70-290 mcse guide chapter 7
TRANSCRIPT
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003
Environment
Chapter 7:Advanced File System
Management
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
2
Objectives
• Understand and configure file and folder attributes• Understand and configure advanced file and folder
attributes• Implement and manage disk quotas• Understand and implement the Distributed File
System
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
3
File and Folder Attributes• Used since MS-DOS operating system• Attributes describe files, folders, and their
characteristics• Applicable utilities include graphical tools and the
ATTRIB command• Four standard file and folder attributes
• Read-only• Archive• System• hidden
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
4
Read-only• Designates that the contents of a file cannot be
changed and file cannot be deleted• Available in all file systems (FAT, FAT32, NTFS
partitions and volumes)• FAT, FAT32 attributes can be changed by any user• NTFS attribute can only be changed by a user with
appropriate permissions
• Can be configured for a file or folder• For folders, attribute pertains to the files it contains, not
the folder itself
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
5
Read-only (continued)
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
6
Archive• Marks which files and folders have been recently
changed or created• Recently modified files are marked as ready for
archiving• Important for backup• Backup methods update the status of the archive
attribute• Viewing the attribute is done using Windows
Explorer or command-line utilities (e.g., DIR, ATTRIB)
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
7
System
• Originally designed to identify O.S. in MS-DOS• In Windows Server 2003
• Used in conjunction with hidden attribute
• When system and hidden both true, file or folder is “super hidden” (not displayed in Windows Explorer interface)
• Treated as “protected operating system files” with specific alternate display options
• Can only be manipulated using ATTRIB command
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
8
Hidden
• Used to make files and folders less visible to users from Windows Explorer and command-line
• Default configuration in Windows Server 2003 displays hidden files as semi-transparent icons unless in conjunction with system attribute
• Hidden attribute can be configured from General tab of Properties
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
9
Hidden (continued)• Visibility can be configured from View tab of
Folder Options from Tools in Windows Explorer• Show hidden file and folders
• Hidden files and folders appear in Windows Explorer as semi-transparent icons
• Do not show hidden files and folders
• Files with set hidden attributes do not appear in Windows Explorer
• Hide protected operating system files
• All files with both hidden and system attributes set are hidden in Windows Explorer when set
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
10
Hidden (continued)
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
11
The ATTRIB Command
• A command-line utility used to view, add or remove the four attributes of files and folders
• Only way to configure system attribute• Supports wildcards (*) allowing multiple files or
folders to be changed simultaneously• Syntax
• View: attrib filename• Set: attrib +attribute filename• Remove: attrib –attribute filename
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
12
Advanced Attributes
• Advanced attributes found on NTFS partitions or volumes
• Archive and Index attributes• File is ready for archiving
• Indexing service
• Compress or Encrypt• Compress contents to save disk space
• Encrypt contents to secure data
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
13
Advanced Attributes (continued)
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
14
File Compression
• Reduces amount of disk space needed for files and folders
• Automatically uncompressed when the resource is accessed
• Compressed resources displayed in different color in Windows Explorer (blue by default)
• Moving and copying resources can affect compression
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
15
COMPACT
• Used with NTFS file system only• Command-line utility for configuring the
compression attribute • Syntax
• COMPACT (to view)• COMPACT switches resourcename (to set attributes)
• Switches• /c (to compress resources)• /u (to uncompress resources)
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
16
File Encryption
• Encrypting File System (EFS) uses public key cryptography to encrypt files and folders
• Only on NTFS file systems• Transparent to user• Implemented using 2 main types of keys
• File encryption key (FEK)
• Session key added to header of encrypted data (data decryption field)
• Public key encrypts DDF
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
17
File Encryption (continued)• Main challenge for public key cryptography is
when users leave organization• Can rename user account• Can use data recovery agent
• FEK also stored in data recovery field (DRF)• Encrypted using data recovery agent’s public key• Default is administrator, additional recovery agents can
be designated
• Moving or copying files can affect encryption• Encrypted files cannot be compressed, vice versa
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
18
Sharing Encrypted Files
• In Windows 2000, only user and data recovery agent could access an encrypted file
• In Windows Server 2003, Advanced Attributes allows sharing with other specific named users
• Issues:• Only for files, not folders
• Can only share with users, not groups
• Users must have a certificate on computer
• Users must have appropriate NTFS permissions
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
19
Sharing Encrypted Files (continued)
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
20
The CIPHER Command
• Command-line utility for file and folder encryption• Used by administrator
• NTFS partitions and volumes only
• Syntax• CIPHER (to view)
• CIPHER switches resourcename (to set attributes)
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
21
The CIPHER Command (continued)
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
22
The CIPHER Command (continued)
• Switches• /e (to encrypt a folder)
• /d (to decrypt a folder)
• /a (to apply other switches to a file rather than a folder)
• Cannot encrypt files which have their read-only attribute set
• Can use the wildcard character (*)
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
23
Activity 7-5: Encrypting Files Using the CIPHER Utility
• Objective: To encrypt and decrypt files using CIPHER
• Create a new folder and files• Encrypt a single file and observe the results• Encrypt files using the wildcard character and
observe results
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
24
Disk Quotas
• Disk quotas used to monitor and control user disk space
• Advantages• Prevents users from consuming all disk space
• Encourages users to delete old files
• Allows monitoring for planning purposes
• Allows monitoring of individual users
• Disabled by default• Implemented only on NTFS volumes• Configured from Properties of a volume
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
25
Disk Quotas (continued)
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
26
Disk Quotas (continued)
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
27
Disk Quotas (continued)
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
28
Managing Disk Quotas from the Command Line
• FSUTIL QUOTA command-line utility can be used to manage disk quotas• Can enable/disable, modify, display, track, report • Example (to enable disk quotas on drive E)
• fsutil quota enforce e:• Events written to System log (displayed in Event
Viewer) every hour by default• fsutil behavior command can change the interval
• Help available for fsutil quota and fsutil behavior commands in Help and Support Center
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
29
Managing Disk Quotas from the Command Line (continued)
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
30
Distributed File System
• Makes it appear that multiple shared-file resources are stored in a single hierarchical structure
• Users do not have to know which server a shared folder resides on
• Configured using the Distributed File System console in Administrative Tools menu
• Tree structure (root and DFS links)
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
31
Distributed File System (continued)
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
32
DFS Models
• Two models:• Standalone DFS model (more limited capabilities)
• Domain-based DFS model
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
33
DFS Models (continued)• Hierarchical structure is called DFS topology or
logical structure, three elements to structure• The DFS root
• Main container on host server
• The DFS links
• Pointers to physical location of shared folders
• Servers on which the DFS shared folders are replicated as replica sets
• Replica set is set of shared folders that is replicated across multiple servers
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
34
Managing DFS• Tasks involved in managing DFS system
• Deleting a DFS root
• Removing a DFS link
• Adding root and link replica sets
• Checking the status of a root or link
• Replication capability provides fault tolerance and load balancing
• DFS replication options and topologies managed from Configure Replication wizard
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
35
Managing DFS (continued)• DFS element status is indicated with colored icons
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
36
Summary• File and folder attributes are:
• Read-only (can a resource be modified or deleted)
• Archive (has a resource recently been changed)
• System (does resource have specific display requirements, especially in conjunction with Hidden)
• Hidden (should the resource appear normally in Windows Explorer)
• File and folder attributes can be set through graphical tools or the ATTRIB command-line utility
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
37
Summary (continued)• Advanced attributes on NTFS partitions or
volumes include:• Archiving (specifies whether to back up file)• Indexing (makes resource searchable)• Compression (saves disk space)• Encryption (makes resources accessible only to those
holding keys)
• Command-line utilities for advanced attributes include:• COMPACT• CIPHER
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment
38
Summary (continued)• Disk quotas allow management of disk space
usage by individual users• Managed from the Properties of a volume or using the
FSUTIL command-line utility
• Distributed File System allows management of shared-file resources • Appear as a single hierarchical structure
• Can be physically located on different servers
• 2 DFS models: standalone and domain-based