Windows 2003 Server

Chapter 7

Advanced File System Management

Home | Chapters | Homework | Grades | Calendar | Forums | Syllabus

Forum Policy | Assignment Policy | E-Mail Mr Hull | FTP

Main | Chapter 1 | Chapter 2 | Chapter 3 | Chapter 4 | Chapter 5 | Chapter 6 | Chapter 7

Chapter 8 | Chapter 9 | Chapter 10 | Chapter 11 | Chapter 12 | Chapter 13 | Chapter 14


At the end of this chapter you should be able to:

  • Understand configure file and folder attributes

  • Understand and configure advanced file and folder attributes

  • Implement and manage disk quotas

  • Understand and implement the Distributed File System

File and Folder Attributes

Files and folders have supported attributes since DOS.  The four type of attributes that existed in DOS are still available in Windows Server 2003 but more advanced attributes have been added.  An attribute is a property of a file that can be turned on or off.  Right now we will look at the original four attribute types.

  • Read Only - When you turn on the read only attribute the file can only be read.  You can not modify the file.  If you open the file and make changes you will need to save it with a new name.

  • Archive - The archive attribute is used by your backup software to determine if data has been changed since the last backup.  When data is modified the archive attribute will be turned on telling the system that it is ready to be backed up.

  • System - System files are files that are used by the operating system.  If this attribute is turned on with the hidden attribute then the file is super hidden.  When you tell the system to show hidden files it will not show these.

  • Hidden - When turned on the file is hidden from the user.  When you set explorer to view hidden files it shows them with a semi-transparent icon.

You can change the way Windows Explorer displays files by clicking on Tools - Folder Options in an Explorer window.  In the View tab you can set the following.

  • Hidden files and folders - This option has two settings.

    • Do not show hidden files and folders

    • Show hidden files and folders

  • Hide protected operating system files (Recommended) - When on you will not be able to see system files, when off you will be able to see them.

LAB ACTIVITY - Do the lab on page 267. (10 Minutes)


The ATTRIB Command

The command line utility that allows you to modify file and folder attributes is called ATTRIB.  If you type attrib at a command prompt it will show the current settings on all files and folders in the current folder.  Below are some examples of the commands syntex.

  • C:\attrib +A +S +H +R C:\boot.ini  - This command will turn on all the attributes on the boot.ini file

  • C:\attrib -A -S -H -R C:\boot.ini  - This command will turn off all the attributes on the boot.ini file

  • C:\attrib -A -S -H -R *.* - This command will turn off all the attributes on all files and folders in the C:\ drive

LAB ACTIVITY - Do the lab on page 270. (10 Minutes)

Advanced Attributes

Advanced attributes are available in Windows Server 2003 on a NTFS volume.  These attributes are available by clicking the Advanced button on the General tab of a file or folder's property page.  In this page you will find the Archive attribute, and Index attribute.  The indexing attribute determines if a file or folder will have it's contents indexed for faster searching. 

Two other attributes that are located on the advanced attributes screen are Compress and Encrypt attributes.  You can not compress and encrypt a file or folder, you can only do one or the other.


File Compression

You can compress your files and folders to reduce disk space used on the server.  When data is compressed it appears with blue text in Windows Explorer.  When the user opens a compressed file it is automatically uncompressed.  This will save on disk space but it does increase the amount of CPU usage since the file is compressed and uncompressed when it is used.  Below are some rules about compressed files.

Action New Location What Happens *
Copy Same NTFS Volume Settings are inherited from the new folder.
Move Same NTFS Volume Settings are retained.
Copy Another NTFS Volume Settings are inherited from the new folder.
Move Another NTFS Volume Settings are inherited from the new folder.
Copy FAT Volume Compression is lost, not supported on FAT.
Move FAT Volume Compression is lost, not supported on FAT.

* The rules in this table also apply to encryption and NTFS permissions.


LAB ACTIVITY - Do the lab on page 275. (5 Minutes)



The COMPACT command is used to change the compression settings on files and folders from the command line. 

  • C:\compact /c file.txt - Compress file.txt

  • C:\compact /u file.txt - Uncompress file.txt

File Encryption

You can prevent users from getting to your data from the network with share permissions, and you can prevent them from getting it locally with NTFS permissions.  File encryption allows you to protect your data when the hard drive is moved to another computer.  If you have a laptop and it is stolen, the data can be retrieved regardless of the NTFS settings.  All the user has to do is put your drive in another machine and reset the permissions.  The file encryption field allows you to encrypt files to prevent others from viewing them if this happens.  The encryption provided is seamless to the user, when they open a file it is automatically decrypted.  The first time a user encrypts a file, a public and private key are created for that user.  A File Encryption Key (FEK) is created which is a random number.  The FEK is used to compress the data in the file.  This FEK is stored in two headers in the file.

  • Data Decryption Field - This header is encrypted with the users public key using the RSA public key-based encryption algorithm.  This will only allow the user who encrypted it to retrieve the FEK in order to decrypt the data.

  • Data Recovery Field - This header is encrypted with the public key of the data recovery agent.  This will allow the data recovery agent to retrieve data from a user if there account has been deleted.  Once the FEK is decrypted the data can be accessed.

CAUTION: If you encrypt files on a data drive then reformat the system drive without saving your encryption keys, you won't be able to access the encrypted files on the data drive anymore.


NOTE: When encryption is turned on you will not be able to access the data using Linux live CD's such as Knoppix.


LAB ACTIVITY - Do the lab on page 279. (10 Minutes)


Sharing Encrypted Files

In Windows 2000 Server only the original user and the data recovery agent can access encrypted  files.  Windows Server 2003 allows you to share encrypted files with other users by adding their public key to the file.  This is done by clicking the Details button on the Advanced Attributes screen.  There are some rules about sharing encrypted files.

  • You can only share files, so if you want to share all the encrypted files in one folder you have to set it up on each file in the folder.

  • You can only share files with users, not groups.

  • The user must have a public key located on that server.

  • Users must still have NTFS permissions in order to access the files.

The CIPHER Command

CIPHER is the command line utility that allows you to encrypt and decrypt files. 

  • C:\cipher /e file.txt - Encrypts file.txt

  • C:\cipher /d file.txt - Decrypts file.txt

LAB ACTIVITY - Do the lab on page 282. (5 Minutes)

Disk Quotas

Users on a network want to save everything.  This can take up a lot of space and quickly consumes disk space on a server.  Windows Server 2003 supports disk quotas that allow you to limit how much space users can use on a server.  Disk quota's are enabled on a volume and affect all files in that volume, you cannot enable quotas on a single folder. (Unless that folder is a mount point, then you have to enable it through Disk Management.)  When you enable disk quotes you set a limit and a warning.  At the warning level the user will be notified that they are getting close to their limit.  Once a user reaches their limit you can deny them access to write more data.

If a user needs to have more space you can individually set their limit higher.  You cannot set quota's at the group level, only to users.

The way Windows Server 2003 keeps track of disk space usage is by using the owner setting on the files.  As an administrator you have the ability to take ownership of files and folders.  When you do this the quota information will not be accurate.  Here is a script that you can use to set the owner information on files and folders in users home folders.  This script uses the SubinACL program from Microsoft.


LAB ACTIVITY - Do the lab on page 286. (10 Minutes)


Managing Disk Quota's from the Command Line

FSUTIL allows you to manage quota information from the command prompt.  Used in a script you could set the quota limit for all users in an OU.

Distributed File System

Distributed File System (DFS) allows you to group multiple shares in one location.


DFS Models

  • Standalone DFS - The DFS information is store only on one server.

  • Domain-based DFS model - The DFS information is stored with Active Directory.  An example is the SYSVOL folder.

There are three component to a DFS.

  • DFS Root - The root of the DFS shares.  It appears to contain all the shared folders.

  • DFS Links - This is a pointer to the actual share location.

  • Replica Sets - A set of shared folders that is replicated to one or more servers in a domain.

LAB ACTIVITY - Do the lab on page 292. (15 Minutes)

More Information


Click Here to download the slides for this chapter

(NOTE: You must have PowerPoint or PowerPoint Viewer if you don't have  either Click Here to download PowerPoint Viewer.)

Home | Chapters | Homework | Grades | Calendar | Forums | Syllabus

Forum Policy | Assignment Policy | E-Mail Mr Hull | FTP