MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 6: Windows File and Print Services

MCTS Windows Server 2008 Active Directory2 Objectives 2 Describe features of the major Windows file systems Secure access to files with permissions Share folders with Windows file sharing Use Windows storage management tools Work with Windows printers

MCTS Windows Server 2008 Active Directory3 Windows File Systems A file system defines the method and format that an OS uses to store, locate, and retrieve files from electronic storage media Modern file systems are composed of some or all of the following components: –Filenaming convention –Hierarchical organization –Data storage method –Metadata –Attributes –Access Control lists (ACLs)

MCTS Windows Server 2008 Active Directory4 The FAT File System FAT (File Allocation Table) consists of two variations: FAT16 and FAT32 FAT16 is limited to 2GB partitions (Windows NT extends this to 4GB) with a maximum file size of 2GB FAT32 allows partitions up to 2TB in size, but Windows 2000 and later limit size of FAT32 partitions at creation to 32GB due to performance. FAT32 supports files up to 4GB in size

MCTS Windows Server 2008 Active Directory5 The NTFS File System First introduced in Windows NT Supports file and folder permissions, an advantage over FAT Features added with the release of Windows 2000: –Disk quotas –Volume mount points –Shadow copies –File compression –Encrypting File System (EFS)

MCTS Windows Server 2008 Active Directory6 Disk Quotas Disk quotas help administrators control how disk space is used on a server Options for setting quotas –Enable quota management –Deny disk space to users exceeding quota limit –Do not limit disk usage –Limit disk space to –Log event when a user exceeds their quota limit –Log event when a user exceeds their warning level –Quota Entries

MCTS Windows Server 2008 Active Directory7 Volume Mount Points Volume mount points enable you to access a volume as a folder in another volume instead of by using a drive letter Volume holding the folder to serve as the mount point must be an NTFS volume Reasons for using mount points: –Extend the apparent amount of free space on an existing volume –Consolidate frequently accessed volumes –Consolidate several shared volumes under a single network share

MCTS Windows Server 2008 Active Directory8 Shadow Copies Allows access to previous versions of files, and the ability to restore files that were deleted or corrupted Upon enabling Shadow Copies, Windows will warn that default settings are not ideal for heavily used servers The following can be configured in the Settings dialog box for Shadow Copies: –Located on this volume –Details –Maximum size –Schedule

MCTS Windows Server 2008 Active Directory9 File Compression and Encryption Both file compression and encryption are implemented as attributes Mutually exclusive; Both compression and encryption cannot be enabled on a file File compression can be enabled on an entire volume, or on a folder Rules for compression behavior: –Files copied to a new location inherit the compression attribute from the parent container –Files moved to a new location on the same volume retain their current compression attributes –Files moved to a new location on a different volume inherit the compression attribute from the parent container

MCTS Windows Server 2008 Active Directory10 File Compression and Encryption (cont.) File encryption on NTFS made possible by Encrypting File System (EFS) Can be set on a file or a folder, but not an entire volume Rules for encryption behavior: –Encrypted files that are copied or moved always stay encrypted, regardless of the destination’s encryption attribute –Unencrypted files that are moved or copied to a folder with the encryption attribute set are always encrypted The user who initially encrypted the file can add additional users who can decrypt the file. However, a user must have a valid EFS certificate in order to be added

MCTS Windows Server 2008 Active Directory11 File Compression and Encryption (cont.)

MCTS Windows Server 2008 Active Directory12 Securing Access to Files with Permissions Two ways to secure files –Share permissions –NTFS permissions Share permissions apply when using a network to access shared files, while NTFS permissions apply whether accessing network shares or local files If accessing a network share, the effective permissions will always be the most restrictive permissions between Share and NTFS permissions

MCTS Windows Server 2008 Active Directory13 Share Permissions Share permissions apply to folders and files accessed across the network Can’t be configured on individual files Three share permissions –Read –Change –Full Control Generally, the default share permission is Read for Everyone

MCTS Windows Server 2008 Active Directory14 NTFS Permissions NTFS permissions can be configured on folders and files 6 permissions and 14 special permissions for folders 5 permissions and 13 special permissions for files NTFS standard permissions: –Read –Read & Execute –List folder contents –Write –Modify –Full

MCTS Windows Server 2008 Active Directory15 NTFS Permissions (cont.)

MCTS Windows Server 2008 Active Directory16 File and Folder Ownership Owner of an object is granted certain implicit permissions A user can become the owner of a file system object in three ways: –Create the file or folder –Take ownership of a file or folder –Assigned ownership

MCTS Windows Server 2008 Active Directory17 NTFS Permission Inheritance By default, initial permissions are set at the root of a volume, and then new folders and files inherit these settings unless configured otherwise Permission inheritance can be disabled in the Advanced Security settings dialog box, by clearing the “Include inheritable permissions from this object’s parent” option

MCTS Windows Server 2008 Active Directory18 NTFS Permission Inheritance (cont.)

MCTS Windows Server 2008 Active Directory19 Windows File Sharing File services role required to share folders Folders in Windows Server 2008 can only be shared by members of the Administrators or Server Operators groups Methods to configure folder sharing in Windows Server 2008: –File Sharing Wizard –Advanced Sharing dialog box –Shared Folders snap-in –Share and Storage Management

MCTS Windows Server 2008 Active Directory20 Windows File Sharing (cont.)

MCTS Windows Server 2008 Active Directory21 Windows File Sharing (cont.)

MCTS Windows Server 2008 Active Directory22 Default and Administrative Shares Administrative shares are hidden shares available only to members of the Administrators group Computers that aren’t domain controllers have these shares: –Admin$ –Drive$ –IPC$ Domain controllers have the previous three shares, plus these shares: –NETLOGON –Sysvol Dollar sign at the end of a share name makes it hidden

MCTS Windows Server 2008 Active Directory23 Managing Shares with the Shared Folders Snap-in Shared Folders snap-in can be used to create, delete, and monitor shares; as well as view open files or monitor and manage user connections or sessions

MCTS Windows Server 2008 Active Directory24 Accessing File Shares from Client Computers Shares are most commonly accessed via the following methods: –UNC Path Example syntax: \\server\share[\subfolder][\file] –Active Directory search –Browsing the network –Mapping a drive

MCTS Windows Server 2008 Active Directory25 Windows Storage Management File Services role installs the File Services role service, but can also install the following additional services: –File Server –Distributed File System –File Server Resource Manager (FSRM) –Services for Network File System –Windows Search Service –Windows Server 2003 File Services

MCTS Windows Server 2008 Active Directory26 Share and Storage Management Share and Storage Management snap-in includes all functions present in Shared Folders snap-in Can also –Provision storage –Share files with NFS –Publish shares to DFS –Manage volumes Protocol column under the shares tab will display whether a share is using the Server Message Block (SMB) protocol or NFS

MCTS Windows Server 2008 Active Directory27 Share and Storage Management (cont.) The Disk management snap-in provides more advanced features than the Share and Storage Management snap-in in relation to disk administration, and can perform the following tasks: –Bring new disks online –Initialize new disks –Import foreign disks –Create, format, and delete volumes –Extend and shrink volumes –Convert disks from basic to dynamic –Create RAID volumes

MCTS Windows Server 2008 Active Directory28 Share and Storage Management (cont.)

MCTS Windows Server 2008 Active Directory29 Distributed File System Distributed File System (DFS) groups shared folders from multiple servers into a single folder hierarchy, with replication for fault tolerance A DFS hierarchy is referred to as a namespace Entire namespaces can be replicated DFS load-balances the servers involved in replication Does not require AD, however load balancing and fault tolerance are only available on a domain based namespace

MCTS Windows Server 2008 Active Directory30 Distributed File System (cont.)

MCTS Windows Server 2008 Active Directory31 File Server Resource Manager File Server Resource Manager (FSRM) is a suite of services and management tools for monitoring storage space, managing quotas, controlling the types of files that users can store on a server, and creating storage reports Contains three tools: –Quota Management –File Screening Management –Storage Reports Management

MCTS Windows Server 2008 Active Directory32 File Server Resource Manager (cont.)

MCTS Windows Server 2008 Active Directory33 File Server Resource Manager (cont.)

MCTS Windows Server 2008 Active Directory34 File Server Resource Manager (cont.)

MCTS Windows Server 2008 Active Directory35 Windows Printing Print device –Physical print device, two basic types: Local print device Network print device Printer –The icon in the Printers folder that represents print devices Print Server –A Windows computer that’s sharing a printer Print queue –A storage location for print jobs awaiting printing

MCTS Windows Server 2008 Active Directory36 Configuring a Print Server A print server can provide additional printing functions: –Access Control –Printer pooling –Printer Priority –Print job Management –Availability control In order to configure a Windows 2008 Server system as a print server, a printer must be shared.

MCTS Windows Server 2008 Active Directory37 Configuring a Print Server (cont.) The Sharing tab in a printer’s Properties dialog box provides the following options: –Share this printer –Share name –Render print jobs on client computers –List in the directory –Additional Drivers

MCTS Windows Server 2008 Active Directory38 Configuring a Print Server (cont.)

MCTS Windows Server 2008 Active Directory39 Configuring a Print Server (cont.) The Advanced tab of a print server’s Properties dialog box provides more options for controlling the print server: –Always available / Available from –Priority –Driver –Spooling options –Hold mismatched documents –Print spooled documents first –Keep printed documents –Enable advanced printing features –Printing Defaults –Print Processor –Separator Page

MCTS Windows Server 2008 Active Directory40 Configuring a Print Server (cont.)

MCTS Windows Server 2008 Active Directory41 Printer Permissions Provides similar control to Share and NTFS permissions No permission inheritance for printers Three standard permissions: –Print –Manage printers –Manage documents In addition, there are 6 special permissions

MCTS Windows Server 2008 Active Directory42 Print Management from the Print Services Role Print Services role is not necessary to create printer shares or to manage the print server Provides the Print Management snap-in, which can be used to manage multiple printers and print servers Allows the installation of two other role services: Line Printer Daemon (LPD) and Internet Printing

MCTS Windows Server 2008 Active Directory43 Print Management from the Print Services Role Print Management MMC is made available Using Print Management, you can view status information and manage all printers and print servers on the network Tasks you can perform: –Install a new printer –Share a printer –Migrate printers –Deploy printers by using group policies –List or remove printers from Active Directory –Display printers based on a filter

MCTS Windows Server 2008 Active Directory44 Chapter Summary File systems define the method and format that an OS uses to store, locate, and retrieve files from storage media. Windows supports two file systems: FAT and NTFS FAT file system consists of two variations: FAT16 and FAT32. FAT16 is limited to 2 GB partitions, and FAT32 supports up to 2 TB. FAT file systems lack encryption, file compression, and file and folder security

MCTS Windows Server 2008 Active Directory45 Chapter Summary (cont.) NTFS is the ideal file system on Windows systems. Features include file and folder security, disk quotas, mount points, shadow copies, file compression, and EFS Files can be accessed interactively (locally) or across the network (remotely). Share permissions are applied only to network access, and NTFS permissions are applied to interactive and network access. The most restrictive permission of the two is enforced.

MCTS Windows Server 2008 Active Directory46 Chapter Summary (cont.) There are three share permissions: Read, Change, and Full control. NTFS permissions have 6 standard permissions and 13 special permissions Files can be shared by using the File Sharing Wizard, the Advanced Sharing dialog box, the Shared Folders snap-in, and the Share and Storage Management snap-in Windows includes administrative shares automatically, which are hidden and accessible only by members of the Administrators group

MCTS Windows Server 2008 Active Directory47 Chapter Summary (cont.) The File Services role adds tools to manage all aspects of storage, and can install several additional role services Windows printing consists of these components: print device, printer, print server, and print queue The Print Services role provides printer sharing, the Print Management snap-in, and optionally the LPD Service and Internet Printing role services