Using Forefront Script Kit with Forefront Protection for Exchange Server (Part 2)

By /

If you would like to be notified of when Anderson Patricio releases the next part in this article series please sign up to our MSExchange.org Real Time Article Update newsletter.

If you would like to read the first part in this article series please go to Using Forefront Script Kit with Forefront Protection for Exchange Server (Part 1).

Forefront Script Kit – Exporting settings…

The Forefront Script Kit is able to export content (Figure 01). The export process generates two files: a txt and .xml file similar to the one that we saw in the first article of this series using Export-FSESettings cmdlet. The syntax to export settings from a single server is shown below:

.\FPSSK.ps1 –Export –ComputerName <Remote-ComputerName> -Path <Location>

Note:
“.” (Period) can be used on –ComputerName switch which will identify the computer as the local computer and also on –Path switch which determines the current location as output for the files to be generated.


Figure 01

The script also has support for specific items of the configuration using the same –Element switch. One thing that is new for the script is the ability to use the previous file generated by the discover process. Let’s say you have several servers and you don’t want to specify all servers on the command line, if the Script Kit has already created a list for you.

Forefront Script Kit – Importing Settings…

The export process generated two files (a txt and an xml) and we can import those settings easily to any computer running Forefront for Exchange/SharePoint in our network. If you are using a computer as baseline and those settings will be applied to other servers, then I would suggest to rename the export files to a simpler name, such as “baseline”.

The following syntax can be used to import settings using both exported files to a remote server:

./FPSSK.ps1 –Import –XMLPath <Path for the XML file generated on the export section> -ComputerName <One or more computers that will receive the configuration>

Since we renamed both files to baseline, our cmdlet will be a little bit easier as follows (Figure 02):


Figure 02

If you want to use the discovered information, you just need to use –DiscoverCSV <path-and-file-name.csv> and all servers will receive the exact same configuration.

Forefront Script Kit – Comparing settings…

We have learned how to discover servers, export and import settings, now it’s time to compare settings to make sure that between the baseline and a specific production server the configuration is the same. The script only is passive and only shows information/changes but doesn’t change anything, the administrator has to analyze and decide if it is better to reapply the settings using Import option like we have tested in the previous section.

This is the syntax that can be used to compare settings between a baseline file and a server:

.\FPSSK.ps1 –XMLPath <Path of the baseline XML file created during the export process> -CSVPath <Also created during the export process> -ComputerName <ServerName> -Log <Location where the log will be generated>

The result of the operation can be seen on Figure 03. The script will have two sections, one for the .CSV and another one for the XML data. In some cases the administrator just checks the last one and the messages can be No differences were detected! However it is related just to the last portion, make sure that you revise the entire content of the file.


Figure 03

We can always take advantage of our CSV file containing all Server information of our Domain using the switch –DiscoverCSV and the output will be a comparison between the baseline against one or more remote servers.

Forefront Script Kit – Reporting capabilities…

There is a –Report switch on the script that allows us to generate reports from one or multiple servers in our environment. The report is generated by default on the console but we can use the option –Log to define the location where the report information will be written. In order to generate a report the following syntax can be used:

.\FPSSK.ps1 –Report –ComputerName <Computer-Names> -Log <Location for the log file>

The example above is depicted in Figure 04. We can also take advantage of our previous discovered file and use the –DiscoverCSV <Location> to use all servers in our domain.


Figure 04

When running against multiple servers an output will be generated for each server analyzed and a summary file will be generated as well.

In the summary report these items will be included: Health issues detected section (containing information about all servers defined in the script), Malware detections, spam messages, incidents and quarantine.

By server a report will be generated which contains the following sections: basic information about the server, health status of the server, Malware detection, spam messages, incidents, quarantine and signature updates, as shown in Figure 05.


Figure 05

Creating a baseline configuration and deploying changes to all other servers…

Now that we covered all actions that the script kit is able to perform we can summarize the article creating a baseline and create a framework for our changes in our environment just using the Script Kit. If you have several servers the idea is to group them by their roles. For example: if you have HUB/CAS running on different boxes you may want to create different baseline for the type of deployment that you want to do.

Using the script we could use the framework shown in Figure 06 to create a process. Basically, we would be getting a server and configuring all recommended settings to our environment on that box; Second, we will be exporting all settings; Third, a discover will be performed to find out all the servers (probably a cleanup on the discovered file may be required if you are using SharePoint and different roles as well); Fourth step would be the import process to guarantee consistency in the environment; Fifth, we could compare settings down the road to make sure that everything is working as you planned; and the last step would be report generation to track changes and health of the servers in general.


Figure 06

Conclusion

If you have more than one server running Forefront Protection for Exchange or SharePoint the script kit shown in this article series can be useful in your environment to maintain consistency of the configuration across the border and also for reporting capabilities.

Keep an eye on the Forefront page at Microsoft and check out for the new release of the Console, the console will include all features provided by the script and more.

If you would like to be notified of when Anderson Patricio releases the next part in this article series please sign up to our MSExchange.org Real Time Article Update newsletter.

If you would like to read the first part in this article series please go to Using Forefront Script Kit with Forefront Protection for Exchange Server (Part 1).

About The Author

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides of the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange, CISSP and several other certifications. Anderson contributes to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at Techgenix.com, MSExchange.org, ITPROCentral.com and Anderson Patricio.org (Portuguese).

Read Next

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top