Windows 2003 Server
Advanced File System Management
At the end of this chapter you should be able to:
File and Folder Attributes
Files and folders have supported attributes since DOS. The four type of attributes that existed in DOS are still available in Windows Server 2003 but more advanced attributes have been added. An attribute is a property of a file that can be turned on or off. Right now we will look at the original four attribute types.
You can change the way Windows Explorer displays files by clicking on Tools - Folder Options in an Explorer window. In the View tab you can set the following.
LAB ACTIVITY - Do the lab on page 267. (10 Minutes)
The ATTRIB Command
The command line utility that allows you to modify file and folder attributes is called ATTRIB. If you type attrib at a command prompt it will show the current settings on all files and folders in the current folder. Below are some examples of the commands syntex.
LAB ACTIVITY - Do the lab on page 270. (10 Minutes)
Advanced attributes are available in Windows Server 2003 on a NTFS volume. These attributes are available by clicking the Advanced button on the General tab of a file or folder's property page. In this page you will find the Archive attribute, and Index attribute. The indexing attribute determines if a file or folder will have it's contents indexed for faster searching.
Two other attributes that are located on the advanced attributes screen are Compress and Encrypt attributes. You can not compress and encrypt a file or folder, you can only do one or the other.
You can compress your files and folders to reduce disk space used on the server. When data is compressed it appears with blue text in Windows Explorer. When the user opens a compressed file it is automatically uncompressed. This will save on disk space but it does increase the amount of CPU usage since the file is compressed and uncompressed when it is used. Below are some rules about compressed files.
* The rules in this table also apply to encryption and NTFS permissions.
LAB ACTIVITY - Do the lab on page 275. (5 Minutes)
The COMPACT command is used to change the compression settings on files and folders from the command line.
You can prevent users from getting to your data from the network with share permissions, and you can prevent them from getting it locally with NTFS permissions. File encryption allows you to protect your data when the hard drive is moved to another computer. If you have a laptop and it is stolen, the data can be retrieved regardless of the NTFS settings. All the user has to do is put your drive in another machine and reset the permissions. The file encryption field allows you to encrypt files to prevent others from viewing them if this happens. The encryption provided is seamless to the user, when they open a file it is automatically decrypted. The first time a user encrypts a file, a public and private key are created for that user. A File Encryption Key (FEK) is created which is a random number. The FEK is used to compress the data in the file. This FEK is stored in two headers in the file.
CAUTION: If you encrypt files on a data drive then reformat the system drive without saving your encryption keys, you won't be able to access the encrypted files on the data drive anymore.
NOTE: When encryption is turned on you will not be able to access the data using Linux live CD's such as Knoppix.
LAB ACTIVITY - Do the lab on page 279. (10 Minutes)
Sharing Encrypted Files
In Windows 2000 Server only the original user and the data recovery agent can access encrypted files. Windows Server 2003 allows you to share encrypted files with other users by adding their public key to the file. This is done by clicking the Details button on the Advanced Attributes screen. There are some rules about sharing encrypted files.
The CIPHER Command
CIPHER is the command line utility that allows you to encrypt and decrypt files.
LAB ACTIVITY - Do the lab on page 282. (5 Minutes)
Users on a network want to save everything. This can take up a lot of space and quickly consumes disk space on a server. Windows Server 2003 supports disk quotas that allow you to limit how much space users can use on a server. Disk quota's are enabled on a volume and affect all files in that volume, you cannot enable quotas on a single folder. (Unless that folder is a mount point, then you have to enable it through Disk Management.) When you enable disk quotes you set a limit and a warning. At the warning level the user will be notified that they are getting close to their limit. Once a user reaches their limit you can deny them access to write more data.
If a user needs to have more space you can individually set their limit higher. You cannot set quota's at the group level, only to users.
The way Windows Server 2003 keeps track of disk space usage is by using the owner setting on the files. As an administrator you have the ability to take ownership of files and folders. When you do this the quota information will not be accurate. Here is a script that you can use to set the owner information on files and folders in users home folders. This script uses the SubinACL program from Microsoft.
LAB ACTIVITY - Do the lab on page 286. (10 Minutes)
Managing Disk Quota's from the Command Line
FSUTIL allows you to manage quota information from the command prompt. Used in a script you could set the quota limit for all users in an OU.
Distributed File System
Distributed File System (DFS) allows you to group multiple shares in one location.
There are three component to a DFS.
LAB ACTIVITY - Do the lab on page 292. (15 Minutes)
Click Here to download the slides for this chapter