Among many other admin improvements in Windows 8.1 and Windows Server 2012 R2 is PowerShell version 4.0. Last month we took a look at the new Test-NetConnection (TNC) cmdlet for network diagnostics, and now we’ll take a look at several SMB-related changes in the PowerShell cmdlets, some of which are due to the new SMB 3.02 functionality.
Applying the SMB share ACL to the file system ACL
Sometimes you may want to apply / copy the ACL of a share to the ACL of the file system folder used by the share. Previously you needed to do something like the following:
(Get-SmbShare -Name Share1 ).PresetPathACL | Set-Acl
But now a new PowerShell cmdlet is provided to apply / copy the share ACL to the file system ACL, streamlining the syntax:
Set-SmbPathAcl -ShareName Share1
Setting bandwidth limits for SMB shares
You can now set bandwidth limits for SMB shares via PowerShell cmdlets based upon these categories:
VirtualMachine: Can be applied on Hyper-V hosts to limit Hyper-V over SMB traffic.
LiveMigration: Can be applied on Hyper-V hosts to limit Hyper-V Live Migration over SMB traffic.
Default: Can be applied on any SMB host to limit all other types of SMB traffic.
Here’s the command to enable the SMB Bandwidth Limits feature:
Add-WindowsFeature FS-SMBBW
And then you can use the following PowerShell cmdlets to manage the SMB Bandwidth Limits:
Get-SmbBandwidthLimit [ -Category {Default/VirtualMachine/LiveMigration} ]
Set-SmbBandwidthLimit -Category {Default/VirtualMachine/LiveMigration} -BytesPerSecond x
Remove-SmbBandwidthLimit -Category {Default/ VirtualMachine/LiveMigration}
When inputting the BytesPerSecond parameter you specify the unit type; for instance, KB, MB or GB, after the number. Remember, you can’t set a bandwidth limit smaller than 1MB (1048576 bytes).
Disabling SMB v1 to increase security
To help increase security you can now disable support of SMB 1 if you aren’t utilizing sharing on any legacy OSs like Windows 2000, XP or Server 2003/R2. Simply enter the following command to disable it:
Remove-WindowsFeature FS-SMB1
And if needed, you can re-enable SMB 1 support via the following command:
Add-WindowsFeature FS-SMB1
Viewing per-share redirection details
Per-share redirection is now supported when clients connect to Scale-Out clusters that are utilizing a storage system that lacks Direct I/O support from all nodes, when running Windows Server 2012 R2. And now that this support is added you’ll see details about per-share redirection in the following PowerShell cmdlets:
Get-SmbConnection: A new Redirected boolean property indicates if per-share redirection is being used.
Get-SmbWitnessClient: A new ShareName property, since witness can track connections per share in addition to per server.
Get-SmbWitnessClient: A new Flags property will show “Share” when doing per-share redirection.
Minor cmdlet changes for SMB Witness
The only major change of SMB Witness is the per-share redirection, as the previous section discussed. But there there are some minor improvements to the associated PowerShell cmdlets. For instance, Move-SmbClient
is a new cmdlet alias that can be used instead of Move-SmbWitnessClient
. Plus, there’s a new NetworkName parameter you can specify if you’d like to only move those with a particular NetworkName. You used to have to enter the following:
Move-SmbWitnessClient -ClientName X -DestinationNode Y
But now you can enter the following streamlined syntax:
Move-SmbClient -ClientName X -DestinationNode Y [ -NetworkName Z
Additionally, the Get-SmbWitnessClient cmdlet now shows an improved default view/list.
Eric Geier is a freelance tech writer — keep up with his writings on Facebook. He’s also the founder of NoWiresSecurity, a cloud-based Wi-Fi security service, and On Spot Techs, an on-site computer services company.