Registers a computer as a managed host with your Data Governance Edition deployment and configures its settings.
A managed host is any network objects that can host resources and can be assigned an agent to monitor security and collect resource activity. Currently supported hosts include:
- Local Windows computer
- Windows Cluster/Remote Windows computer
- Generic resource (that is, a Server Message Block (SMB) share running on any Active Directory joined computer)
- Distributed File System (DFS) root
- SharePoint farm
- EMC storage device with CIFS file system protocol enabled
- NetApp 7-Mode filer with CIFS file system protocol enabled
- NetApp Cluster-Mode filer with CIFS file system protocol enabled
- EMC Isilon storage device with NFS system protocol enabled
- NetApp 7-Mode filer with NFS file system protocol enabled
- NetApp Cluster-Mode filer with NFS file system protocol enabled
Note: This PowerShell cmdlet does not support adding Cloud managed hosts.
Once you have added a managed host, you can begin to manage the data contained within it.
Syntax:
Add-QManagedHostByAccountName [-HostAccountName] <String[]> [[-Keyword] [<String>]] [[-ResourceActivityEnabled] [<SwitchParameter]] [[-Granularity [<Int32>]] [[-ExcludedTrusteesImportFile [<String>]] [[-ExcludedFileTypesImportFile] [<String>]] [[-ExcludedFoldersImportFile] [<String>]] [[-AgentHostName] [<String>]] [[-SelectedDataRoots] [<String>]] [[-ScheduleType] [<QAM.Common.Interfaces.ScheduleConfiguration+ScanScheduleType>]] [[-RunOnDays] [<String>]] [[-ScheduledTime] [<String>]] [[-ScanInterval] [<Int32>]] [[-ServiceAccountId] [<String>]] [[EnableRemoteFileSystemChangeWatching] [<SwitchParameter>]] [[-PerformImmediateScanOnWatchError] [<SwitchParameter.]] [[-OverrideScanScheduleOnStartup] [<Boolean>]] [[-HostType] [<QAM.Common.Interfaces.ManagedHostInfo+HostTypes>]] [-DataRootType [<String>]] [[-IsManagedResourceHost] [<Boolean>]] [[-IgnoreFiles] [<SwitchParameter>]] [<CommonParameters>]
| Parameter | Description |
|---|---|
| HostAccountName |
Specify the managed host account name. |
| Keyword |
(Optional) Specify a keyword that can be used to group managed hosts in the Managed host view of the Manager. |
| ResourceActivityEnabled |
(Optional) Specify this parameter to enable resource activity collection. Resource activity collection is disabled by default. You can, enable it for locally managed Windows servers, SharePoint farms, and supported NetApp and EMC remotely managed hosts. It is used to collect data on identities, reads, writes, creates, deletes, renames and security changes on securable objects. This information is required for several report types, including the Resource Activity report. |
| Granularity |
(Optional) Specify how often (in minutes) you would like to synchronize and aggregate the data. That is, this is the amount of time the agent is to record new activity before sending results to the Data Governance server. The value entered will be changed to a valid aggregation interval, as follows:
NOTE: Identical activity generated during this time will be recorded as one activity. |
| ExcludedTrusteesImportFile |
(Optional) Specify the path to a file containing a list of accounts to be excluded from the index scans. This parameter only applies to managed hosts with resource activity enabled. |
| ExcludedFileTypesImportFile |
(Optional) Specify the path to a file containing a list of file types to be excluded from the index scans. This parameter only applies to managed hosts with resource activity enabled. |
| ExcludedFoldersImportFile |
(Optional) Specify the path to a file containing a list of the folders on the computer (paths) to be excluded from the index scans. This parameter only applies to managed hosts with resource activity enabled. |
| AgentHostName | For remote managed hosts, provide the name of the computer where the scanning agent will reside. |
| SelectedDataRoots |
Specify one or more NTFS directories (or a point in your SharePoint farm hierarchy) to be scanned by the agent. By default, everything under a selected data roots (paths) is scanned. For remote managed hosts and SharePoint hosts, define the paths to be scanned. For local managed hosts, the agent performs a full scan of the computer by default; however, you can optionally specify the paths to be scanned by the agent. Once configured, only those managed paths are scanned. |
| ScheduleType |
Specifies the time and frequency with which the agent scans the target computer. Valid values are:
This parameter is required for remotely scanned managed hosts. |
| RunOnDays |
If the ScheduleType is set to "DaysOfWeek", specify the days you would like the agent to scan the managed host. The syntax is DayOne for Sunday, DayTwo for Monday, etc. For example, to set a scan schedule for Monday, Wednesday and Friday, you would specify ScheduledDays DayTwo,DayFour,DaySix. For remote managed hosts, optionally specify this parameter to define the days of the week to be included in the scan schedule. If this parameter is not specified, all days of the week are included by default. |
| ScheduledTime |
If the ScheduleType is set to "DaysOfWeek", specify the time of day when the scan is scheduled to start. The syntax is, hh:mm:ss. For example, to start a scan at 4 a.m., specify -ScheduledTime 4:00:00; for 6 p.m., specify -ScheduledTime 18:00:00. For remote managed hosts, optionally specify this parameter to define the time of day when the scan is scheduled to start. If this parameter is not specified, the default start time is 2:00:00 AM. |
| ScanInterval |
If the ScheduleType is set to "Interval", specify the interval (in hours) at which the agent will scan the managed host. For example, to scan every 4 hours, specify -ScanInterval 4. If this parameter is not specified, the default is 24 hours (or 1 day). |
| ServiceAccountId |
If deploying a remotely managed host, you must supply the GUID of the service account that the agent will use to access the remote managed hosts files. Run the Get-QServiceAccounts cmdlet to get a list of service accounts registered with Data Governance Edition and their IDs. |
| EnableRemoteFileSystemChangeWatching |
(Optional) Specify this parameter if you want to collect activity for real-time security updates for the scanned managed host. NOTE: Real-time security updates in the context of Data Governance Edition refers to the monitoring of changes to the file system caused by create, delete, and rename operations, as well as DACL, SACL and Owner changed, in order to maintain the security index. These real-time security updates are not monitored by default. |
| OverrideScanScheduleOnStartup |
(Optional) Set this flag when you want the agent to do a full scan immediately when the agent is added, or perform a rescan when the agent service is restarted. Valid values are:
For example, to override the scan schedule when an agent is started or restarted: -OverrideScanScheduleOnStartup 1 |
| HostType |
(Optional) Specify the type of computer the agent will be monitoring. Valid values include:
If this parameter is not specified, WindowsServer is the default host type. |
| DataRootType |
(Optional) Specify the type of data root. Valid values include:
If this parameter is not specified, defaults to Folder. |
| IsManagedResourceHost |
(Optional) Specify this parameter if you want this managed host to be used to host managed resources (for example, file shares created through the IT Shop self-service request functionality).
|
| IgnoreFiles |
(Optional) Specify if you want the scanner to include files that have explicit permissions set. If this switch parameter is not present, the managed host scanner will ignore files. This flag is purely for scanning optimization. |
Examples:
| Example | Description |
|---|---|
|
Add-QManagedHostByAccountName -HostAccountName QAMAUTODC -Keyword QAMAUTO3 -SelectedDataRoot "\\qamautodc\C$\autoroot |
Adds a local managed host to the computer "QAMAUTODC", with a keyword of QAMAUTO3. The data root is set to \\qamautocd\C$\autoroot, which means that the agent will only scan this folder and its subfolders on the managed host. |
|
Add-QManagedHostByAccountName -HostAccountNames QAMAUTODC -Keyword QAMAUTO -SelectedDataRoot "\\qamautodc\C$\autoroot" -AgentHostName QAMAUTOMEM1 -ServiceAccountId b0a0e218-55c1-41d7-9585-bf7578ad1130 -ScheduleType Interval -ScanInterval 1 -EnableRemoteFileSystemChangeWatching OverrideScanScheduleOnStartup |
Deploys a remotely scanned managed host, with the agent being hosted on "QAMAUTODC", with a keyword of QAMAUTO. The dataroot is set as "\\qamautodc\C$\autoroot", For remote managed hosts, you must also include a service account ID, because these are the credentials that the type is set as Interval and the scan interval is set as 1. Remote file resource activity collection is enabled as is override scan schedule on startup. IncludeFiles switch is not included, so the default applies; the scanner will ignore files. |
|
Add-QManagedHostByAccountName -HostAccountName QAMAUTODC -Keyword QAMAUTO3 -SelectedDataRoot "\\qamautodc\C$\autoroot" -IsManagedResourceHost $true |
Adds a local managed host that supports the creation of managed resources. |
|
Add-QManagedHostByAccountName SharePoint_ConfigVmset6 vmset6 -AgentHostName QAM-SP2010-DJ -ServiceAccountId 0ca68d5f-f392-453c-9c50-1784332fe3c7 -ResourceActivityEnabled -Granularity 480 -ScheduleType Interval -ScanInterval 1 -OverrideScanScheduleOnStartup -HostType "SharePointFarm" -SelectedDataRoots "SharePoint_ConfigVmset6/SharePoint - 80/My Wiki/My Wiki/Documents|sp://titan/0ee296d6-dea5-4f4d -950f-27c06458cad1/57947f70-c2b0-4d76-a8b3-ac54fa5bb4ab/15c4fc23-b986-4937-890c-d387125d3114/My%20Wiki/Documents" |
Adds a SharePoint managed host with one managed path with resource activity enabled. |