70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management
Objectives Understand and configure file and folder attributes Understand and configure advanced file and folder attributes Implement and manage disk quotas Understand and implement the Distributed File System Guide to MCSE 70-290, Enhanced
File and Folder Attributes Used since MS-DOS operating system Attributes describe files, folders, and their characteristics Applicable utilities include graphical tools and the ATTRIB command Four standard file and folder attributes Read-only Archive System hidden Guide to MCSE 70-290, Enhanced
Read-only Designates that the contents of a file cannot be changed and file cannot be deleted Available in all file systems (FAT, FAT32, NTFS partitions and volumes) FAT, FAT32 attributes can be changed by any user NTFS attribute can only be changed by a user with appropriate permissions Can be configured for a file or folder For folders, attribute pertains to the files it contains, not the folder itself Guide to MCSE 70-290, Enhanced
Read-only (continued) Guide to MCSE 70-290, Enhanced
Archive Marks which files and folders have been recently changed or created Recently modified files are marked as ready for archiving Important for backup Backup methods update the status of the archive attribute Viewing the attribute is done using Windows Explorer or command-line utilities (e.g., DIR, ATTRIB) Guide to MCSE 70-290, Enhanced
System Originally designed to identify O.S. in MS-DOS In Windows Server 2003 Used in conjunction with hidden attribute When system and hidden both true, file or folder is “super hidden” (not displayed in Windows Explorer interface) Treated as “protected operating system files” with specific alternate display options Can only be manipulated using ATTRIB command Guide to MCSE 70-290, Enhanced
Hidden Used to make files and folders less visible to users from Windows Explorer and command-line Default configuration in Windows Server 2003 displays hidden files as semi-transparent icons unless in conjunction with system attribute Hidden attribute can be configured from General tab of Properties Guide to MCSE 70-290, Enhanced
Hidden (continued) Visibility can be configured from View tab of Folder Options from Tools in Windows Explorer Show hidden file and folders Hidden files and folders appear in Windows Explorer as semi-transparent icons Do not show hidden files and folders Files with set hidden attributes do not appear in Windows Explorer Hide protected operating system files All files with both hidden and system attributes set are hidden in Windows Explorer when set Guide to MCSE 70-290, Enhanced
Hidden (continued) Guide to MCSE 70-290, Enhanced
Activity 7-1: Viewing and Configuring File and Folder Attributes Using Windows Explorer Objective: Use Windows Explorer to view and configure file and folder attributes Use Windows Explorer to view sets of files and folders that are visible by default Reconfigure View settings Observe results of configurations Guide to MCSE 70-290, Enhanced
The ATTRIB Command A command-line utility used to view, add or remove the four attributes of files and folders Only way to configure system attribute Supports wildcards (*) allowing multiple files or folders to be changed simultaneously Syntax View: attrib filename Set: attrib +attribute filename Remove: attrib –attribute filename Guide to MCSE 70-290, Enhanced
Activity 7-2: Changing File Attributes Using the ATTRIB Command Objective: View and change file attributes from the command line Create a new folder and files Observe attributes Change attributes using ATTRIB Observe changes Hide protected files Guide to MCSE 70-290, Enhanced
Advanced Attributes Advanced attributes found on NTFS partitions or volumes Archive and Index attributes File is ready for archiving Indexing service Compress or Encrypt Compress contents to save disk space Encrypt contents to secure data Guide to MCSE 70-290, Enhanced
Advanced Attributes (continued) Guide to MCSE 70-290, Enhanced
File Compression Reduces amount of disk space needed for files and folders Automatically uncompressed when the resource is accessed Compressed resources displayed in different color in Windows Explorer (blue by default) Moving and copying resources can affect compression Guide to MCSE 70-290, Enhanced
Activity 7-3: Configuring Folder Compression Settings Objective: Configure a folder to compress its contents Create a folder, copy a file into it Set the compression attribute on the folder to compress itself and its contents Note the appearance of the folder and verify compression of contents Guide to MCSE 70-290, Enhanced
Activity 7-3: (continued) Guide to MCSE 70-290, Enhanced
COMPACT Used with NTFS file system only Command-line utility for configuring the compression attribute Syntax COMPACT (to view) COMPACT switches resourcename (to set attributes) Switches /c (to compress resources) /u (to uncompress resources) Guide to MCSE 70-290, Enhanced
File Encryption Encrypting File System (EFS) uses public key cryptography to encrypt files and folders Only on NTFS file systems Transparent to user Implemented using 2 main types of keys File encryption key (FEK) Session key added to header of encrypted data (data decryption field) Public key encrypts DDF Guide to MCSE 70-290, Enhanced
File Encryption (continued) Main challenge for public key cryptography is when users leave organization Can rename user account Can use data recovery agent FEK also stored in data recovery field (DRF) Encrypted using data recovery agent’s public key Default is administrator, additional recovery agents can be designated Moving or copying files can affect encryption Encrypted files cannot be compressed, vice versa Guide to MCSE 70-290, Enhanced
Activity 7-4: Encrypting Files Using Windows Explorer Objective: Implement and test file encryption security using EFS Configure encryption on a folder and create a file in the folder Try to open the folder and file from another user account and observe results Try to open the folder and file from a domain administrator account and observe results Guide to MCSE 70-290, Enhanced
Sharing Encrypted Files In Windows 2000, only user and data recovery agent could access an encrypted file In Windows Server 2003, Advanced Attributes allows sharing with other specific named users Issues: Only for files, not folders Can only share with users, not groups Users must have a certificate on computer Users must have appropriate NTFS permissions Guide to MCSE 70-290, Enhanced
Sharing Encrypted Files (continued) Guide to MCSE 70-290, Enhanced
The CIPHER Command Command-line utility for file and folder encryption Used by administrator NTFS partitions and volumes only Syntax CIPHER (to view) CIPHER switches resourcename (to set attributes) Guide to MCSE 70-290, Enhanced
The CIPHER Command (continued) Guide to MCSE 70-290, Enhanced
The CIPHER Command (continued) Switches /e (to encrypt a folder) /d (to decrypt a folder) /a (to apply other switches to a file rather than a folder) Cannot encrypt files which have their read-only attribute set Can use the wildcard character (*) Guide to MCSE 70-290, Enhanced
Activity 7-5: Encrypting Files Using the CIPHER Utility Objective: To encrypt and decrypt files using CIPHER Create a new folder and files Encrypt a single file and observe the results Encrypt files using the wildcard character and observe results Guide to MCSE 70-290, Enhanced
Disk Quotas Disk quotas used to monitor and control user disk space Advantages Prevents users from consuming all disk space Encourages users to delete old files Allows monitoring for planning purposes Allows monitoring of individual users Disabled by default Implemented only on NTFS volumes Configured from Properties of a volume Guide to MCSE 70-290, Enhanced
Disk Quotas (continued) Guide to MCSE 70-290, Enhanced
Disk Quotas (continued) Guide to MCSE 70-290, Enhanced
Disk Quotas (continued) Guide to MCSE 70-290, Enhanced
Activity 7-6: Configuring and Managing Disk Quotas Objective: Enable and manage disk quota settings Enable quota management Configure “soft” disk quota settings Observe results Set up a warning situation and observe results Guide to MCSE 70-290, Enhanced
Managing Disk Quotas from the Command Line FSUTIL QUOTA command-line utility can be used to manage disk quotas Can enable/disable, modify, display, track, report Example (to enable disk quotas on drive E) fsutil quota enforce e: Events written to System log (displayed in Event Viewer) every hour by default fsutil behavior command can change the interval Help available for fsutil quota and fsutil behavior commands in Help and Support Center Guide to MCSE 70-290, Enhanced
Managing Disk Quotas from the Command Line (continued) Guide to MCSE 70-290, Enhanced
Distributed File System Makes it appear that multiple shared-file resources are stored in a single hierarchical structure Users do not have to know which server a shared folder resides on Configured using the Distributed File System console in Administrative Tools menu Tree structure (root and DFS links) Guide to MCSE 70-290, Enhanced
Distributed File System (continued) Guide to MCSE 70-290, Enhanced
DFS Models Two models: Standalone DFS model (more limited capabilities) Domain-based DFS model Guide to MCSE 70-290, Enhanced
DFS Models (continued) Hierarchical structure is called DFS topology or logical structure, three elements to structure The DFS root Main container on host server The DFS links Pointers to physical location of shared folders Servers on which the DFS shared folders are replicated as replica sets Replica set is set of shared folders that is replicated across multiple servers Guide to MCSE 70-290, Enhanced
Activity 7-7: Implementing Domain-Based DFS and Creating Links Objective: to create a new domain-based DFS root and add DFS links Use New Root Wizard from Distributed File System utility to set up a root Add links to other folders Verify DFS structure Guide to MCSE 70-290, Enhanced
Managing DFS Tasks involved in managing DFS system Deleting a DFS root Removing a DFS link Adding root and link replica sets Checking the status of a root or link Replication capability provides fault tolerance and load balancing DFS replication options and topologies managed from Configure Replication wizard Guide to MCSE 70-290, Enhanced
Managing DFS (continued) DFS element status is indicated with colored icons Guide to MCSE 70-290, Enhanced
Summary File and folder attributes are: Read-only (can a resource be modified or deleted) Archive (has a resource recently been changed) System (does resource have specific display requirements, especially in conjunction with Hidden) Hidden (should the resource appear normally in Windows Explorer) File and folder attributes can be set through graphical tools or the ATTRIB command-line utility Guide to MCSE 70-290, Enhanced
Summary (continued) Advanced attributes on NTFS partitions or volumes include: Archiving (specifies whether to back up file) Indexing (makes resource searchable) Compression (saves disk space) Encryption (makes resources accessible only to those holding keys) Command-line utilities for advanced attributes include: COMPACT CIPHER Guide to MCSE 70-290, Enhanced
Summary (continued) Disk quotas allow management of disk space usage by individual users Managed from the Properties of a volume or using the FSUTIL command-line utility Distributed File System allows management of shared-file resources Appear as a single hierarchical structure Can be physically located on different servers 2 DFS models: standalone and domain-based Guide to MCSE 70-290, Enhanced