450 likes | 549 Views
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management. Objectives. Understand and configure file and folder attributes Understand and configure advanced file and folder attributes Implement and manage disk quotas
E N D
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, EnhancedChapter 7:Advanced File System Management
Objectives • Understand and configure file and folder attributes • Understand and configure advanced file and folder attributes • Implement and manage disk quotas • Understand and implement the Distributed File System Guide to MCSE 70-290, Enhanced
File and Folder Attributes • Used since MS-DOS operating system • Attributes describe files, folders, and their characteristics • Applicable utilities include graphical tools and the ATTRIB command • Four standard file and folder attributes • Read-only • Archive • System • hidden Guide to MCSE 70-290, Enhanced
Read-only • Designates that the contents of a file cannot be changed and file cannot be deleted • Available in all file systems (FAT, FAT32, NTFS partitions and volumes) • FAT, FAT32 attributes can be changed by any user • NTFS attribute can only be changed by a user with appropriate permissions • Can be configured for a file or folder • For folders, attribute pertains to the files it contains, not the folder itself Guide to MCSE 70-290, Enhanced
Read-only (continued) Guide to MCSE 70-290, Enhanced
Archive • Marks which files and folders have been recently changed or created • Recently modified files are marked as ready for archiving • Important for backup • Backup methods update the status of the archive attribute • Viewing the attribute is done using Windows Explorer or command-line utilities (e.g., DIR, ATTRIB) Guide to MCSE 70-290, Enhanced
System • Originally designed to identify O.S. in MS-DOS • In Windows Server 2003 • Used in conjunction with hidden attribute • When system and hidden both true, file or folder is “super hidden” (not displayed in Windows Explorer interface) • Treated as “protected operating system files” with specific alternate display options • Can only be manipulated using ATTRIB command Guide to MCSE 70-290, Enhanced
Hidden • Used to make files and folders less visible to users from Windows Explorer and command-line • Default configuration in Windows Server 2003 displays hidden files as semi-transparent icons unless in conjunction with system attribute • Hidden attribute can be configured from General tab of Properties Guide to MCSE 70-290, Enhanced
Hidden (continued) • Visibility can be configured from View tab of Folder Options from Tools in Windows Explorer • Show hidden file and folders • Hidden files and folders appear in Windows Explorer as semi-transparent icons • Do not show hidden files and folders • Files with set hidden attributes do not appear in Windows Explorer • Hide protected operating system files • All files with both hidden and system attributes set are hidden in Windows Explorer when set Guide to MCSE 70-290, Enhanced
Hidden (continued) Guide to MCSE 70-290, Enhanced
Activity 7-1: Viewing and Configuring File and Folder Attributes Using Windows Explorer • Objective: Use Windows Explorer to view and configure file and folder attributes • Use Windows Explorer to view sets of files and folders that are visible by default • Reconfigure View settings • Observe results of configurations Guide to MCSE 70-290, Enhanced
The ATTRIB Command • A command-line utility used to view, add or remove the four attributes of files and folders • Only way to configure system attribute • Supports wildcards (*) allowing multiple files or folders to be changed simultaneously • Syntax • View: attrib filename • Set: attrib +attributefilename • Remove: attrib –attributefilename Guide to MCSE 70-290, Enhanced
Activity 7-2: Changing File Attributes Using the ATTRIB Command • Objective: View and change file attributes from the command line • Create a new folder and files • Observe attributes • Change attributes using ATTRIB • Observe changes • Hide protected files • Observe changes Guide to MCSE 70-290, Enhanced
Advanced Attributes • Advanced attributes found on NTFS partitions or volumes • Archive and Index attributes • File is ready for archiving • Indexing service • Compress or Encrypt • Compress contents to save disk space • Encrypt contents to secure data Guide to MCSE 70-290, Enhanced
Advanced Attributes (continued) Guide to MCSE 70-290, Enhanced
File Compression • Reduces amount of disk space needed for files and folders • Automatically uncompressed when the resource is accessed • Compressed resources displayed in different color in Windows Explorer (blue by default) • Moving and copying resources can affect compression Guide to MCSE 70-290, Enhanced
Activity 7-3: Configuring Folder Compression Settings • Objective: Configure a folder to compress its contents • Create a folder, copy a file into it • Set the compression attribute on the folder to compress itself and its contents • Note the appearance of the folder and verify compression of contents Guide to MCSE 70-290, Enhanced
Activity 7-3: (continued) Guide to MCSE 70-290, Enhanced
COMPACT • Used with NTFS file system only • Command-line utility for configuring the compression attribute • Syntax • COMPACT(to view) • COMPACT switchesresourcename (to set attributes) • Switches • /c (to compress resources) • /u (to uncompress resources) Guide to MCSE 70-290, Enhanced
File Encryption • Encrypting File System (EFS) uses public key cryptography to encrypt files and folders • Only on NTFS file systems • Transparent to user • Implemented using 2 main types of keys • File encryption key (FEK) • Session key added to header of encrypted data (data decryption field) • Public key encrypts DDF Guide to MCSE 70-290, Enhanced
File Encryption (continued) • Main challenge for public key cryptography is when users leave organization • Can rename user account • Can use data recovery agent • FEK also stored in data recovery field (DRF) • Encrypted using data recovery agent’s public key • Default is administrator, additional recovery agents can be designated • Moving or copying files can affect encryption • Encrypted files cannot be compressed, vice versa Guide to MCSE 70-290, Enhanced
Activity 7-4: Encrypting Files Using Windows Explorer • Objective: Implement and test file encryption security using EFS • Configure encryption on a folder and create a file in the folder • Try to open the folder and file from another user account and observe results • Try to open the folder and file from a domain administrator account and observe results Guide to MCSE 70-290, Enhanced
Sharing Encrypted Files • In Windows 2000, only user and data recovery agent could access an encrypted file • In Windows Server 2003, Advanced Attributes allows sharing with other specific named users • Issues: • Only for files, not folders • Can only share with users, not groups • Users must have a certificate on computer • Users must have appropriate NTFS permissions Guide to MCSE 70-290, Enhanced
Sharing Encrypted Files (continued) Guide to MCSE 70-290, Enhanced
The CIPHER Command • Command-line utility for file and folder encryption • Used by administrator • NTFS partitions and volumes only • Syntax • CIPHER(to view) • CIPHER switchesresourcename (to set attributes) Guide to MCSE 70-290, Enhanced
The CIPHER Command (continued) Guide to MCSE 70-290, Enhanced
The CIPHER Command (continued) • Switches • /e (to encrypt a folder) • /d (to decrypt a folder) • /a (to apply other switches to a file rather than a folder) • Cannot encrypt files which have their read-only attribute set • Can use the wildcard character (*) Guide to MCSE 70-290, Enhanced
Activity 7-5: Encrypting Files Using the CIPHER Utility • Objective: To encrypt and decrypt files using CIPHER • Create a new folder and files • Encrypt a single file and observe the results • Encrypt files using the wildcard character and observe results Guide to MCSE 70-290, Enhanced
Disk Quotas • Disk quotas used to monitor and control user disk space • Advantages • Prevents users from consuming all disk space • Encourages users to delete old files • Allows monitoring for planning purposes • Allows monitoring of individual users • Disabled by default • Implemented only on NTFS volumes • Configured from Properties of a volume Guide to MCSE 70-290, Enhanced
Disk Quotas (continued) Guide to MCSE 70-290, Enhanced
Disk Quotas (continued) Guide to MCSE 70-290, Enhanced
Disk Quotas (continued) Guide to MCSE 70-290, Enhanced
Activity 7-6: Configuring and Managing Disk Quotas • Objective: Enable and manage disk quota settings • Enable quota management • Configure “soft” disk quota settings • Observe results • Set up a warning situation and observe results Guide to MCSE 70-290, Enhanced
Managing Disk Quotas from the Command Line • FSUTIL QUOTA command-line utility can be used to manage disk quotas • Can enable/disable, modify, display, track, report • Example (to enable disk quotas on drive E) • fsutil quota enforce e: • Events written to System log (displayed in Event Viewer) every hour by default • fsutil behavior command can change the interval • Help available for fsutil quota and fsutil behavior commands in Help and Support Center Guide to MCSE 70-290, Enhanced
Managing Disk Quotas from the Command Line (continued) Guide to MCSE 70-290, Enhanced
Distributed File System • Makes it appear that multiple shared-file resources are stored in a single hierarchical structure • Users do not have to know which server a shared folder resides on • Configured using the Distributed File System console in Administrative Tools menu • Tree structure (root and DFS links) Guide to MCSE 70-290, Enhanced
Distributed File System (continued) Guide to MCSE 70-290, Enhanced
DFS Models • Two models: • Standalone DFS model (more limited capabilities) • Domain-based DFS model Guide to MCSE 70-290, Enhanced
DFS Models (continued) • Hierarchical structure is called DFS topology or logical structure, three elements to structure • The DFS root • Main container on host server • The DFS links • Pointers to physical location of shared folders • Servers on which the DFS shared folders are replicated as replica sets • Replica set is set of shared folders that is replicated across multiple servers Guide to MCSE 70-290, Enhanced
Activity 7-7: Implementing Domain-Based DFS and Creating Links • Objective: to create a new domain-based DFS root and add DFS links • Use New Root Wizard from Distributed File System utility to set up a root • Add links to other folders • Verify DFS structure Guide to MCSE 70-290, Enhanced
Managing DFS • Tasks involved in managing DFS system • Deleting a DFS root • Removing a DFS link • Adding root and link replica sets • Checking the status of a root or link • Replication capability provides fault tolerance and load balancing • DFS replication options and topologies managed from Configure Replication wizard Guide to MCSE 70-290, Enhanced
Managing DFS (continued) • DFS element status is indicated with colored icons Guide to MCSE 70-290, Enhanced
Summary • File and folder attributes are: • Read-only (can a resource be modified or deleted) • Archive (has a resource recently been changed) • System (does resource have specific display requirements, especially in conjunction with Hidden) • Hidden (should the resource appear normally in Windows Explorer) • File and folder attributes can be set through graphical tools or the ATTRIB command-line utility Guide to MCSE 70-290, Enhanced
Summary (continued) • Advanced attributes on NTFS partitions or volumes include: • Archiving (specifies whether to back up file) • Indexing (makes resource searchable) • Compression (saves disk space) • Encryption (makes resources accessible only to those holding keys) • Command-line utilities for advanced attributes include: • COMPACT • CIPHER Guide to MCSE 70-290, Enhanced
Summary (continued) • Disk quotas allow management of disk space usage by individual users • Managed from the Properties of a volume or using the FSUTIL command-line utility • Distributed File System allows management of shared-file resources • Appear as a single hierarchical structure • Can be physically located on different servers • 2 DFS models: standalone and domain-based Guide to MCSE 70-290, Enhanced