Script for Windows storage audit

I’ve created PowerShell script to collect all important information about windows physical disks, partitions and volumes (logical disks) and its connections. To use it you should have administrator right on target computer, otherwise only simple information about logical disks will be collected. This limitation is due to MSFT_PartitionToVolume WMI class, which is accessible only by local administrators.
Audit script

Windows storage hierarchy explained

Quick cheat sheet:
1) Physical disk, represented by Win32_DiskDrive and MSFT_Disk WMI classes. This is hardware presented to your computer. It is HDD, SSD, FC LUN or iSCSI LUN.
2) Partition, represented by Win32_DiskPartition and MSFT_Partition WMI classes. Partitions are walls that transforming your physical space into rooms, which later can be used to store your data. Physical disk can have 0 or more partitions.
3) Volume, represented by Win32_Volume and MSFT_Volume WMI classes. Volumes are named spaces, from abstract rooms you get living room, kitchen and bedrooms. You format room to make it “named room”. Or in other words, you format partition to some file system, i.e. NTFS, FAT or ReFS. Volumes can store data and provide access to it. One partition can have 0 or 1 volume. When partition has 0 volume, in most cases this means that there is no data accessible by user.
4) Logical Disks, represented by Win32_LogicalDisk. Logical disks are like doors to your named rooms. Without doors you can access your named rooms through windows (mount points) and ventilation (“start \\?\Volume{GUID}\” command), and of course it is not always convenient. So giving your volumes disk letter makes it Logical Disks. One volume equal to 0 or 1 logical disks.

Limit group policy only to client OS

Sometimes you want to apply your policy to every client PC in many OUs. To do such you can use WMI filter. This is especially useful in messy AD structures, where is no dedicated OU for client computer objects.

Namespace: root\CIMv2
Query: select * from Win32_OperatingSystem where ProductType="1"

I use here following WMI Class and property:
https://msdn.microsoft.com/en-us/library/aa394239(v=vs.85).aspx#properties

ProductType
Data type: uint32
Access type: Read-only
Additional system information.
Work Station (1)
Domain Controller (2)
Server (3)

TMG 2010 and “RPC Server unavailable”

Recently I have encountered strange TMG behavior. I have permitted all RPC connections to Domain Controllers with system rule and disabled RPC Filter plus switched off “Enable strict RPC compliance” option. But my WMI requests and any other RPC traffic from TMG servers to internal resources was still blocked. The error was “RPC Server Unavailable”. Some programs gave me error code 1722. The problem was in understanding of traffic direction for access rules containing “Local host”. To tell you the truth I still do not understand why it works such way. Even after I’ve read http://tmgblog.richardhicks.com/2011/12/05/forefront-tmg-2010-protocol-direction-explained/. So the short answer to fix this problem – you need to create new rule allowing RPC traffic with SOURCE=Internal and DESTINATION=Local host. Also after creation you need to disable RPC filtering for created rule.