Docstoc

PowerPoint Presentation - Ron's Homepage

Document Sample
PowerPoint Presentation - Ron's Homepage Powered By Docstoc
					70-290: MCSE Guide to Managing
a Microsoft Windows Server 2003
     Environment, Enhanced

       Chapter 7:
  Advanced File System
     Management
                                 Objectives

• Understand and configure file and folder attributes
• Understand and configure advanced file and folder
  attributes
• Implement and manage disk quotas
• Understand and implement the Distributed File
  System



Guide to MCSE 70-290, Enhanced                          2
         File and Folder Attributes
• Used since MS-DOS operating system
• Attributes describe files, folders, and their
  characteristics
• Applicable utilities include graphical tools and the
  ATTRIB command
• Four standard file and folder attributes
     •   Read-only
     •   Archive
     •   System
     •   hidden

Guide to MCSE 70-290, Enhanced                           3
                                 Read-only
• Designates that the contents of a file cannot be
  changed and file cannot be deleted
• Available in all file systems (FAT, FAT32, NTFS
  partitions and volumes)
      • FAT, FAT32 attributes can be changed by any user
      • NTFS attribute can only be changed by a user with
        appropriate permissions
• Can be configured for a file or folder
      • For folders, attribute pertains to the files it contains, not
        the folder itself


Guide to MCSE 70-290, Enhanced                                      4
             Read-only (continued)




Guide to MCSE 70-290, Enhanced       5
                                 Archive
• Marks which files and folders have been recently
  changed or created
• Recently modified files are marked as ready for
  archiving
• Important for backup
• Backup methods update the status of the archive
  attribute
• Viewing the attribute is done using Windows
  Explorer or command-line utilities (e.g., DIR,
  ATTRIB)
Guide to MCSE 70-290, Enhanced                       6
                                 System
• Originally designed to identify O.S. in MS-DOS
• In Windows Server 2003
     • Used in conjunction with hidden attribute
     • When system and hidden both true, file or folder is
       “super hidden” (not displayed in Windows Explorer
       interface)
     • Treated as “protected operating system files” with
       specific alternate display options
     • Can only be manipulated using ATTRIB command


Guide to MCSE 70-290, Enhanced                               7
                                 Hidden

• Used to make files and folders less visible to users
  from Windows Explorer and command-line
• Default configuration in Windows Server 2003
  displays hidden files as semi-transparent icons
  unless in conjunction with system attribute
• Hidden attribute can be configured from General
  tab of Properties



Guide to MCSE 70-290, Enhanced                       8
                 Hidden (continued)
• Visibility can be configured from View tab of
  Folder Options from Tools in Windows Explorer
    • Show hidden file and folders
       • Hidden files and folders appear in Windows
         Explorer as semi-transparent icons
    • Do not show hidden files and folders
       • Files with set hidden attributes do not appear in
         Windows Explorer
    • Hide protected operating system files
       • All files with both hidden and system attributes set
         are hidden in Windows Explorer when set

Guide to MCSE 70-290, Enhanced                                  9
                Hidden (continued)




Guide to MCSE 70-290, Enhanced       10
     Activity 7-1: Viewing and
    Configuring File and Folder
Attributes Using Windows Explorer
 • Objective: Use Windows Explorer to view and
   configure file and folder attributes
 • Use Windows Explorer to view sets of files and
   folders that are visible by default
 • Reconfigure View settings
 • Observe results of configurations


 Guide to MCSE 70-290, Enhanced                     11
          The ATTRIB Command
• A command-line utility used to view, add or
  remove the four attributes of files and folders
• Only way to configure system attribute
• Supports wildcards (*) allowing multiple files or
  folders to be changed simultaneously
• Syntax
     • View: attrib filename
     • Set: attrib +attribute filename
     • Remove: attrib –attribute filename

Guide to MCSE 70-290, Enhanced                        12
   Activity 7-2: Changing File
  Attributes Using the ATTRIB
            Command
• Objective: View and change file attributes from
  the command line
• Create a new folder and files
• Observe attributes
• Change attributes using ATTRIB
• Observe changes
• Hide protected files
• Observe changes
Guide to MCSE 70-290, Enhanced                      13
               Advanced Attributes
• Advanced attributes found on NTFS partitions or
  volumes
• Archive and Index attributes
     • File is ready for archiving
     • Indexing service
• Compress or Encrypt
     • Compress contents to save disk space
     • Encrypt contents to secure data

Guide to MCSE 70-290, Enhanced                      14
               Advanced Attributes
                  (continued)




Guide to MCSE 70-290, Enhanced       15
                    File Compression
• Reduces amount of disk space needed for files and
  folders
• Automatically uncompressed when the resource is
  accessed
• Compressed resources displayed in different color
  in Windows Explorer (blue by default)
• Moving and copying resources can affect
  compression

Guide to MCSE 70-290, Enhanced                    16
     Activity 7-3: Configuring
    Folder Compression Settings
• Objective: Configure a folder to compress its
  contents
• Create a folder, copy a file into it
• Set the compression attribute on the folder to
  compress itself and its contents
• Note the appearance of the folder and verify
  compression of contents

Guide to MCSE 70-290, Enhanced                     17
          Activity 7-3: (continued)




Guide to MCSE 70-290, Enhanced        18
                            COMPACT
• Used with NTFS file system only
• Command-line utility for configuring the
  compression attribute
• Syntax
     • COMPACT                       (to view)
     • COMPACT switches resourcename (to set attributes)
• Switches
     • /c (to compress resources)
     • /u (to uncompress resources)

Guide to MCSE 70-290, Enhanced                             19
                       File Encryption
• Encrypting File System (EFS) uses public key
  cryptography to encrypt files and folders
• Only on NTFS file systems
• Transparent to user
• Implemented using 2 main types of keys
     • File encryption key (FEK)
        • Session key added to header of encrypted data (data
          decryption field)
     • Public key encrypts DDF

Guide to MCSE 70-290, Enhanced                             20
    File Encryption (continued)
• Main challenge for public key cryptography is
  when users leave organization
• Can rename user account
• Can use data recovery agent
     • FEK also stored in data recovery field (DRF)
     • Encrypted using data recovery agent’s public key
     • Default is administrator, additional recovery agents can
       be designated
• Moving or copying files can affect encryption
• Encrypted files cannot be compressed, vice versa

Guide to MCSE 70-290, Enhanced                                21
   Activity 7-4: Encrypting Files
    Using Windows Explorer
• Objective: Implement and test file encryption
  security using EFS
• Configure encryption on a folder and create a file
  in the folder
• Try to open the folder and file from another user
  account and observe results
• Try to open the folder and file from a domain
  administrator account and observe results
Guide to MCSE 70-290, Enhanced                         22
          Sharing Encrypted Files
• In Windows 2000, only user and data recovery
  agent could access an encrypted file
• In Windows Server 2003, Advanced Attributes
  allows sharing with other specific named users
• Issues:
     •   Only for files, not folders
     •   Can only share with users, not groups
     •   Users must have a certificate on computer
     •   Users must have appropriate NTFS permissions

Guide to MCSE 70-290, Enhanced                          23
          Sharing Encrypted Files
                (continued)




Guide to MCSE 70-290, Enhanced      24
         The CIPHER Command

• Command-line utility for file and folder
  encryption
     • Used by administrator
     • NTFS partitions and volumes only
• Syntax
     • CIPHER                       (to view)
     • CIPHER switches resourcename (to set attributes)



Guide to MCSE 70-290, Enhanced                            25
          The CIPHER Command
               (continued)




Guide to MCSE 70-290, Enhanced   26
          The CIPHER Command
               (continued)
• Switches
     • /e (to encrypt a folder)
     • /d (to decrypt a folder)
     • /a (to apply other switches to a file rather than a folder)
• Cannot encrypt files which have their read-only
  attribute set
• Can use the wildcard character (*)


Guide to MCSE 70-290, Enhanced                                   27
   Activity 7-5: Encrypting Files
    Using the CIPHER Utility
• Objective: To encrypt and decrypt files using
  CIPHER
• Create a new folder and files
• Encrypt a single file and observe the results
• Encrypt files using the wildcard character and
  observe results


Guide to MCSE 70-290, Enhanced                     28
                          Disk Quotas
• Disk quotas used to monitor and control user disk
  space
• Advantages
      •   Prevents users from consuming all disk space
      •   Encourages users to delete old files
      •   Allows monitoring for planning purposes
      •   Allows monitoring of individual users
• Disabled by default
• Implemented only on NTFS volumes
• Configured from Properties of a volume
Guide to MCSE 70-290, Enhanced                           29
          Disk Quotas (continued)




Guide to MCSE 70-290, Enhanced      30
          Disk Quotas (continued)




Guide to MCSE 70-290, Enhanced      31
          Disk Quotas (continued)




Guide to MCSE 70-290, Enhanced      32
    Activity 7-6: Configuring and
       Managing Disk Quotas

•   Objective: Enable and manage disk quota settings
•   Enable quota management
•   Configure “soft” disk quota settings
•   Observe results
•   Set up a warning situation and observe results



Guide to MCSE 70-290, Enhanced                     33
    Managing Disk Quotas from
       the Command Line
• FSUTIL QUOTA command-line utility can be
  used to manage disk quotas
     • Can enable/disable, modify, display, track, report
     • Example (to enable disk quotas on drive E)
        • fsutil quota enforce e:
     • Events written to System log (displayed in Event
       Viewer) every hour by default
        • fsutil behavior command can change the interval
• Help available for fsutil quota and fsutil behavior
  commands in Help and Support Center
Guide to MCSE 70-290, Enhanced                              34
  Managing Disk Quotas from
 the Command Line (continued)




Guide to MCSE 70-290, Enhanced   35
          Distributed File System
• Makes it appear that multiple shared-file resources
  are stored in a single hierarchical structure
• Users do not have to know which server a shared
  folder resides on
• Configured using the Distributed File System
  console in Administrative Tools menu
• Tree structure (root and DFS links)



Guide to MCSE 70-290, Enhanced                      36
Distributed File System (continued)




Guide to MCSE 70-290, Enhanced   37
                           DFS Models
• Two models:
     • Standalone DFS model (more limited capabilities)
     • Domain-based DFS model




Guide to MCSE 70-290, Enhanced                            38
         DFS Models (continued)
• Hierarchical structure is called DFS topology or
  logical structure, three elements to structure
     • The DFS root
        • Main container on host server
     • The DFS links
        • Pointers to physical location of shared folders
     • Servers on which the DFS shared folders are replicated
       as replica sets
        • Replica set is set of shared folders that is replicated
           across multiple servers

Guide to MCSE 70-290, Enhanced                                  39
        Activity 7-7: Implementing
         Domain-Based DFS and
              Creating Links
• Objective: to create a new domain-based DFS root
  and add DFS links
• Use New Root Wizard from Distributed File
  System utility to set up a root
• Add links to other folders
• Verify DFS structure


Guide to MCSE 70-290, Enhanced                   40
                       Managing DFS
• Tasks involved in managing DFS system
     •   Deleting a DFS root
     •   Removing a DFS link
     •   Adding root and link replica sets
     •   Checking the status of a root or link
• Replication capability provides fault tolerance and
  load balancing
• DFS replication options and topologies managed
  from Configure Replication wizard

Guide to MCSE 70-290, Enhanced                      41
      Managing DFS (continued)
• DFS element status is indicated with colored icons




Guide to MCSE 70-290, Enhanced                     42
                                 Summary
• File and folder attributes are:
     • Read-only (can a resource be modified or deleted)
     • Archive (has a resource recently been changed)
     • System (does resource have specific display
       requirements, especially in conjunction with Hidden)
     • Hidden (should the resource appear normally in
       Windows Explorer)
• File and folder attributes can be set through
  graphical tools or the ATTRIB command-line
  utility

Guide to MCSE 70-290, Enhanced                                43
               Summary (continued)
• Advanced attributes on NTFS partitions or
  volumes include:
     •   Archiving (specifies whether to back up file)
     •   Indexing (makes resource searchable)
     •   Compression (saves disk space)
     •   Encryption (makes resources accessible only to those
         holding keys)
• Command-line utilities for advanced attributes
  include:
     • COMPACT
     • CIPHER
Guide to MCSE 70-290, Enhanced                                  44
              Summary (continued)
• Disk quotas allow management of disk space
  usage by individual users
     • Managed from the Properties of a volume or using the
       FSUTIL command-line utility
• Distributed File System allows management of
  shared-file resources
     • Appear as a single hierarchical structure
     • Can be physically located on different servers
     • 2 DFS models: standalone and domain-based

Guide to MCSE 70-290, Enhanced                                45

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:22
posted:4/21/2011
language:English
pages:45