8/13/2019 Dfs Very Imp 2
1/45
70-290: MCSE Guide to Managing
a Microsoft Windows Server 2003
Environment
Chapter 7:Advanced File System
Management
8/13/2019 Dfs Very Imp 2
2/45
Management
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment
2
Objectives
Understand and configure file and folder attributes
Understand and configure advanced file and folder
attributes
Implement and manage disk quotas
Understand and implement the Distributed File
System
8/13/2019 Dfs Very Imp 2
3/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment
3
File and Folder Attributes
Used since MS-DOS operating system
Attributes describe files, folders, and theircharacteristics
Applicable utilities include graphical tools and theATTRIB command
Four standard file and folder attributes
Read-only
Archive System
hidden
8/13/2019 Dfs Very Imp 2
4/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment
4
Read-only
Designates that the contents of a file cannot bechanged and file cannot be deleted
Available in all file systems (FAT, FAT32, NTFS
partitions and volumes) FAT, FAT32 attributes can be changed by any user NTFS attribute can only be changed by a user with
appropriate permissions
Can be configured for a file or folder For folders, attribute pertains to the files it contains, notthe folder itself
8/13/2019 Dfs Very Imp 2
5/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment
5
Read-only (continued)
8/13/2019 Dfs Very Imp 2
6/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment
6
Archive
Marks which files and folders have been recentlychanged or created
Recently modified files are marked as ready for
archiving Important for backup
Backup methods update the status of the archiveattribute
Viewing the attribute is done using WindowsExplorer or command-line utilities (e.g., DIR,ATTRIB)
8/13/2019 Dfs Very Imp 2
7/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment
7
System
Originally designed to identify O.S. in MS-DOS
In Windows Server 2003
Used in conjunction with hidden attribute
When system and hidden both true, file or folder is
super hidden (not displayed in Windows Explorer
interface)
Treated as protected operating system files with
specific alternate display options
Can only be manipulated using ATTRIB command
8/13/2019 Dfs Very Imp 2
8/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment
8
Hidden
Used to make files and folders less visible to users
from Windows Explorer and command-line
Default configuration in Windows Server 2003displays hidden files as semi-transparent icons
unless in conjunction with system attribute
Hidden attribute can be configured from General
tab of Properties
8/13/2019 Dfs Very Imp 2
9/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment
9
Hidden (continued)
Visibility can be configured from View tab ofFolder Options from Tools in Windows Explorer
Show hidden file and folders
Hidden files and folders appear in Windows
Explorer as semi-transparent icons
Do not show hidden files and folders
Files with set hidden attributes do not appear in
Windows Explorer
Hide protected operating system files
All files with both hidden and system attributes set
are hidden in Windows Explorer when set
8/13/2019 Dfs Very Imp 2
10/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment
10
Hidden (continued)
8/13/2019 Dfs Very Imp 2
11/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment
11
Activity 7-1: Viewing and
Configuring File and Folder
Attributes Using Windows Explorer
Objective: Use Windows Explorer to view and
configure file and folder attributes Use Windows Explorer to view sets of files and
folders that are visible by default
Reconfigure View settings
Observe results of configurations
8/13/2019 Dfs Very Imp 2
12/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment
12
The ATTRIB Command
A command-line utility used to view, add orremove the four attributes of files and folders
Only way to configure system attribute Supports wildcards (*) allowing multiple files or
folders to be changed simultaneously
Syntax
View: attribfilename
Set: attrib +attributefilename
Remove: attribattributefilename
8/13/2019 Dfs Very Imp 2
13/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment
13
Activity 7-2: Changing File
Attributes Using the ATTRIB
Command Objective: View and change file attributes from
the command line
Create a new folder and files
Observe attributes
Change attributes using ATTRIB
Observe changes
Hide protected files
Observe changes
8/13/2019 Dfs Very Imp 2
14/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment
14
Advanced Attributes
Advanced attributes found on NTFS partitions or
volumes
Archive and Index attributes File is ready for archiving
Indexing service
Compress or Encrypt
Compress contents to save disk space
Encrypt contents to secure data
8/13/2019 Dfs Very Imp 2
15/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment
15
Advanced Attributes
(continued)
8/13/2019 Dfs Very Imp 2
16/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment
16
File Compression
Reduces amount of disk space needed for files and
folders
Automatically uncompressed when the resource isaccessed
Compressed resources displayed in different color
in Windows Explorer (blue by default)
Moving and copying resources can affect
compression
8/13/2019 Dfs Very Imp 2
17/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment
17
Activity 7-3: Configuring
Folder Compression Settings
Objective: Configure a folder to compress its
contents Create a folder, copy a file into it
Set the compression attribute on the folder to
compress itself and its contents
Note the appearance of the folder and verify
compression of contents
8/13/2019 Dfs Very Imp 2
18/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment
18
Activity 7-3: (continued)
8/13/2019 Dfs Very Imp 2
19/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment
19
COMPACT
Used with NTFS file system only
Command-line utility for configuring the
compression attribute Syntax
COMPACT (to view)
COMPACTswitchesresourcename (to set attributes)
Switches /c (to compress resources)
/u (to uncompress resources)
8/13/2019 Dfs Very Imp 2
20/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment
20
File Encryption
Encrypting File System (EFS) uses public key
cryptography to encrypt files and folders
Only on NTFS file systems
Transparent to user
Implemented using 2 main types of keys
File encryption key (FEK)
Session key added to header of encrypted data (datadecryption field)
Public key encrypts DDF
8/13/2019 Dfs Very Imp 2
21/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment
21
File Encryption (continued)
Main challenge for public key cryptography iswhen users leave organization
Can rename user account
Can use data recovery agent FEK also stored in data recovery field (DRF) Encrypted using data recovery agents public key
Default is administrator, additional recovery agents canbe designated
Moving or copying files can affect encryption
Encrypted files cannot be compressed, vice versa
8/13/2019 Dfs Very Imp 2
22/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment
22
Activity 7-4: Encrypting Files
Using Windows Explorer
Objective: Implement and test file encryption
security using EFS
Configure encryption on a folder and create a file
in the folder
Try to open the folder and file from another user
account and observe results Try to open the folder and file from a domain
administrator account and observe results
8/13/2019 Dfs Very Imp 2
23/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment
23
Sharing Encrypted Files
In Windows 2000, only user and data recovery
agent could access an encrypted file
In Windows Server 2003, Advanced Attributes
allows sharing with other specific named users
Issues:
Only for files, not folders
Can only share with users, not groups Users must have a certificate on computer
Users must have appropriate NTFS permissions
8/13/2019 Dfs Very Imp 2
24/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment
24
Sharing Encrypted Files
(continued)
8/13/2019 Dfs Very Imp 2
25/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment
25
The CIPHER Command
Command-line utility for file and folder
encryption
Used by administrator NTFS partitions and volumes only
Syntax
CIPHER (to view)
CIPHERswitchesresourcename (to set attributes)
8/13/2019 Dfs Very Imp 2
26/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment
26
The CIPHER Command
(continued)
8/13/2019 Dfs Very Imp 2
27/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment
27
The CIPHER Command
(continued) Switches
/e (to encrypt a folder)
/d (to decrypt a folder) /a (to apply other switches to a file rather than a folder)
Cannot encrypt files which have their read-only
attribute set
Can use the wildcard character (*)
8/13/2019 Dfs Very Imp 2
28/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment
28
Activity 7-5: Encrypting Files
Using the CIPHER Utility
Objective: To encrypt and decrypt files using
CIPHER
Create a new folder and files
Encrypt a single file and observe the results
Encrypt files using the wildcard character and
observe results
8/13/2019 Dfs Very Imp 2
29/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment 29
Disk Quotas
Disk quotas used to monitor and control user diskspace
Advantages
Prevents users from consuming all disk space
Encourages users to delete old files
Allows monitoring for planning purposes
Allows monitoring of individual users
Disabled by default Implemented only on NTFS volumes
Configured from Properties of a volume
8/13/2019 Dfs Very Imp 2
30/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment 30
Disk Quotas (continued)
8/13/2019 Dfs Very Imp 2
31/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment 31
Disk Quotas (continued)
8/13/2019 Dfs Very Imp 2
32/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment 32
Disk Quotas (continued)
8/13/2019 Dfs Very Imp 2
33/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment 33
Activity 7-6: Configuring and
Managing Disk Quotas
Objective: Enable and manage disk quota settings
Enable quota management
Configure soft disk quota settings
Observe results
Set up a warning situation and observe results
8/13/2019 Dfs Very Imp 2
34/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment 34
Managing Disk Quotas from
the Command Line
FSUTIL QUOTA command-line utility can beused to manage disk quotas
Can enable/disable, modify, display, track, report
Example (to enable disk quotas on drive E)
fsutil quota enforce e:
Events written to System log (displayed in EventViewer) every hour by default
fsutil behavior command can change the interval
Help available for fsutil quota and fsutil behaviorcommands in Help and Support Center
8/13/2019 Dfs Very Imp 2
35/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment 35
Managing Disk Quotas from
the Command Line (continued)
8/13/2019 Dfs Very Imp 2
36/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment 36
Distributed File System
Makes it appear that multiple shared-file resources
are stored in a single hierarchical structure
Users do not have to know which server a shared
folder resides on Configured using the Distributed File System
console in Administrative Tools menu
Tree structure (root and DFS links)
8/13/2019 Dfs Very Imp 2
37/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment 37
Distributed File System (continued)
8/13/2019 Dfs Very Imp 2
38/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment 38
DFS Models
Two models:
Standalone DFS model (more limited capabilities)
Domain-based DFS model
8/13/2019 Dfs Very Imp 2
39/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment 39
DFS Models (continued)
Hierarchical structure is called DFS topology or
logical structure, three elements to structure
The DFS root
Main container on host server The DFS links
Pointers to physical location of shared folders
Servers on which the DFS shared folders are replicated
as replica sets Replica set is set of shared folders that is replicated
across multiple servers
A i i 7 7 I l i
8/13/2019 Dfs Very Imp 2
40/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment 40
Activity 7-7: Implementing
Domain-Based DFS and
Creating Links
Objective: to create a new domain-based DFS root
and add DFS links Use New Root Wizard from Distributed File
System utility to set up a root
Add links to other folders
Verify DFS structure
8/13/2019 Dfs Very Imp 2
41/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment 41
Managing DFS
Tasks involved in managing DFS system
Deleting a DFS root
Removing a DFS link
Adding root and link replica sets Checking the status of a root or link
Replication capability provides fault tolerance and
load balancing
DFS replication options and topologies managed
from Configure Replication wizard
8/13/2019 Dfs Very Imp 2
42/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment 42
Managing DFS (continued)
DFS element status is indicated with colored icons
8/13/2019 Dfs Very Imp 2
43/45
70-290: MCSE Guide to Managing a MicrosoftWindows Server 2003 Environment 43
Summary
File and folder attributes are:
Read-only (can a resource be modified or deleted)
Archive (has a resource recently been changed)
System (does resource have specific display
requirements, especially in conjunction with Hidden) Hidden (should the resource appear normally in
Windows Explorer)
File and folder attributes can be set through
graphical tools or the ATTRIB command-lineutility
8/13/2019 Dfs Very Imp 2
44/45
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
44
Summary (continued)
Advanced attributes on NTFS partitions orvolumes include:
Archiving (specifies whether to back up file)
Indexing (makes resource searchable)
Compression (saves disk space)
Encryption (makes resources accessible only to thoseholding keys)
Command-line utilities for advanced attributes
include: COMPACT
CIPHER
8/13/2019 Dfs Very Imp 2
45/45
70-290: MCSE Guide to Managing a Microsoft 45
Summary (continued)
Disk quotas allow management of disk space
usage by individual users
Managed from the Properties of a volume or using the
FSUTIL command-line utility
Distributed File System allows management of
shared-file resources
Appear as a single hierarchical structure
Can be physically located on different servers
2 DFS models: standalone and domain-based