Share Access Reports

There are two reports currently, one a HTML file type, the other a PDF:

HTML - STORAGEREPORT

  • What: This is a report that details the members of the share, and highlights certain files based on size and age.
  • Why: This report will help in making decisions about cleaning the share of unneeded data or members.
  • When: The report runs every Sunday night at 8PM and therefore will be available Monday mornings.
  • Who: This report is accessible to anyone who has access to the share. All that is needed is to double click the file and it will open in a web browser.

The Report

  • Summary: This section details the name of the share, the path to the share when put in File Explorer, the total size of the share and which server it is on.
  • Access Control List: This is a list of all members who have access to the share, along with their permissions. "Change" means they can both Read and Write to files on the share. "Read" means they can only view the files, but cannot edit them.
  • Files by Oldest Write Time: These are the fifteen oldest files based on write time. This means that even though the files have not had any saved edits since the recorded time they could have been opened and viewed since. They are ordered from oldest to newest from top to bottom.
  • Files by Largest Size: These are the fifteen largest files. They are ordered from largest to smallest, top to bottom. Their size is listed in Gigabytes (GB).

The File

This file can be opened by anyone who has access to the share. It will be located at the top level folder with the name "ShareName"StorageReport.HTML where "ShareName" is the name of the share the report is detailing.

This file can be deleted by anyone. However, if the file is deleted the report will not run on that share. A ticket will need to be sent to [email protected] detailing the share name and the request.

svc_shareReport

On all reports' Access Control Lists there will be an account listed as "svc_shareReport". This is the account on which the report runs. It needs to be a member of the share in order for it to create the report. The account permissions have been configured so that it cannot edit the files in each share except the report file.

Script Information:

Scheduled task running from both bitlocker and fileserver01.

Task Name: shareReportsUserData

RunAs: ADMNET\svc_shareReport

Triggers: Weekly at 12:50PM every Tuesday

Actions: powershell.exe -command ". E:\Automation\shareReport.ps1; new-ADShareAccessReport"


Detailed Storage Reports

Overview:

Generates a Detailed Storage Report and places it in the root of each share in PDF format.

Script:

Scheduled Task runs from MGMT01 (TreeSize is installed on MGMT01 and is a requirement for the script to function)

Task Name: Generate-DetailedStorageReports

RunAs: ADMNET\svc_shareReport

Triggers: First day of every month

Actions: powershell.exe -File "C:\tss\StorageReports\DetailedStorageReportGenerator.ps1"

Add svc_shareReport to Share Membership:

Currently this is a manual task, but in order for a share to have a detailed storage report generated svc_shareReport needs to be a member of the read write group for a share.

$ShareList = Get-ADGroup -Filter {name -like "share_*"}

foreach ($Share in $ShareList) {

Add-ADGroupmember $Share.Name -members svc_shareReport

}