70-290: mcse guide to managing a microsoft windows server...
TRANSCRIPT
70-290: MCSE Guide to Managing
a Microsoft Windows Server 2003
Environment, Enhanced
Chapter 7:
Advanced File System
Management
Guide to MCSE 70-290, Enhanced 2
Objectives
• Understand and configure file and folder attributes
• Understand and configure advanced file and folder
attributes
• Implement and manage disk quotas
• Understand and implement the Distributed File
System
Guide to MCSE 70-290, Enhanced 3
File and Folder Attributes
• Used since MS-DOS operating system
• Attributes describe files, folders, and their characteristics
• Applicable utilities include graphical tools and the ATTRIB command
• Four standard file and folder attributes
• Read-only
• Archive
• System
• hidden
Guide to MCSE 70-290, Enhanced 4
Read-only
• Designates that the contents of a file cannot be changed and file cannot be deleted
• Available in all file systems (FAT, FAT32, NTFS partitions and volumes)
• FAT, FAT32 attributes can be changed by any user
• NTFS attribute can only be changed by a user with appropriate permissions
• Can be configured for a file or folder
• For folders, attribute pertains to the files it contains, not the folder itself
Guide to MCSE 70-290, Enhanced 5
Read-only (continued)
Guide to MCSE 70-290, Enhanced 6
Archive
• Marks which files and folders have been recently changed or created
• Recently modified files are marked as ready for archiving
• Important for backup
• Backup methods update the status of the archive attribute
• Viewing the attribute is done using Windows Explorer or command-line utilities (e.g., DIR, ATTRIB)
Guide to MCSE 70-290, Enhanced 7
System
• Originally designed to identify O.S. in MS-DOS
• In Windows Server 2003
• Used in conjunction with hidden attribute
• When system and hidden both true, file or folder is
“super hidden” (not displayed in Windows Explorer
interface)
• Treated as “protected operating system files” with
specific alternate display options
• Can only be manipulated using ATTRIB command
Guide to MCSE 70-290, Enhanced 8
Hidden
• Used to make files and folders less visible to users
from Windows Explorer and command-line
• Default configuration in Windows Server 2003
displays hidden files as semi-transparent icons
unless in conjunction with system attribute
• Hidden attribute can be configured from General
tab of Properties
Guide to MCSE 70-290, Enhanced 9
Hidden (continued)
• Visibility can be configured from View tab of
Folder Options from Tools in Windows Explorer
• Show hidden file and folders
• Hidden files and folders appear in Windows
Explorer as semi-transparent icons
• Do not show hidden files and folders
• Files with set hidden attributes do not appear in
Windows Explorer
• Hide protected operating system files
• All files with both hidden and system attributes set
are hidden in Windows Explorer when set
Guide to MCSE 70-290, Enhanced 10
Hidden (continued)
Guide to MCSE 70-290, Enhanced 11
The ATTRIB Command
• A command-line utility used to view, add or remove the four attributes of files and folders
• Only way to configure system attribute
• Supports wildcards (*) allowing multiple files or folders to be changed simultaneously
• Syntax
• View: attrib filename
• Set: attrib +attribute filename
• Remove: attrib –attribute filename
Guide to MCSE 70-290, Enhanced 12
Advanced Attributes
• Advanced attributes found on NTFS partitions or
volumes
• Archive and Index attributes
• File is ready for archiving
• Indexing service
• Compress or Encrypt
• Compress contents to save disk space
• Encrypt contents to secure data
Guide to MCSE 70-290, Enhanced 13
Advanced Attributes
(continued)
Guide to MCSE 70-290, Enhanced 14
File Compression
• Reduces amount of disk space needed for files and
folders
• Automatically uncompressed when the resource is
accessed
• Compressed resources displayed in different color
in Windows Explorer (blue by default)
• Moving and copying resources can affect
compression
Guide to MCSE 70-290, Enhanced 15
Activity 7-3: (continued)
Guide to MCSE 70-290, Enhanced 16
COMPACT
• Used with NTFS file system only
• Command-line utility for configuring the compression attribute
• Syntax
• COMPACT (to view)
• COMPACT switches resourcename (to set attributes)
• Switches
• /c (to compress resources)
• /u (to uncompress resources)
Guide to MCSE 70-290, Enhanced 17
File Encryption
• Encrypting File System (EFS) uses public key
cryptography to encrypt files and folders
• Only on NTFS file systems
• Transparent to user
• Implemented using 2 main types of keys
• File encryption key (FEK)
• Session key added to header of encrypted data (data
decryption field)
• Public key encrypts DDF
Guide to MCSE 70-290, Enhanced 18
File Encryption (continued)
• Main challenge for public key cryptography is when users leave organization
• Can rename user account
• Can use data recovery agent
• FEK also stored in data recovery field (DRF)
• Encrypted using data recovery agent’s public key
• Default is administrator, additional recovery agents can be designated
• Moving or copying files can affect encryption
• Encrypted files cannot be compressed, vice versa
Guide to MCSE 70-290, Enhanced 19
Sharing Encrypted Files
• In Windows 2000, only user and data recovery
agent could access an encrypted file
• In Windows Server 2003, Advanced Attributes
allows sharing with other specific named users
• Issues:
• Only for files, not folders
• Can only share with users, not groups
• Users must have a certificate on computer
• Users must have appropriate NTFS permissions
Guide to MCSE 70-290, Enhanced 20
Sharing Encrypted Files
(continued)
Guide to MCSE 70-290, Enhanced 21
The CIPHER Command
• Command-line utility for file and folder
encryption
• Used by administrator
• NTFS partitions and volumes only
• Syntax
• CIPHER (to view)
• CIPHER switches resourcename (to set attributes)
Guide to MCSE 70-290, Enhanced 22
The CIPHER Command
(continued)
Guide to MCSE 70-290, Enhanced 23
The CIPHER Command
(continued)
• Switches
• /e (to encrypt a folder)
• /d (to decrypt a folder)
• /a (to apply other switches to a file rather than a folder)
• Cannot encrypt files which have their read-only
attribute set
• Can use the wildcard character (*)
Guide to MCSE 70-290, Enhanced 24
Disk Quotas
• Disk quotas used to monitor and control user disk
space
• Advantages
• Prevents users from consuming all disk space
• Encourages users to delete old files
• Allows monitoring for planning purposes
• Allows monitoring of individual users
• Disabled by default
• Implemented only on NTFS volumes
• Configured from Properties of a volume
Guide to MCSE 70-290, Enhanced 25
Disk Quotas (continued)
Guide to MCSE 70-290, Enhanced 26
Disk Quotas (continued)
Guide to MCSE 70-290, Enhanced 27
Disk Quotas (continued)
Guide to MCSE 70-290, Enhanced 28
Managing Disk Quotas from
the Command Line
• FSUTIL QUOTA command-line utility can be used to manage disk quotas
• Can enable/disable, modify, display, track, report
• Example (to enable disk quotas on drive E)
• fsutil quota enforce e:
• Events written to System log (displayed in Event Viewer) every hour by default
• fsutil behavior command can change the interval
• Help available for fsutil quota and fsutil behavior commands in Help and Support Center
Guide to MCSE 70-290, Enhanced 29
Managing Disk Quotas from
the Command Line (continued)
Guide to MCSE 70-290, Enhanced 30
Distributed File System
• Makes it appear that multiple shared-file resources
are stored in a single hierarchical structure
• Users do not have to know which server a shared
folder resides on
• Configured using the Distributed File System
console in Administrative Tools menu
• Tree structure (root and DFS links)
Guide to MCSE 70-290, Enhanced 31
Distributed File System (continued)
Guide to MCSE 70-290, Enhanced 32
DFS Models
• Two models:
• Standalone DFS model (more limited capabilities)
• Domain-based DFS model
Guide to MCSE 70-290, Enhanced 33
DFS Models (continued)
• Hierarchical structure is called DFS topology or
logical structure, three elements to structure
• The DFS root
• Main container on host server
• The DFS links
• Pointers to physical location of shared folders
• Servers on which the DFS shared folders are replicated
as replica sets
• Replica set is set of shared folders that is replicated
across multiple servers
Guide to MCSE 70-290, Enhanced 34
Managing DFS
• Tasks involved in managing DFS system
• Deleting a DFS root
• Removing a DFS link
• Adding root and link replica sets
• Checking the status of a root or link
• Replication capability provides fault tolerance and
load balancing
• DFS replication options and topologies managed
from Configure Replication wizard
Guide to MCSE 70-290, Enhanced 35
Managing DFS (continued)
• DFS element status is indicated with colored icons
Guide to MCSE 70-290, Enhanced 36
Summary
• File and folder attributes are:
• Read-only (can a resource be modified or deleted)
• Archive (has a resource recently been changed)
• System (does resource have specific display
requirements, especially in conjunction with Hidden)
• Hidden (should the resource appear normally in
Windows Explorer)
• File and folder attributes can be set through
graphical tools or the ATTRIB command-line
utility
Guide to MCSE 70-290, Enhanced 37
Summary (continued)
• Advanced attributes on NTFS partitions or volumes include:
• Archiving (specifies whether to back up file)
• Indexing (makes resource searchable)
• Compression (saves disk space)
• Encryption (makes resources accessible only to those holding keys)
• Command-line utilities for advanced attributes include:
• COMPACT
• CIPHER
Guide to MCSE 70-290, Enhanced 38
Summary (continued)
• Disk quotas allow management of disk space
usage by individual users
• Managed from the Properties of a volume or using the
FSUTIL command-line utility
• Distributed File System allows management of
shared-file resources
• Appear as a single hierarchical structure
• Can be physically located on different servers
• 2 DFS models: standalone and domain-based