Presentation is loading. Please wait.

Presentation is loading. Please wait.

❊ Thorsten Butz “Everything you always wanted to know

Published byPiers Oswald Stokes Modified over 6 years ago

Similar presentations

Presentation on theme: "❊ Thorsten Butz “Everything you always wanted to know"— Presentation transcript:

1 ❊ Thorsten Butz “Everything you always wanted to know
about file server But were afraid to ask”

2 Get-Help about_me $speaker name = Thorsten Butz jobrole = Trainer, Consultant, Author certification = MC*,LPIC-2 ^ = thorstenbutz = facebook.com/thbutz = = }

3 List of content Episode 1: The untouchables Episode 2: Hidden beauties
Espisode 3: Adults only

4 #region Episode 1 The untouchables

5 The basic stuff: remote administration

6 Shadows of the past

7 fsmgmt.msc

8 KEEP CALM IT'S DEMO TIME Corbel 57, 28

9 Demo fsrm.msc

10 FSRM feature installed FSRM feature not installed
Demo FSRM feature installed FSRM feature not installed

11 Firewall rules for FSRM
Demo Firewall rules for FSRM # Check config $CimSession = New-CimSession -ComputerName $fileserver $DisplayGroup = 'Remote File Server Resource Manager Management' Get-NetFirewallRule -DisplayGroup $DisplayGroup -CimSession $CimSession | Format-Table Enabled,Display*, *store* -AutoSize # Enable rules Get-NetFirewallRule -DisplayGroup $DisplayGroup -CimSession $CimSession | Set-NetFirewallRule -Enabled True

12 Demo Ready for take off

13 Sharing and mapping Demo ab # A net.exe use s: \\sea-fs1\Sales # B
New-SmbMapping -LocalPath 's:' -RemotePath '\\sea-fs1\sales' # C New-PSDrive -Name 's' -PSProvider FileSystem -Root '\\sea-fs1\sales' ab

14 #region Episode 2 Hidden beauties

15 Less known NTFS object types

16 Volume Shadow Copy Service
MSDN: "The Volume Shadow Copy Service (VSS) is a set of COM interfaces that implements a framework to allow volume backups to be performed while applications on a system continue to write to the volumes. VSS is supported on Microsoft Windows XP and later." vssadmin.exe list shadows vssadmin create shadow /for=c: mklink /D C:\vss \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1\ vssadmin delete shadows /all

17 HardLinks, Symlinks/Softlinks
Hardlinks (files) Can be used in file shares, cannot cross volume borders Junctions (directories) Can be used in file shares, can cross volume borders Softlinks Cannot be used in file shares, can cross volume borders

18 KEEP CALM IT'S DEMO TIME Corbel 57, 28

19 HardLinks, Symlinks/Softlinks
(file) Junctions (directory) Symlinks (file) Symlinks (directory) Can be used in shared folders YES NO Can point from one volume to another Problem statement: Weird differences throughout different OS version Strange collection of (built-in) tools, lacking functionality Generally not "popular" in Windows

20 Why do Hardlinks/Symlinks exist?

21 #region Episode 3 Adults only

22 UAC trouble Protected Administrator Standard User Account
Standard mode Elevated mode (Run as Administrator) Standard User Account

23 Trouble again with UAC Very sophisticated: Running Windows Explorer elevated Requires Registry-Change HKEY_CLASSES_ROOT\AppID\{CDCBCFCA-3CDC-436f-A4E2-0E C2}\RunAs Owner of the RegKey: "TrustedInstaller"

24 KEEP CALM IT'S DEMO TIME Corbel 57, 28

25 Demo Avoiding the glitches Always (!) use your own groups to grant distinct permissions Simplify your life: Seattle Domain Admins Domain Admins

26 Demo icacls.exe $fileshareroot /grant "$SeattleAdmins`:(OI)(CI)(F)" # (OI) Object inherit # (CI) Container inherit

27 Demo icacls.exe $fileshareroot /grant "$LondonAdmins`:(CI)(F)"
icacls.exe $fileshareroot /grant "$VancouerAdmins`:(F)"

28 Implicit deny vs. implict grant
Demo Implicit deny vs. implict grant ICACLS preserves the canonical ordering of ACE entries: Explicit denials Explicit grants Inherited denials Inherited grants

29 SeBackupPrivilege

30 Wrap up! Remote administration is possible .. but awkward
Not a single solution is feature complete (icacls.exe, takeown.exe, Get-ACL/Set-ACL ..) No reason to disable UAC, use your own groups!

31 Tip: SetACL Studio by Helge Klein
Free for commercial use!

32 New-Question | Out-Speaker
@thorstenbutz

33 about_Speaker Thorsten Butz @thorstenbutz; thorsten-butz.de
Was Sie schon immer über Fileserver wissen wollten, aber bisher nicht zu fragen wagten Everything you always wanted to know about file server but were afraid to ask PowerShell Conference EU HCC Hannover Congress Centrum,

Download ppt "❊ Thorsten Butz “Everything you always wanted to know"

Similar presentations

CN2140 Server II (V2) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CN2140 Server II (V2) Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.

1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
Lesson 4: Configuring File and Share Access

Lesson 4: Configuring File and Share Access
5.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.

5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
1 Chapter Overview Managing Compression Managing Disk Quotas Increasing Security with EFS Using Disk Defragmenter, Check Disk, and Disk Cleanup.

1 Chapter Overview Managing Compression Managing Disk Quotas Increasing Security with EFS Using Disk Defragmenter, Check Disk, and Disk Cleanup.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
Maintaining Windows Server 2008 File Services

Maintaining Windows Server 2008 File Services
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 12: Managing and Implementing Backups and Disaster Recovery.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 12: Managing and Implementing Backups and Disaster Recovery.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.

11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.
Working with Workgroups and Domains

Working with Workgroups and Domains
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 6: Windows File and Print Services.

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 6: Windows File and Print Services.

Similar presentations

Ads by Google