« Previous 1 2 3 4 Next »
11 Tricks for Windows servers
Knowledge
7. Accessing BPA with PowerShell
The Best Practices Analyzer (BPA) lets Windows Server 2019 check its own health and the installed server roles to look for incorrect configurations. The fastest way to start the BPA is to launch it from PowerShell:
Get-BPAModel | Invoke-BpaModel
If you want to start a scan process for a certain role only, first discover the ID of the corresponding model; then, start the test(s):
Invoke-BPAmodel -modelId Microsoft/Windows/DNServer,Microsoft/Windows/FileServices
You always need to specify the ID as a complete path, which you discover with Get-BPAModel
. Hyper-V, for example, has the ID Microsoft/Windows/Hyper-V
. You can also use a single command to discover the BPA model and start the scan process immediately:
Get-BPAmodel <ID> | Invoke-BPAmodel
If you do not specify an ID, all roles are scanned. To read the roles and search for the "Error"
string, enter:
Get-BpaResult -ModelId Microsoft/Windows/DirectoryServices | Where-Object Severity -eq "Error" | Format-List Title
To display all results from specific server roles (BPA models), use:
Get-BPAResult Microsoft/Windows/DNS Server,Microsoft/Windows/FileServices
You can export the BPA results (e.g., to an HTML file) from PowerShell:
Get-BPAResult <model ID> | convertTo-Html | Set-Content <path>
By way of example, write the information of the file services to an HTML file:
Get-BPAResult Microsoft/Windows/FileServices | convertTo-Html | Set-ContentC:\BPAResults\FileServices.htm
Finally, the command:
Get-BPAResult Microsoft/Windows/FileServices | Export-CSVC:\BPAResults\FileServices.txt
exports the results to a comma-separated values file.
8. Changing the Data Medium Format
You can only convert an MBR disk to a GPT disk and vice versa if the disk is empty. To do this, right-click on the disk in the Windows Disk Manager and select the corresponding command. You can also perform the conversion at the command line. Start a command prompt and type:
diskpart list disk select disk <disk no. to convert>
Now use:
clean convert gpt
The reverse approach uses:
convert mbr
In the Disk Manager (diskmgmt.msc
), you can discover the partition style by right-clicking a volume and choosing Properties
. In PowerShell, you can display the partition style with
Get-Disk | select FriendlyName, PartitionStyle
To set the partition style to GPT, use the command:
Initialize-Disk <Number> -PartitionStyle GPT
Another example is
Get-Disk 1 | Clear-Disk -RemoveData New-Partition -DiskNumber 1 -UseMaximumSize -IsActive -DriveLetter Z | Format-Volume -FileSystem NTFS -NewFileSystemLabel Data
to create and format a disk.
9. BitLocker Without a TPM Chip
Hard disk encryption with BitLocker usually relies on a Trusted Platform Module (TPM) chip built into the computer. However, it can also be used if no TPM chip is installed. The associated settings are managed with group policies. In the navigation pane, go to Computer Configuration | Administrative Templates | Windows Components | BitLocker Drive Encryption | Operating System Drives . In the right pane, double-click on the Require additional authentication at startup policy and check the Enabled option in the dialog box (Figure 4).
Make sure the Allow BitLocker without a compatible TPM checkbox is selected and click OK . The policy is then assigned the value Enabled in the Status column. After these tasks are complete, you can enable BitLocker.
« Previous 1 2 3 4 Next »
Buy this article as PDF
(incl. VAT)