You can run Best Practices Analyzer (BPA) scans either from Server Manager, by using the BPA GUI, or by using cmdlets in Windows PowerShell. BPA cmdlets in Windows PowerShell let you scan one or multiple roles at one time, whereas the BPA GUI allows for scanning a single role at a time. You can also instruct BPA to exclude or ignore scan results that you do not have to view.

In this topic

Performing Best Practices Analyzer scans on roles

You can perform BPA scans on roles by using either the BPA GUI in Server Manager, or by using Windows PowerShell cmdlets.

Scanning roles by using the BPA GUI

Follow these steps to scan a single role in the BPA GUI.

To scan a role by using the BPA GUI
  1. Open Server Manager. To open Server Manager, click Start, point to Administrative Tools, and then click Server Manager.

  2. In the tree pane, open Roles, and then select the role for which you want to open BPA.

  3. In the details pane, open the Summary section, and then open the Best Practices Analyzer area.

  4. Click Scan this Role to start a scan.

Scanning roles by using Windows PowerShell cmdlets

Use the following procedures to scan one or more roles by using Windows PowerShell cmdlets. You must be logged on to the computer as a member of the Administrators group to complete this procedure.

Note

The procedures in this section do not show all BPA cmdlets and parameters. For more information about BPA operations in Windows PowerShell, in your Windows PowerShell session, enter Get-Help BPACmdlet -full, where BPACmdlet can be one of the following values.

  • Get-BPAModel

  • Get-BPAResult

  • Invoke-BPAModel

  • Set-BPAResult

To scan a single role by using Windows PowerShell cmdlets
  1. Open a Windows PowerShell session with elevated user rights. To do this, click Start, click All Programs, click Accessories, click Windows PowerShell, right-click the Windows PowerShell shortcut, and then click Run as administrator.

  2. Import the Server Manager module into your Windows PowerShell session. To import the Server Manager module, type the following, and then press ENTER.

    Import-Module ServerManager

  3. Import the BPA module. Type the following, and then press Enter.

    Import-Module BestPractices

  4. Find the model IDs of all role(s) for which BPA scans can be performed by entering the Get-WindowsFeature cmdlet with the qualifier BestPracticesModelId not equal to “null,” as shown in the following example.

    Get-WindowsFeature | Where {$_.BestPracticesModelId -ne $null}

  5. In the results of step 4, locate the model ID of the role for which you want to perform a BPA scan.

  6. Enter the following command to start the BPA scan for that role.

    Invoke-BPAModel -BestPracticesModelId ModelID_from_Step4

    If a BPA scan can be run on a specified role, you can also start a scan by piping the results of the Get-WindowsFeature cmdlet into the Invoke-BPAModel cmdlet as shown in the following example.

    Get-WindowsFeature Model_Name | Invoke-BPAModel

To scan all roles by using Windows PowerShell cmdlets
  1. Open a Windows PowerShell session with elevated user rights. To do this, click Start, click All Programs, click Accessories, click Windows PowerShell, right-click the Windows PowerShell shortcut, and then click Run as administrator.

  2. Import the Server Manager module into your Windows PowerShell session. To import the Server Manager module, type the following, and then press ENTER.

    Import-Module ServerManager

  3. Import the BPA module. Type the following, and then press Enter.

    Import-Module BestPractices

  4. Pipe all roles for which BPA scans can be performed into the Invoke-BPAModel cmdlet to start scans.

    Get-WindowsFeature | Where {$_.BestPracticesModelId -ne $null} | Invoke-BPAModel

Scanning roles that are running on remote computers

Procedures in this section describe how to perform BPA scans on roles installed on remote computers that are running Windows Server® 2008 R2.

Important

You must be a member of the Administrators group on any remote computers on which you want to perform BPA scans.

To scan a remote role by using the Server Manager GUI
  1. Before you can manage a remote computer by using Server Manager, you must prepare the remote computer by following procedures in Remote Management with Server Manager.

  2. Open Server Manager. To open Server Manager, click Start, point to Administrative Tools, and then click Server Manager.

  3. In the Server Manager tree pane, right-click the Server Manager node, and then click Connect to Another Computer.

  4. On the Connect to Another Computer dialog box, select Another computer, and then browse for or enter the name or IP address of another server that is running Windows Server 2008 R2. Click OK.

  5. In the Server Manager tree pane for the remote computer, open Roles.

  6. Select the role home page for the role on which you want to perform a BPA scan.

  7. In the details pane, open the Summary section, and then expand the Best Practices Analyzer area.

  8. In the Best Practices Analyzer area, click Scan this Role.

  9. When the scan is complete, view scan results by double-clicking a result item on the Noncompliant, Compliant, or All tabs.

To scan a remote role by using Windows PowerShell cmdlets
  1. Before you can manage a remote computer by using Server Manager, you must prepare the remote computer by following procedures in Remote Management with Server Manager.

  2. Open a Windows PowerShell session with elevated user rights. To do this, click Start, click All Programs, click Accessories, click Windows PowerShell, right-click the Windows PowerShell shortcut, and then click Run as administrator.

  3. Type the following, in which ComputerName is the name of the remote computer that is running Windows Server 2008 R2, and UserName is the name of a user who is a member of the Administrators group on the remote computer, and then press Enter.

    Enter-PSSession <ComputerName> -credential <UserName>

  4. You are prompted to enter your password in a secure dialog box. Type your password, and then press Enter.

  5. Import the Server Manager module into your Windows PowerShell session. To import the Server Manager module, type the following, and then press ENTER.

    Import-Module ServerManager

  6. Import the BPA module. Type the following, and then press Enter.

    Import-Module BestPractices

  7. Start a BPA scan by piping the role’s model into the Invoke-BPAModel cmdlet. Type the following, and then press Enter.

    Get-WindowsFeature [Role Name] | Invoke-BpaModel

  8. Type the following, and then press Enter.

    configure-wsman.ps1

  9. Type the following, and then press Enter.

    New-RunSpace

  10. Type the following, and then press Enter.

    Start-PSSession

  11. Start a BPA scan on a role that is running on the remote computer by piping the role’s model into the cmdlet that starts BPA scans, Invoke-BpaModel. Type the following, and then press Enter.

    Get-WindowsFeature [Role Name] | Invoke-BpaModel

  12. Obtain the results of the BPA scan. Type one of the following, and then press Enter.

    • Get-BpaResult [BestPracticeModelID]

    • Get-WindowsFeature [Role Name] | Get-BpaResult

Excluding scan results

Because you might not have to see some scan results, especially if you run frequent scans, you can exclude scan results that you do not want to see or that are not relevant to your scan. Excluded scan results are moved to the Excluded tab of the BPA GUI. They can be included again at any time.

Excluding scan results by using the BPA GUI

Follow these steps to exclude scan results by using the BPA GUI.

Note

You must run at least one BPA scan on a role before you can use this procedure.

To exclude scan results by using the BPA GUI
  1. Open Server Manager. To open Server Manager, click Start, point to Administrative Tools, and then click Server Manager.

  2. In the tree pane, open Roles, and then select the role for which you want to open BPA.

  3. In the details pane, open the Summary section, and then open the Best Practices Analyzer area.

  4. Select a result from the Noncompliant, Compliant, or All tabs, and then click Exclude.

  5. To exclude multiple results at one time, hold down the Ctrl key when you select results.

Excluding scan results by using Windows PowerShell cmdlets

You can exclude scan results by using the Set-BPAResult cmdlet with the -Exclude parameter. As in the BPA GUI, you can exclude individual result objects, or you can also exclude a set of results whose fields (category, title, and severity, for example) are equal to or contain specified values. For example, you can exclude all Performance results from a set of scan results for a role.

Note

You must run at least one BPA scan on a role before you can use this procedure.

To exclude scan results by using Windows PowerShell cmdlets
  1. Open a Windows PowerShell session with elevated user rights. To do this, click Start, click All Programs, click Accessories, click Windows PowerShell, right-click the Windows PowerShell shortcut, and then click Run as administrator.

  2. Import the Server Manager module into your Windows PowerShell session. To import the Server Manager module, type the following, and then press ENTER.

    Import-Module ServerManager

  3. Import the BPA module. Type the following, and then press Enter.

    Import-Module BestPractices

  4. Exclude specific results from a role scan by entering the following cmdlet.

    Get-BPAResult -BestPracticesModelId Specified Model Id | Where { $_ Field_Name -eq "Value" } | Set-BPAResult -Id Specified Model Id -Exclude $true

    The previous cmdlet retrieves BPA scan result items for the model ID represented by Specified Model Id. The second section of the command filters the results of the Get-BPAResult cmdlet to retrieve only those scan results for which the value for a result field matches the text in quotation marks. The final section of the cmdlet, following the second pipe character, excludes the results filtered by the previous section of the cmdlet.

Including scan results

When you want to view scan results that were excluded, you can include those scan results.

Including scan results by using the BPA GUI

In the BPA GUI, you can include any excluded scan results by selecting one or more results on the Excluded tab, and then clicking Include.

To include scan results by using the BPA GUI
  1. Open Server Manager. To open Server Manager, click Start, point to Administrative Tools, and then click Server Manager.

  2. In the tree pane, open Roles, and then select the role for which you want to open BPA.

  3. In the details pane, open the Summary section, and then open the Best Practices Analyzer area.

  4. Select a result from the Excluded tab, and then click Include.

  5. To include multiple results at one time, hold down the Ctrl key when you are selecting results.

Including scan results by using Windows PowerShell cmdlets

You can include scan results by using the Set-BPAResult cmdlet with the -Exclude parameter. You can include individual result objects as in the BPA GUI, or a set of results the fields of which (category, title, and severity, for example) are either equal to or contain specified values. For example, you can include all previously-excluded Performance results from a set of scan results for a role.

To include scan results by using Windows PowerShell cmdlets
  1. Open a Windows PowerShell session with elevated user rights. To do this, click Start, click All Programs, click Accessories, click Windows PowerShell, right-click the Windows PowerShell shortcut, and then click Run as administrator.

  2. Import the Server Manager module into your Windows PowerShell session. To import the Server Manager module, type the following, and then press Enter.

    Import-Module ServerManager

  3. Import the BPA module. Type the following, and then press Enter.

    Import-Module BestPractices

  4. Include specific results from a role scan by typing the following cmdlet, and then pressing Enter.

    Get-BPAResult -BestPracticesModelId Specified Model Id | Where { $_Field_Name-eq "Value" } | Set-BPAResult -Id Specified Model Id -Exclude $false

    The previous cmdlet retrieves BPA scan result items for the model represented by Specified Model Id. The second part of the cmdlet, after the first pipe character ( | ) filters the results of the Get-BPAResult cmdlet to retrieve only those scan results for which the value of the result field matches the text in quotation marks. The final part of the cmdlet, after the second pipe character, includes results that are filtered by the second part of the cmdlet, by setting the value of the –Exclude parameter to false.

Archiving scan results

You can archive the result of a BPA scan into an HTML-based report.

  1. Open a Windows PowerShell session with elevated user rights. To do this, click Start, click All Programs, click Accessories, click Windows PowerShell, right-click the Windows PowerShell shortcut, and then click Run as administrator.

  2. Import the Server Manager module into your Windows PowerShell session. To import the Server Manager module, type the following, and then press Enter.

    Import-Module ServerManager

  3. Import the BPA module. Type the following, and then press Enter.

    Import-Module BestPractices

  4. Type the following, and then press Enter to archive the results of a scan.

    Get-BPAResult –BestPracticesModelId Specified Model Id | ConvertTo-Html –As List –CssUri $env:windir\system32\WindowsPowerShell\v1.0\Modules\BestPractices\BestPracticesReportFormat.css > <path to HTML report file>

    The previous cmdlet retrieves the results of the most recent BPA scan for the specified model, and saves them in HTML format, applying the standard cascading style sheets that is stored in the path windir\system32\WindowsPowerShell\v1.0\Modules\BestPractices\BestPracticesReportFormat.css. If you want to substitute cascading style sheets, provide the path to the different cascading style sheets.

  5. To view the archived HTML results of the scan, open an Internet browser, then open the scan results that you archived in the previous step.

See Also