|
| 1 | +# Evaluate specific Policies against a Server List |
| 2 | +# Uses the Invoke-PolicyEvaluation Cmdlet |
| 3 | + |
| 4 | +param([string]$ConfigurationGroup=$(Throw ` |
| 5 | +"Paramater missing: -ConfigurationGroup ConfigGroup"),` |
| 6 | +[string]$PolicyCategoryFilter=$(Throw "Parameter missing: ` |
| 7 | +-PolicyCategoryFilter Category"), ` |
| 8 | +[string]$EvalMode=$(Throw "Parameter missing: -EvalMode EvalMode")) |
| 9 | + |
| 10 | +# Parameter -ConfigurationGroup specifies the |
| 11 | +# Central Management Server group to evaluate |
| 12 | +# Parameter -PolicyCategoryFilter specifies the |
| 13 | +# category of policies to evaluate |
| 14 | +# Parameter -EvalMode accepts "Check" to report policy |
| 15 | +# results, "Configure" to reconfigure any violations |
| 16 | + |
| 17 | +# Declare variables to define the central warehouse |
| 18 | +# in which to write the output, store the policies |
| 19 | +$CentralManagementServer = "WIN2008" |
| 20 | +$HistoryDatabase = "MDW" |
| 21 | +# Define the location to write the results of the |
| 22 | +# policy evaluation. Delete any files in the directory. |
| 23 | +$ResultDir = "e:\Results\" |
| 24 | +$ResultDirDel = $ResultDir + "*.xml" |
| 25 | +Remove-Item -Path $ResultDirDel |
| 26 | +# End of variables |
| 27 | + |
| 28 | +#Function to insert policy evaluation results |
| 29 | +#into SQL Server - table policy.PolicyHistory |
| 30 | +function PolicyHistoryInsert($sqlServerVariable, $sqlDatabaseVariable, $EvaluatedServer, $EvaluatedPolicy, $EvaluationResults) |
| 31 | +{ |
| 32 | + &{ |
| 33 | + $sqlQueryText = "INSERT INTO policy.PolicyHistory (EvaluatedServer, EvaluatedPolicy, EvaluationResults) VALUES(N'$EvaluatedServer', N'$EvaluatedPolicy', N'$EvaluationResults')" |
| 34 | + Invoke-Sqlcmd -ServerInstance $sqlServerVariable -Database $sqlDatabaseVariable -Query $sqlQueryText -ErrorAction Stop |
| 35 | + } |
| 36 | + trap |
| 37 | + { |
| 38 | + $ExceptionText = $_.Exception.Message -replace "'", "" |
| 39 | + } |
| 40 | +} |
| 41 | + |
| 42 | +#Function to insert policy evaluation errors |
| 43 | +#into SQL Server - table policy.EvaluationErrorHistory |
| 44 | +function PolicyErrorInsert($sqlServerVariable, $sqlDatabaseVariable, $EvaluatedServer, $EvaluatedPolicy, $EvaluationResultsEscape) |
| 45 | +{ |
| 46 | + &{ |
| 47 | + $sqlQueryText = "INSERT INTO policy.EvaluationErrorHistory (EvaluatedServer, EvaluatedPolicy, EvaluationResults) VALUES(N'$EvaluatedServer', N'$EvaluatedPolicy', N'$EvaluationResultsEscape')" |
| 48 | + Invoke-Sqlcmd -ServerInstance $sqlServerVariable -Database $sqlDatabaseVariable -Query $sqlQueryText -ErrorAction Stop |
| 49 | + } |
| 50 | + trap |
| 51 | + { |
| 52 | + $ExceptionText = $_.Exception.Message -replace "'", "" |
| 53 | + } |
| 54 | +} |
| 55 | + |
| 56 | +# Connection to the policy store |
| 57 | +$conn = new-object Microsoft.SQlServer.Management.Sdk.Sfc.SqlStoreConnection("server=$CentralManagementServer;Trusted_Connection=true"); |
| 58 | +$PolicyStore = new-object Microsoft.SqlServer.Management.DMF.PolicyStore($conn); |
| 59 | + |
| 60 | +# Create recordset of servers to evaluate |
| 61 | +$sconn = new-object System.Data.SqlClient.SqlConnection("server=$CentralManagementServer;Trusted_Connection=true"); |
| 62 | +$q = "SELECT DISTINCT server_name FROM $HistoryDatabase.[policy].[pfn_ServerGroupInstances]('$ConfigurationGroup');" |
| 63 | + |
| 64 | +$sconn.Open() |
| 65 | +$cmd = new-object System.Data.SqlClient.SqlCommand ($q, $sconn); |
| 66 | +$cmd.CommandTimeout = 0; |
| 67 | +$dr = $cmd.ExecuteReader(); |
| 68 | + |
| 69 | +# Loop through the servers and then loop through |
| 70 | +# the policies. For each server and policy, |
| 71 | +# call cmdlet to evaluate policy on server |
| 72 | + |
| 73 | +while ($dr.Read()) { |
| 74 | + $ServerName = $dr.GetValue(0); |
| 75 | + foreach ($Policy in $PolicyStore.Policies) |
| 76 | + { |
| 77 | + if (($Policy.PolicyCategory -eq $PolicyCategoryFilter)-or ($PolicyCategoryFilter -eq "")) |
| 78 | + { |
| 79 | + &{ |
| 80 | + $OutputFile = $ResultDir + ("{0}_{1}.xml" -f (Encode-SqlName $ServerName ), (Encode-SqlName $Policy.Name)); |
| 81 | + Invoke-PolicyEvaluation -Policy $Policy -TargetServerName $ServerName -AdHocPolicyEvaluationMode $EvalMode -OutputXML > $OutputFile; |
| 82 | + $PolicyResult = Get-Content $OutputFile -encoding UTF8; |
| 83 | + $PolicyResult = $PolicyResult -replace "'", "" |
| 84 | + PolicyHistoryInsert $CentralManagementServer $HistoryDatabase $ServerName $Policy.Name $PolicyResult; |
| 85 | + } |
| 86 | + trap [Exception] |
| 87 | + { |
| 88 | + $ExceptionText = $_.Exception.Message -replace "'", "" |
| 89 | + $ExceptionMessage = $_.Exception.GetType().FullName + ", " + $ExceptionText |
| 90 | + PolicyErrorInsert $CentralManagementServer $HistoryDatabase $ServerName $Policy.Name $ExceptionMessage; |
| 91 | + continue; |
| 92 | + } |
| 93 | + } |
| 94 | + } |
| 95 | + } |
| 96 | + |
| 97 | +$dr.Close() |
| 98 | +$sconn.Close() |
| 99 | + |
| 100 | +#Shred the XML results to PolicyHistoryDetails |
| 101 | +Invoke-Sqlcmd -ServerInstance $CentralManagementServer -Database $HistoryDatabase -Query "exec policy.epm_LoadPolicyHistoryDetail" -ErrorAction Stop |
0 commit comments