Running and Filtering Scans in Best Practices Analyzer

Applies To: Windows Server 2008 R2

You can run Best Practices Analyzer (BPA) scans either from Server Manager, by using the BPA GUI, or by using cmdlets in Windows PowerShell. BPA cmdlets in Windows PowerShell let you scan one or multiple roles at one time, whereas the BPA GUI allows for scanning a single role at a time. You can also instruct BPA to exclude or ignore scan results that you do not have to view.

In this topic

  • Performing Best Practices Analyzer scans on roles

  • Scanning roles that are running on remote computers

  • Excluding scan results

  • Including scan results

  • Archiving scan results

Performing Best Practices Analyzer scans on roles

You can perform BPA scans on roles by using either the BPA GUI in Server Manager, or by using Windows PowerShell cmdlets.

  • Scanning roles by using the BPA GUI

  • Scanning roles by using Windows PowerShell cmdlets

Scanning roles by using the BPA GUI

Follow these steps to scan a single role in the BPA GUI.

To scan a role by using the BPA GUI

  1. Open Server Manager. To open Server Manager, click Start, point to Administrative Tools, and then click Server Manager.

  2. In the tree pane, open Roles, and then select the role for which you want to open BPA.

  3. In the details pane, open the Summary section, and then open the Best Practices Analyzer area.

  4. Click Scan This Role to start a scan.

Scanning roles by using Windows PowerShell cmdlets

Use the following procedures to scan one or more roles by using Windows PowerShell cmdlets. You must be logged on to the computer as a member of the Administrators group to complete this procedure.

Note

The procedures in this section do not show all BPA cmdlets and parameters. For more information about BPA operations in Windows PowerShell, in your Windows PowerShell session, enter Get-HelpBPACmdlet-full, where BPACmdlet can be one of the following values.

  • Get-BPAModel

  • Get-BPAResult

  • Invoke-BPAModel

  • Set-BPAResult

To scan a single role by using Windows PowerShell cmdlets

  1. Open a Windows PowerShell session with elevated user rights. To do this, click Start, click All Programs, click Accessories, click Windows PowerShell, right-click the Windows PowerShell shortcut, and then click Run as administrator.

  2. Import the Server Manager module into your Windows PowerShell session. To import the Server Manager module, type the following, and then press ENTER.

    Import-Module ServerManager

  3. Import the BPA module. Type the following, and then press Enter.

    Import-Module BestPractices

  4. Find the model IDs of all role(s) for which BPA scans can be performed by entering the Get-BPAModel cmdlet, as shown in the following example.

    Get-BPAModel

  5. In the results of step 4, locate the model ID of the role for which you want to perform a BPA scan.

  6. Enter either of the following commands to start the BPA scan for that role.

    Invoke-BPAModel -BestPracticesModelIdModelID_from_Step4

    Invoke-BPAModelModelID_from_Step4

Note

The model ID includes the entire path that is shown in the Id column; for example, Microsoft/Windows/Hyper-V.

You can also start a scan on a specific role from the results of step 4 by piping the results of the **Get-BPAModel** cmdlet into the **Invoke-BPAModel** cmdlet as shown in the following example.

**Get-BPAModel***Model\_ID***| Invoke-BPAModel**

To scan all roles by using Windows PowerShell cmdlets

  1. Open a Windows PowerShell session with elevated user rights. To do this, click Start, click All Programs, click Accessories, click Windows PowerShell, right-click the Windows PowerShell shortcut, and then click Run as administrator.

  2. Import the Server Manager module into your Windows PowerShell session. To import the Server Manager module, type the following, and then press ENTER.

    Import-Module ServerManager

  3. Import the BPA module. Type the following, and then press Enter.

    Import-Module BestPractices

  4. Pipe all roles for which BPA scans can be performed into the Invoke-BPAModel cmdlet to start scans.

    Get-BPAModel| Invoke-BPAModel

Scanning roles that are running on remote computers

Procedures in this section describe how to perform BPA scans on roles installed on remote computers that are running Windows Server® 2008 R2.

Important

You must be a member of the Administrators group on any remote computers on which you want to perform BPA scans.

To scan a remote role by using the Server Manager GUI

  1. Before you can manage a remote computer by using Server Manager, you must prepare the remote computer by following procedures in Remote Management with Server Manager.

  2. Open Server Manager. To open Server Manager, click Start, point to Administrative Tools, and then click Server Manager.

  3. In the Server Manager tree pane, right-click the Server Manager node, and then click Connect to Another Computer.

  4. On the Connect to Another Computer dialog box, select Another computer, and then browse for or enter the name or IP address of a server that is running Windows Server 2008 R2. Click OK.

  5. In the Server Manager tree pane for the remote computer, open Roles.

  6. Select the role home page for the role on which you want to perform a BPA scan.

  7. In the details pane, open the Summary section, and then expand the Best Practices Analyzer area.

  8. In the Best Practices Analyzer area, click Scan this Role.

  9. When the scan is complete, view scan results by double-clicking a result item on the Noncompliant, Compliant, or All tabs.

To scan a remote role by using Windows PowerShell cmdlets

  1. Before you can manage a remote computer by using Server Manager, you must prepare the remote computer by following procedures in Remote Management with Server Manager.

  2. Open a Windows PowerShell session with elevated user rights. To do this, click Start, click All Programs, click Accessories, click Windows PowerShell, right-click the Windows PowerShell shortcut, and then click Run as administrator.

  3. Type the following, in which ComputerName is the name of the remote computer that is running Windows Server 2008 R2, and UserName is the name of a user who is a member of the Administrators group on the remote computer, and then press Enter.

    Enter-PSSession <ComputerName> -credential <UserName>

  4. You are prompted to enter your password in a secure dialog box. Type your password, and then press Enter.

  5. Import the Server Manager module into your Windows PowerShell session. To import the Server Manager module, type the following, and then press ENTER.

    Import-Module ServerManager

  6. Import the BPA module. Type the following, and then press Enter.

    Import-Module BestPractices

  7. Start a BPA scan by piping the role’s model ID into the Invoke-BPAModel cmdlet. Type the following, and then press Enter. If you do not know the model ID, run the Get-BPAModel cmdlet to view a list of all BPA models that are available on the remote server.

    Get-BpaModel [Model ID] | Invoke-BpaModel

  8. When the scan is complete, obtain the results of the BPA scan. Type the following, and then press Enter.

    Get-BpaResult [BestPracticesModelID]

  9. When you are finished working in the remote Windows PowerShell session, you can exit the session by using the following cmdlet.

    Exit-PSSession

Excluding scan results

Because you might not have to see some scan results, especially if you run frequent scans, you can exclude scan results that you do not want to see or that are not relevant to your scan. Excluded scan results are moved to the Excluded tab of the BPA GUI. They can be included again at any time.

  • Excluding scan results by using the BPA GUI

  • Excluding scan results by using Windows PowerShell cmdlets

Excluding scan results by using the BPA GUI

Follow these steps to exclude scan results by using the BPA GUI.

Note

You must run at least one BPA scan on a role before you can use this procedure.

To exclude scan results by using the BPA GUI

  1. Open Server Manager. To open Server Manager, click Start, point to Administrative Tools, and then click Server Manager.

  2. In the tree pane, open Roles, and then select the role for which you want to open BPA.

  3. In the details pane, open the Summary section, and then open the Best Practices Analyzer area.

  4. Select a result from the Noncompliant, Compliant, or All tabs, and then click Exclude.

  5. To exclude multiple results at one time, hold down the Ctrl key when you select results.

Excluding scan results by using Windows PowerShell cmdlets

You can exclude scan results by using the Set-BPAResult cmdlet with the -Exclude parameter. As in the BPA GUI, you can exclude individual result objects, or you can also exclude a set of results whose fields (category, title, and severity, for example) are equal to or contain specified values. For example, you can exclude all Performance results from a set of scan results for a role.

Note

You must run at least one BPA scan on a role before you can use this procedure.

To exclude scan results by using Windows PowerShell cmdlets

  1. Open a Windows PowerShell session with elevated user rights. To do this, click Start, click All Programs, click Accessories, click Windows PowerShell, right-click the Windows PowerShell shortcut, and then click Run as administrator.

  2. Import the Server Manager module into your Windows PowerShell session. To import the Server Manager module, type the following, and then press ENTER.

    Import-Module ServerManager

  3. Import the BPA module. Type the following, and then press Enter.

    Import-Module BestPractices

  4. Exclude specific results from a role scan by entering the following cmdlet.

    Get-BPAResult -BestPracticesModelIdSpecified Model Id | Where { $_Field_Name-eq "Value" } | Set-BPAResult -IdSpecified Model Id-Exclude $true

    The previous cmdlet retrieves BPA scan result items for the model ID represented by Specified Model Id. The second section of the command filters the results of the Get-BPAResult cmdlet to retrieve only those scan results for which the value for a result field matches the text in quotation marks. The final section of the cmdlet, following the second pipe character, excludes the results filtered by the previous section of the cmdlet.

Including scan results

When you want to view scan results that were excluded, you can include those scan results.

  • To include scan results by using the BPA GUI

  • To include scan results by using Windows PowerShell cmdlets

Including scan results by using the BPA GUI

In the BPA GUI, you can include any excluded scan results by selecting one or more results on the Excluded tab, and then clicking Include.

To include scan results by using the BPA GUI

  1. Open Server Manager. To open Server Manager, click Start, point to Administrative Tools, and then click Server Manager.

  2. In the tree pane, open Roles, and then select the role for which you want to open BPA.

  3. In the details pane, open the Summary section, and then open the Best Practices Analyzer area.

  4. Select a result from the Excluded tab, and then click Include.

  5. To include multiple results at one time, hold down the Ctrl key when you are selecting results.

Including scan results by using Windows PowerShell cmdlets

You can include scan results by using the Set-BPAResult cmdlet with the -Exclude parameter. You can include individual result objects as in the BPA GUI, or a set of results the fields of which (category, title, and severity, for example) are either equal to or contain specified values. For example, you can include all previously-excluded Performance results from a set of scan results for a role.

To include scan results by using Windows PowerShell cmdlets

  1. Open a Windows PowerShell session with elevated user rights. To do this, click Start, click All Programs, click Accessories, click Windows PowerShell, right-click the Windows PowerShell shortcut, and then click Run as administrator.

  2. Import the Server Manager module into your Windows PowerShell session. To import the Server Manager module, type the following, and then press Enter.

    Import-Module ServerManager

  3. Import the BPA module. Type the following, and then press Enter.

    Import-Module BestPractices

  4. Include specific results from a role scan by typing the following cmdlet, and then pressing Enter.

    Get-BPAResult -BestPracticesModelIdSpecified Model Id**| Where { $_Field_Name-eq "Value" } | Set-BPAResult -IdSpecified Model Id -Exclude $false**

    The previous cmdlet retrieves BPA scan result items for the model represented by Specified Model Id. The second part of the cmdlet, after the first pipe character ( | ) filters the results of the Get-BPAResult cmdlet to retrieve only those scan results for which the value of the result field matches the text in quotation marks. The final part of the cmdlet, after the second pipe character, includes results that are filtered by the second part of the cmdlet, by setting the value of the –Exclude parameter to false.

Archiving scan results

You can archive the result of a BPA scan into an HTML-based report.

  1. Open a Windows PowerShell session with elevated user rights. To do this, click Start, click All Programs, click Accessories, click Windows PowerShell, right-click the Windows PowerShell shortcut, and then click Run as administrator.

  2. Import the Server Manager module into your Windows PowerShell session. To import the Server Manager module, type the following, and then press Enter.

    Import-Module ServerManager

  3. Import the BPA module. Type the following, and then press Enter.

    Import-Module BestPractices

  4. Type the following, and then press Enter to archive the results of a scan.

    Get-BPAResult –BestPracticesModelIdSpecified Model Id**| ConvertTo-Html –As List –CssUri$env:windir\system32\WindowsPowerShell\v1.0\Modules\BestPractices\BestPracticesReportFormat.css>** <path to HTML report file>

    The previous cmdlet retrieves the results of the most recent BPA scan for the specified model, and saves them in HTML format, applying the standard cascading style sheet that is stored in the path windir\system32\WindowsPowerShell\v1.0\Modules\BestPractices\BestPracticesReportFormat.css. If you want to substitute cascading style sheets, provide the path to the different cascading style sheets.

  5. To view the archived HTML results of the scan, open an Internet browser, then open the scan results that you archived in the previous step.

See Also

Concepts

Best Practices Analyzer