510 likes | 635 Views
Chapter 10 : Files, Folders, and Shares. BAI617. Chapter Topics. File Service Role Share & NTFS Permissions Quotas. The File Service Role.
E N D
Chapter Topics • File Service Role • Share & NTFS Permissions • Quotas
The File Service Role • One of the core functions of any server is to serve resources such as files and folders. In Windows Server 2008 R2, File Services is one of the key roles you can add. • The File Services role includes: • File Server Resource Manager (FSRM) • Services for Network File System (to support Unix clients) • Windows Search service • BranchCachefor remote offices. • Page 431 in Text
The File Service Role • File Server: This is the primary role service required to support the File Services role. It is automatically added when a folder is shared. • Distributed File System (DFS) DFS includes both DFS Replication and DFS Namespaces and is covered in more depth in Chapter 11
The File Service Role • File Server Resource Manager (FSRM): The FSRM provides a rich set of additional tools that can be used to manage the storage of data on the server including configuring quotas, defining file screening policies, and generating storage reports.
The File Service Role • Services for Network File System (NFS):This service enables you to grant access to files from Unix / Linux client computers. • Windows Search Service: Uses indexing to perform quicker file searches. It’s intended for small file server scenarios and can impact performance on large enterprise file servers.
The File Service Role • BranchCache for Network Files BranchCache can be used in a multiple-site environment to allow computers in branch offices to cache commonly downloaded files • See page 433 for the step by step guide to installing the File Service Role
Creating Shares (The 2008 Way) • Start Administrative Tools Server Manager. • Browse to the Roles File Services Share and Storage Management node, right-click Share and Storage Management, and select Provision Share.
Creating Shares (The 2008 Way) • On the Shared Folder Location page, click Browse. Browse to a folder you want to share. Click Next. Insert CAP
Creating Shares (The 2008 Way) • The NTFS Permissions page gives you an opportunity to change the NTFS permissions if desired.
Creating Shares (The 2008 Way) • On the Share Protocols page, you identify the protocols used to access the share and can also give the share a different share name. SMB is the primary protocol used by Windows clients to connect. If you added NFS support for Unix clients, you could select NFS here.
Managing NTFS Permissions • NTFS permissions apply to any file or folder on a disk that has been formatted with NTFS.
Managing NTFS Permissions • Read: • When a user is assigned Read permission, the user is allowed to view the contents, permissions, and attributes associated with a file or folder. • Read and Execute: • The Read and Execute permission is used to grant permission for a user to execute files. Any executable files (such as .exe, .bat, and .com) are files that can be executed or launched. If a user has only Read permission, and not Read and Execute, the files can’t be executed. • List Folder Contents: • The List Folder Contents permission allows a user to view the contents of a folder. It will allow a user to see that files exist in a folder, but will not apply Read permissions to those files.
Managing NTFS Permissions • Write: • If a user is assigned Write permission to a file or folder, the user can modify the file or folder. This includes adding new files or folders to a folder or making changes to existing files or folders. However, it does not include deleting files from a folder. • Modify • Modify includes all of the permissions from Read, Read & Execute, and Change, and adds the ability to delete files and folders. • Full Control • Full Control is a combination of all the available permissions. It adds the ability to change permissions and take ownership of files or folders.
Share Permissions • Share permissions only apply to shares when they are accessed over the network.
Share Permissions • Read • Users granted Read permission can read files and folders within the share. • Change • Users granted Change permission can read, execute, modify, and delete files and folders within the share. • Full Control • Users granted Full Control permission have all the permissions from Change, and can also modify permissions on the share.
Cumulative Permissions • Objects can have multiple permissions assigned • Policies Folder Share Level Authenticated Users Change NTFS level Authenticated Users Read Administrators FC HR Clerks Change Contract Staff Deny: Read What Access? HR Clerks Contract Staff Authenticated Users
Deny vs. Implicit Deny • Deny always take precedence over any other permissions assigned to a user or group • Implicit Deny: If permissions aren’t explicitly granted, they are implicitly denied. (they are not invited to the party)
Connecting to Shares • you connect to a share using the universal naming convention (UNC) of \\ServerName\ShareName. • In our examples - \\FS1\Home
Mapping a Network Drive • Why? • Users can connect every time they log in • Users do not need to the UNC for connecting • Mapped drives can be used in automated (batch) processes
Mapping a Network Drive • Command line approach to mapping a Network Drive • “net use driveletter\\servername\sharename • Net use H: \\FS1\Home • Net use H: \\10.10.10.1\Home
Common Shares • In Windows Server, several common shares have already been created for you. Most of these shares are hidden. If you know of these shares, you can connect to any of them using the UNC path.
Common Shares • C$, D$, and so on: • All drives, including CD-ROM drives, are given a hidden share to the root of the drive. This share is what is called an administrative share. • Only the Administrators and Backup Operators groups can connect to administrative shares, and you can’t stop sharing these administrative shares without modifying the registry or by stopping the Server service (which stops all sharing).
Common Shares • ADMIN$ • The ADMIN$ share is another administrative share and it maps to the location of the operating system. If you installed the operating system at D:\Windows, the ADMIN$ share would map to D:\Windows.
Common Shares • PRINT$ • Whenever you create a shared printer, the system places the drivers in this share. This allows the drivers to be easily downloaded when clients connect to the shared printer. • NETLOGON • The NETLOGON share is used in conjunction with processing logon requests from users. Once users successfully log in, they are given any profile and script information that they are required to run.
Common Shares • SYSVOL • The SYSVOL share is used to house Group Policy information and scripts that are accessed by clients on the network. You will always see SYSVOL shares on domain controllers, but they can be replicated to member servers.
File Server Resource Manager • You may need to install
File Server Resource Manager • Quotas: • Allow you to monitor and limit the space users can consume on a volume or folder • Ability to set warning limits, set enforcement limits, provide notification of reached limits via email or event log entries, and even execute commands in response to any limit. • Quotas can be set for any share on a server or any specific path.
Review • File Service Role • Share & NTFS Permissions • Quotas