Monday, February 2, 2015

SCCM 2012 Hard Drive with Bad Blocks Baseline


This PowerShell script will detect systems where the main hard drive is developing bad blocks.
Or as I call it, the "Click of Death".

Continuing with my previous posts on SCCM 2012 baselines items...
http://gmnetadmin.blogspot.ca/2015/01/using-sccm-2012-compliance-settings-to.html

Same steps as Option 2 in the above mentioned post but using the discovery script below...
Changes...
  1. You can add more If statements or expand it use ElseIf to record bad blocks from other hard drives.
  2. Or change the text in the If statement to just '*bad block*' to count all bad blocks event entries.


#Version 1.00 Feb 2, 2015
#SCCM Baseline for Bad Block on C Drive
$AllEvents = 0

#Default Event Logs
$Provider = "Disk"
$HourChange = 24 
$TimeNow = [DateTime]::Now
$TimeChange = [DateTime]::Now.AddHours(-$HourChange)

#Check Event Log for errors
$EventLogNames = "System"

ForEach ($log in $EventLogNames){
    $entry = " " 
    #Search Event Logs
    
    $LogEntry = Get-WinEvent -LogName $log | Where-Object {$_.timeCreated -ge $TimeChange -and $_.ProviderName -eq $Provider}
        ForEach ($entry in $LogEntry){
            $EvLevel = "Level: `t" + $entry.LevelDisplayName + $nl
            $EvEventID = "EventID: `t" + $entry.ID + $nl
            $EvMessage = "Message: `t" + $entry.Message
            $EvSource = "Source: `t" + $entry.ProviderName + $nl
            $EvTime = "Time Created: `t" + $entry.TimeCreated + $nl
            #write-host $EvLevel + $EvEventID + $EvMessage + $EvSource +$EvTime + $nl

           If ($EvMessage -like '*The device, \Device\Harddisk0\DR0, has a bad block*'){
                $AllEvents += 1
            }
                        
        }

}
write-host $AllEvents


More SCCM related posts