module.

Using Alert-GMLowDiskSpace:

This cmdlet is very similar to the Alert-GMUnhealthyStoragePool as it has 3 mandatory parameters. There is a 4th parameter that is optional so you can specify the threshold at which it alerts. As I mentioned in the previous blog post at some point I intend to add additional functionality for TLS or SSL secured SMTP servers along with the ability to pass authentication. That functionality is still not there, but it is still on my to-do list.

Example:

Alert-GMLowDiskSpace -SMTPServer smtp.example.com -ToAddress Joe@example.com -FromAddress alert@example.com

-OR-

Alert-GMLowDiskSpace -SMTPServer smtp.example.com -ToAddress Joe@example.com -FromAddress alert@example.com -PctThreshold 15

 The Module Code:

#Requires -Version 3 
#Requires -Module Storage

<#
 # Module Name: GriffinMonitor.psm1
 # Created: 05/22/2014
 # Version: 1.5
 # Author: Matt Griffin (MattBlogsIT.com)
 # Purpose: This Module is a set of custom cmdlet's that are used to alert of potential health concerns in your Windows Environment
 # Legal: This module was built by Matt Griffin for use in his home lab environment. This module comes with no warranty or guarantee. 
 #        This module is provided to be used at your own risk and will not have any support backing it up.
 # History: Matt Griffin 06/18/2014
            Corrected some typo's, added new cmdlet called Alert-GMLowDiskSpace

            Matt Griffin 05/22/2014
 #          Initial creation of Module with first cmdlet Alert-GMUnhealthyStoragePool
 #>

function Alert-GMUnhealthyStoragePool
{
    <#
    .Synopsis
       This cmdlet will check all of your local systems storage pools and send you can alert when one of them enters a state other than healthy.
    .DESCRIPTION
       This cmdlet will check all of your local systems storage pools and send you can alert when one of them enters a state other than healthy. The alert will be sent through email.
    .PARAMETER SMTPServer
       This parameter will be used to specify a standard SMTP Server that doesn't require SSL or TLS.
    .PARAMETER ToAddress
       This parameter will be used to specify the email address to which the alert messages will be sent.
    .PARAMETER FromAddress
       This parameter will be used to specify the email address from which the alert messages will be sent.
    .EXAMPLE
       Alert-GMUnhealthyStoragePool -SMTPServer smtp.example.com -ToAddress Joe@example.com -FromAddress alert@example.com
    #>
    [CmdletBinding()]
    [OutputType([int])]
    Param(
        # SMTPServer This parameter specifies the SMTP Server to utilize when alerting of unhealthy Storage Pool
        [Parameter(Mandatory=$true,Position=0)]
        $SMTPServer,
        
        # ToAddress This is the email address that the alert message will be sent to
        [Parameter(Mandatory=$true,Position=1)]
        $ToAddress,

        # FromAddress This is the email address that the alert message will be sent to
        [Parameter(Mandatory=$true,Position=2)]
        $FromAddress
    )
    #Import Required PowerShell Module
    Import-Module -Name Storage

    $storagePools = Get-StoragePool

    foreach($pool in $storagePools){
        if($pool.HealthStatus -ne "Healthy" -and $pool.IsPrimordial -ne "True"){

            $physicalDisks = $pool | Get-PhysicalDisk | 
            Select FriendlyName, Manufacturer, Model, SerialNumber, OperationalStatus, HealthStatus, Usage, Size | ConvertTo-Html

            #Create hash table to splat for Send-MailMessage
            $mailMessageParams = @{'SmtpServer'=$SMTPServer;
                                   'From'=$FromAddress;
                                   'To'=$ToAddress;
                                   'Subject'="The Storage Pool $($pool.FriendlyName) is currently $($pool.HealthStatus) on $env:computername";
                                   'Body'=($physicalDisks | Out-String);
                                   'BodyAsHtml'=$true}

            Send-MailMessage @mailMessageParams
        }
    }
}

function Alert-GMLowDiskSpace
{
    <#
    .Synopsis
       This cmdlet will check all of your local systems volumes and send you can alert when one of them reaches a specified threshold.
    .DESCRIPTION
       This cmdlet will check all of your local systems volumes and send you can alert when one of them reaches a specified threshold. The default threshold is 10.
    .PARAMETER SMTPServer
       This parameter will be used to specify a standard SMTP Server that doesn't require SSL or TLS.
    .PARAMETER ToAddress
       This parameter will be used to specify the email address to which the alert messages will be sent.
    .PARAMETER FromAddress
       This parameter will be used to specify the email address from which the alert messages will be sent.
    .PARAMETER PctThreshold
       This parameter is the threshold the remaining space must reach before sending an email, by default it is 10.
    .EXAMPLE
       Alert-GMLowDiskSpace -SMTPServer smtp.example.com -ToAddress Joe@example.com -FromAddress alert@example.com
    .EXAMPLE
       Alert-GMLowDiskSpace -SMTPServer smtp.example.com -ToAddress Joe@example.com -FromAddress alert@example.com -PctThreshold 15
    #>
    [CmdletBinding()]
    [OutputType([int])]
    Param(
        # SMTPServer This parameter specifies the SMTP Server to utilize when alerting of unhealthy Storage Pool
        [Parameter(Mandatory=$true,Position=0)]
        $SMTPServer,
        
        # ToAddress This is the email address that the alert message will be sent to
        [Parameter(Mandatory=$true,Position=1)]
        $ToAddress,

        # FromAddress This is the email address that the alert message will be sent to
        [Parameter(Mandatory=$true,Position=2)]
        $FromAddress,

        # PctThreshold is the threshold the remaining space must reach before sending an email
        [Parameter(Mandatory=$false,Position=3)]
        $PctThreshold=10
    )
    #Import Required PowerShell Module
    Import-Module -Name Storage

    $volumes = Get-Volume

    foreach($volume in $volumes){
        if($volume.DriveType -eq "Fixed"){
            #Calculating the amount of space remaining as a percentage
            $pctRemaining = "{0:N2}" -f ($volume.SizeRemaining/$volume.Size*100)

            if($pctRemaining -le $pctThreshold){
                $output = $volume | 
                Select DriveLetter, FileSystemLabel, FileSystem, HealthStatus, @{N="PctRemaining";e={$pctRemaining+"%"}} | 
                ConvertTo-Html

                #Create hash table to splat for Send-MailMessage
                $mailMessageParams = @{'SmtpServer'=$SMTPServer;
                                       'From'=$FromAddress;
                                       'To'=$ToAddress;
                                       'Subject'="The Volume $($volume.DriveLetter): has $pctRemaining% remaining on $env:computername";
                                       'Body'=($output | Out-String);
                                       'BodyAsHtml'=$true}

                Send-MailMessage @mailMessageParams
            }
        }
    }
}

 Update Instructions:

  1. Open C:\Users\<username>\Documents\WindowsPowerShell\Modules\GriffinMonitor with the PowerShell ISE or your favorite text editing document
  2. Replace the code with the above script
  3. Create a Scheduled Job for the new PowerShell cmdlet
    1. #The below PowerShell commands will schedule the cmdlet to run every 30 minutes using the SMTPServer xxx.xxx.xxx.xxx, emailing to joe@example.com and coming from noreply@example.com - Make sure you update the parameter values.
      $trig = New-JobTrigger -Once -At "5/22/2014 0am" -RepetitionInterval (New-TimeSpan -Minute 30) -RepetitionDuration ([TimeSpan]::MaxValue)
      Register-ScheduledJob -Name CheckStoragePoolHealth -ScriptBlock { Alert-GMLowDiskSpace -SMTPServer xxx.xxx.xxx.xxx -ToAddress joe@example.com -FromAddress noreply@example.com} -Trigger $trig

Installation Instructions:

  1. Navigate to C:\Users\<username>\Documents\WindowsPowerShell\Modules\GriffinMonitor
    1. (Note: If the directory doesn’t exists you must create it.)
  2. Save the above code in a file named GriffinMonitor.psm1 under the above directory
  3. Create a Scheduled Job using PowerShell
    1. #The below PowerShell commands will schedule the cmdlet to run every 30 minutes using the SMTPServer xxx.xxx.xxx.xxx, emailing to joe@example.com and coming from noreply@example.com - Make sure you update the parameter values.
      $trig = New-JobTrigger -Once -At "5/22/2014 0am" -RepetitionInterval (New-TimeSpan -Minute 30) -RepetitionDuration ([TimeSpan]::MaxValue)
      Register-ScheduledJob -Name CheckStoragePoolHealth -ScriptBlock { Alert-GMLowDiskSpace -SMTPServer xxx.xxx.xxx.xxx -ToAddress joe@example.com -FromAddress noreply@example.com} -Trigger $trig

Once it is scheduled, keep an active eye on your inbox for when your Storage Pool goes unhealthy!

Miscellaneous Notes:

  • This module was built and tested using PowerShell v4 on Server 2012 R2 running a single Storage Pool.
  • This module “should” work with Server 2012 running PowerShell v3 with one or many Storage Pools
  • This module comes with no guarantee or support, this is a run at your own risk and I take no responsibility for any repercussions that may occur by running this.
    • With that being said I’ll try my best to assist anyone who may have questions if you post in the comments of this thread.

The ever Evolving Career of IT – Reflecting on the last Decade

I’ve been working professionally in IT for 6 years, and I have been working with computers for over 10. I quickly realized that if I continued down this path for my life, I would be in a constant learning curve. This was something that interested me as I always enjoy learning new things and playing with new technologies.

My initial interest was in web development up until I reached college. I took two part time jobs, one doing web development, another doing help desk support. Initially I was very excited to do the development job, I started digging in, expanding my knowledge and trying to advance all of my skills. I quickly realized that I enjoyed the help desk support much more. My favorite part of help desk support was that I was able to help people every day. I would leave a faculty members office and they would be very satisfied that they received assistance. I had no previous customer service experience, but was exhilarated with the interactions I had on a daily basis.

As the years progressed I continued down the IT Pro path, and started moving into server administration prior to graduating college. I had loved the customer service, but I felt there was a greater good I could provide by managing the back end systems. I wouldn’t get as much recognition as I had previously, but I would have many more challenges and still be helping.

I started at Apparatus 1 year prior to graduating college and I have just wrapped up my 3rd year here recently. In those 3 years I have gone from part time employee, to full time entry level management. In the last 6 months I’ve done a lot of reflecting on where I want my career to go. I’ve been saying that I had no idea I would be where I am last year, lets see where this year will take me.

I currently am in an internal battle with myself on if I’d like to pursue my IT career further or if I’d like to jump over to management; while trying to keep my IT skills as fresh as possible. I still have yet to make a decision, and I am considering my options on a daily basis. I do love the management by getting to help co-workers develop their skills and become greater at their job. I like to help them pursue their dreams while working in IT and I love getting hands on dirty with the work.

As of today I am Matt Griffin, Technical Team Lead at Apparatus. Tomorrow… who knows what I will be.