Managing Files

File Security
Encrypting File System NTFS provides excellent protection for files and folders as long as Windows is running. However,an attacker who has physical access to a computer can start the computer from a differentoperating system (or simply reinstall Windows) or remove the hard disk and connect it to adifferent computer. Any of these very simple techniques would completely bypass NTFS security,granting the attacker full access to files and folders. EFS protects files and folders by encrypting them on the disk. If an attacker bypasses the operatingsystem to open a file, the file appears to be random, meaningless bytes. Windows controlsaccess to the decryption key and provides it only to authorized users.

Note:The EFS uses a certificate to store your encryption detail. It is important to backup your certificate in an external drive in case your current PC crashes and you lose the certificate. Once you lose the certificate, you won¶t be able to open the encrypted files anymore. For the example, we are going to use a folder with the name ³ Important Files ³. Right click the folder and select Properties:

Click Advanced

Select Encrypts contents to secure data and select OK

Note that a folder may be compressed or encrypted, but not both. You can either just apply the attribute to a folder or apply it to all subfolders and files as well.
y

y

Apply changes to this folder, subfolders and files - Choose this to encrypt the folder so that everything inside this folder is encrypted, and this includes files and folders that are later moved to or created inside this folder. Apply changes to this folder only - Choose this to encrypt only the folder s o that all files/folders subsequently moved or created in this folder will be encrypted. Existing files and folders are not encrypted.

Choose one radio button and then click OK.

If you encrypt a folder, Windows automatically encrypts all new files in t he folder. Windows Explorer shows encrypted files in green.

Backing up your encryption certificate Windows store all the encryption detail in a certificate. This certificate acts like a key to your safe. If you lose your certificate (the key to safe), you won¶t be able to access your files anymore. That¶s why you need a backup file. Go to the Start menu. U sing the search function, type manage encryption . Select Manage file encryption certificates

A window appears. It shows information about wha t you can do with the utility. Press Next

Select the certificate you want to backup. In this case, there is only one

Select the location to backup your certificate and enter a password to protect the file. It is very important that you copy this file to other device, and of course that you remember the password

Now, the program allows you to associate this certificate to previously encrypted fil es. In this case, as we are creating a backup copy, just press Next

The utility will show a message with information, just press Close. Done!

Share Files Protected with EFS
To share an EFS -protected file 1. Open the Properties dialog box for an encrypted file. 2. In the General tab, click Advanced. The Advanced Attributes dialog box appears. You may share an encrypted file with additional users after you have encrypted the file. You can only do this on a per file basis. EFS file sharing allows o ther users you designate with the ability to decrypt and encrypt your original encrypted file. These users may also move, copy, or delete the encrypted file if they have such file permissions. A user may be added by selecting the new Details...Button.

You will be presented with a window showing who has EFS access to this file.

Click the Add... button to add more users. You may add other users (not groups) from the local machine or from the Active Directory, provided the user has a valid EFS certifica te. Users without a valid EFS certificate will not be shown. A valid EFS certificate is automatically created whenever a user encrypts a file, and the user can simply encrypt a file to have one created automatically. Select a user you want to add. If the user is in active directory, you can find the user via the Find User... button. Click OK to return and view the user has been added to the EFS file share list. Click OK again (3 times) and you are done.

How to Configure EFS Using Group Policy Settings Users can selectively enable EFS on their own files and folders. However, most users are notaware of the need for encryption and will never enable EFS on their own. Rather than relyingon users to configure their own data security, you should use Group Pol icy settings to ensurethat domain member computers are configured to meet your organization¶s security needs. Within the Group Policy Management Editor, you can configure EFS settings by right -clicking Computer Configuration \Policies\Windows Settings \Security Settings\Public Key Policies \Encrypting File System node and then choosing Properties to open the Encrypting File System Properties dialog box

Data Recovery Agent An encrypted file is inaccessible to anyone who lacks the decryption key, including system administrators and, if they lose their original key, users who encrypted the files. To enable recovery of encrypted files, EFS supports DRAs. DRAs can decrypt encrypted files. In enterpriseActive Directory environments, you can use Group Policy set tings to configure one ormore user accounts as DRAs for your entire organization. To configure an enterprise DRA 1. Configure an enterprise CA. For example, you can install the Windows Server 2008 Active Directory Certificate Services server role. 2.Create a dedicated user account to act as the DRA. Although you could use an existing user account, the DRA has the ability to access any encrypted file ²an almost unlimited power that must be carefully controlled in most organizations. Log on using the DRAacc ount. IMPORTANT Avoid giving one person too much power For the DRA user account, or any highly privileged account, have two people type half the account¶s password. Then have each user write down half of the password and give the passwordhalves to differe nt managers to protect. This requires at least two people to work together to access the DRA account ²a security concept called collusion . Collusion greatly reduces the risk of malicious use by requiring attackers to trust each other and work together. 3. Open the Group Policy Object in the Group Policy Management Editor. 4.Right-click Computer Configuration \Policies\Windows Settings \Security Settings\Public Key Policies\Encrypting File System, and then choose Create Data Recovery Agent. The Group Policy Ma nagement Editor creates a file recovery certificate for the DRA account.

Installing the File Services Server Role
Windows Server 2008 can share folders without adding any server roles. However, adding theFile Services server role adds useful management tools along with the ability to participate inDFS namespaces, configure quotas, generate storage reports, and other capabilities. To install the File Services server role

Choose Start > Administrative Tools > Server Manager

Choose Roles > Add Roles This will start the Add Roles Wizard. Click Next

On the Server Roles page check File Services then press Next

On the Select Role Services page, select from the following roles: File Server Although not required to share files, adding this core role service allows you to use the Share and Storage Management snap -in. Distributed File System Enables sharing files using the DFS namespace and replicatingfiles between DFS servers. If you select this role service, the wizard willprompt you to configure a namespace. File Server Resources Manager Installs tools for generating storage reports, configuring quotas, and defining file screening policies. If you select this role service, thewizard will prompt you to enable storage monitoring on the lo cal disks. Services for Network File System Provides connectivity for UNIX client computersthat use Network File System (NFS) for file sharing. Note that most modernUNIX operating systems can connect to standard Windows file shares, so this serviceis typi cally not required. Windows Search Service Indexes files for faster searching when clients connect toshared folders. This role service is not intended for enterprise use. If you select thisrole service, the wizard will prompt you to enable indexing on the local disks. Windows Server 2003 File Services Provides services compatible with computersrunning Windows Server 2003

To manage quotas Check the File Server Resource Manager box and click Next. You will then select the NTFS volumes you want to monitor:

Click on Options to see additional options for reports

The screen above shows the standard configuration for a volume, along with the reports that are generated when that threshold is reached. Select the reports you want, click ³OK´ to c lose that window, then click ³Next¶ to continue. This last window before the confirmation lets you specify the folder where the reports are saved and also the e -mail reporting details

Click Next, review the confirmation and click Install to finish the wizard. Keep in mind that you can decide not to add any volumes during this install phase and add them later, after FSRM is already installed.

The new Quota Management tool in File Server Resource Manager (FSRM) allows administrators to monitor and manage hard disk space per volume, folder, or share . By using File Server Resource Manager, administrators can place quotas on folders and volumes, actively screen files, and generate comprehensive storage reports.

Using Quotas When multiple u sers share a disk, whether locally or across the network, the disk will quickly become filled usually because one or two users consume far more disk space than the rest. Disk quotas make it easy to monitor users who consume more than a specified amount of diskspace. Additionally, you can enforce quotas to prevent users from consuming more disk space(although this can cause applications to fail and is not typically recommended). With Windows Server 2008 you should use the Quota Management console to configur e diskquotas. You can also configure quotas using the DirQuota command -line tool. Additionally,you can configure disk quotas by using Group Policy settings or by using Windows Explorer. Disk quotas are a simple way to limit and control the amount of disk space your users take up with their data. Quotas monitor and limit a user¶s disk space on a per -partition or per-volume basis; quotas do not stretch across multiple disks. Disk quotas are per -volume. That is, you can enable quotas only at the volume level, not the folder level. Disk quotas are per -user. In other words, quotas are based on who owns files, not on which folder they are stored in as long as the folders are on the same volume.

Configuring Disk Quotas Using the Quota Management Console After installing the File Server Resource Manager role service, you can manage disk quotas using the Quota Management console. In Server Manager, you can access the snap -in at Roles\File Services\Share And Storage Management \File Server Resource Manager\Quota Management. The Quota Management console provides more flexible control over quotas andmakes it easier to notify users or administrators that a user has exceeded a quota threshold orto run an executable file that automatically clears up disk space. On File Server Resource Manager Page, expand Quota Management > Quotas , click Create Quota«

On Create Quota Page, click on Browse, on Browse for Folder Page To Create a Quota on a public folder expand to New > Public, click OK To create a Quota for private folder > Browse to New > Private

On Create Quota Page, Under Derive Properties from this quota template (recommended) Choose from the following standard templates: 100 MB Limit Defines a hard quota (a quota that prevents the user fr om creating morefiles) of 100 MB per user, with e -mail warnings sent to the user at 85 and 95percent. At 100 percent of the quota, this template sends an e -mail to the user and toadministrators. 200 MB Limit ReportsTo User Defines a hard quota of 200 MB per user, with e -mail warnings sent to the user at 85 and 95 percent. At 100 percent of the quota, thistemplate sends an e-mail to the user and to administrators and sends a report to the user. 200 MB Limit With 50 MB Extension Defines a 200 MB quota. When the 200MB quotais reached, the computer sends an e -mail to the user and administrators and then appliesthe 250 MB Extended Limit quota to grant the user additional capacity. 250 MB Extended Limit Primarily used with the previous quota template to provide theuser an additional 50 MB of capacity. This template prevents the user from exceeding 250 MB. Monitor 200 GB Volume Usage Provides e -mail notifications when utilization reaches 70, 80, 90 and 100 percent of the 200 GB soft quota. Monitor 500 MB Share Provides e-mail notifications whe n utilization reaches 80 , 100 and 120 percent of the 500 MB soft quota.

Quotas are always placed on a folder. You have the choice of basing your Quota on a template or defining a custom one.

The power of Quota Templates becomes much more obvi ous when you use the option to Auto apply template while creating a Quota:

This option requires that you select a template (not a custom Quota). A Quota is created based on that template for all folders under the specified path. Every time you add another subfolder to that folder, the template is automatically used to create another Quota for it. This allows you much simpler configuration for certain folder structures like web sites, project folders, etc.

To create your own quota templates 1. Right-click Quota Templates in the Quota Management console, and then choose CreateQuota Template. 2. Click on the Create Quota« then click on Custom Properties

In addition to specifying the space limit (hard or soft), you can also create different thresholds, with different actions. The sample above sends e -mail alerts at 85%/95%/100% and logs events at 95%/100%. If you click on the ³Add«´ button, you can see the configuration options for each threshold. You can even choose to execute a command when a threshold is reached, which is shown on the screen below. If you are skil led with scripting, you can use this ability to perform a number of sophisticated tasks. E-mail Message Sends an e-mail notification to administrators or to the user. You can define the [Admin Email] variable and other e -mail settings by right -clicking File Server Resource Manager and then choosing Configure Options. Event Log Logs an event to the event log, which is useful if you have management tools that process events. Command Runs a command or a script when a threshold is reached. You can use thisto ru n a script that automatically compresses files, removes temporary files, or allocatesmore disk space for the user. Report Generates a report that you can e -mail to administrators or the user. You can choose from a number of reports.

File system quotas, which were first introduced in Windows Server 2003 R2, and are a part of the File Server role in Windows Server 2008 (and Windows Server 2008 R2), offer many benefits over disk quotas. With file system quotas we can set quotas for specific folders on the volume, we can use templates to ensure consistent application of quotas, and we can set quotas which are automatically applied to all sub -folders of a folder. Additionally, file system quotas are useful not just for limiting the amount of space use rs can consume, but also for reporting on space used ± quotas can be set with so -called ³soft´ limits which are used for monitoring rather than enforcing limits. This functionality can be extremely useful for quickly determining which users or folders are consuming large amounts of disk space on a file server. Viewing Quotas Administrators can view hard and soft quotas using FSRM, and viewing quotas this way can be a quick method for finding large folders or large consumers of space.

File Screening Management File Screening helps you restrict and/or monitor which file extensions can be used on your file server. FSRM can provide both active screening (block file with certain extensions) or passive screening (monitor file extensions without blocking). Create, manage, and obtain information about file screens, which are used to block selected file types from a volume or folder. When users attempt to save unauthorized files, send an e -mail to the administrators or generate similar notifications. Create file screen exceptions to override certain file screening rules.

Create and manage file screen templates to simplify file screening management. Create and manage file groups. When used with file screens and file screen exceptions, file groups determine w hich files will be blocked and which will be allowed. The basic idea behind file screens is that you can prevent certain types of files from being stored in certain locations if your server runs out of disk space unexpectedly because one of the users uploaded their music collection to a network drive. File screens can prevent this problem, because they can be used to ensure that users are not allowed to store music files in the folder.

You can see the existing File Screens in the ³File Screens´ node under File Screening Management. None are defined by default. To add a File Screen, click on the Create File Screen« (on the Actions pane on the right)

As with Quotas, FSRM supplies some pr edefined File Screen Templates. You can also opt to define your own File Screening properties, click on Custom Properties

The basic properties include the path to monitor, the type of monitoring (active or passive), the file groups to block/monitor and the specific actions to take (e -mail, event log, command or report). You will probably want to use a template to define your File Screening. Below is the list of pre-defined templates included with FSRM:

You can also create your own File Screening Templates, just like with Quota Templates. FSRM includes a list of pre -defined File Groups, but also gives you the option of defi ning your own file types.

Storage Reports Management One important feature of FSRM is the ability to provide many reports associated with File Server Management to make your life simpler when managing your file server. Those reports include Files by Group, Files by Owner, Large Files, Most Recently Accessed Files and Duplicate Files, just to mention a few (see screen below). Reports can be generated manually, on a scheduled or triggered by a Quota or File Screen. They can also be generated in differe nt formats (see options on the screen below) and are delivered to a folder defined when you installed the role service.

Below you see a number of those manually generated reports using the HTML format:

The Files by Owner report

Configuring Disk Quotas Using Windows Explorer Although you should always use the Quota Management console to configure quotas in WindowsServer 2008, the operating system continues to support quota management using WindowsExplorer, using the same interface as earlier versions of Windows. Open My Computer and right click the disk you want to view the disk quota usage. Choose Properties.

Select the Limit Disk Space To option. Specify the limit and warning levels. Windowsdoes not notify users if they exceed either threshold. In fact, if you choose not to enforcequota limits, the only difference between the two thresholds is the event ID that is addedto the System event log. To add an event for the warning or limit levels, select the Log Event When A UserExceeds Their Quota Limit check box or the Log Event When A User Exceeds TheirWarning Level check box.

In Quota tab of Properties window, click Quota Entries« to view disk quota usage.

Right click the user and choose Properties to view the details of limit settings.

Then you can see the Quota settings for this user.

Configuring Disk Quotas Using Group Policy You can also configure simple disk quotas using Group Policy settings. In the Group Policy Management Editor, select Computer Configuration\Policies\Administrative Templates \ System\Disk Quotas node

Enable Disk Quotas You must enable this policy to use disk quotas. Enforce Disk Quota Limit Equivalent to selecting the Deny Disk Space to Users ExceedingQuota Limit check box when configuring local disk quotas. Default Quota Limitand Warning Level Defines the quota limit and warning levels,exactly as you can when configuring disk quotas using Windows Explorer. Log Event When Quota Limit Exceed ed Equivalent to selecting the Log Event When A User Exceeds Their Quota Limit check box in Windows Explorer. Log Event When Quota Warning Level Exceeded Equivalent to selecting the Log Event When A User Exceeds Their Warning Level check box in Windows Explorer. Apply Policy to Removable Media Defines whether quotas are applied to removablemedia. Typically, this policy should be disabled.

DFS
Large organizations often have dozens, or even hundreds, of file servers. This can make it verydifficult for users to remember which file server specific files are stored on. DFS provides a single namespace that allows users to connect to any shared folder in your organization. With DFS, all shared folders can be accessible using a single network drive letterin Windows Explorer. For example, if your Active Directory domain is contoso.com, you could create the DFS namespace \\contoso.com\dfs. Then, you could create the folder \\contoso.com\dfs\marketing and map it to shared folders (known as targets ) at both \\server1\marketing and \\server2\marketing.

Besides providing a single namespace to make it easier for users to find files, DFS can provideredundancy for shared files using replication. Replication also allows you to host a sharedfolder on multiple serv ers and have client computers automatically connect to the closestavailable server.

Installing DFS
You can install DFS when adding the File Services server role using the Add Roles Wizard, oryou can add the role service later using Server Manager by right-clicking Roles\File Servicesand then choosing Add Role Services.

In Select Service Roles you can click on Distributed File System and it should also place a check next to DFS Namespaces &DFS Replication; after this click Next. NOTE: At the bottom you will see Windows Server 2003 File Services and File Replication Service. You would only choose this if you were going to be synchronizing the 2008 server with old servers using the FRS service.

On the Create a DFS Namespace screen you can choose to create a namespace now or later.

Choose Create a namespace later using the DFS Management snap -in in Server Manager and then click Next. The next screen allows you to confirm your installation selections, so review and then click Install.

In Server Manager you should now see File Services and under the Role Services you will see the installed components: Distributed File System DFS Namespaces DFS Replication

The Namespace Name and Settings page from using either the DFS install or by selecting New Namespace« from the DFS Management snap -in.

The Namespace Server page . Type the name of the server that will host the namespace. You can add servers later to ho st the namespace for redundancy Enter the name of the namespace server and click Next

E t

t

ft

li

t

S l

tt t

t i

f l t,

li . t i l

t.

it¶ t t A ti

i i t t i t. i

it

This name acts as the share name when users access the DFS namespace ²for example, \\domain_name \namespace_name . Click the Edit Settings button to configure the permissions for thenamespace. Click Next.

Give Domain Admins or fileserveradmins Full Control on the share and Domain Users Change permissions. Click OK when done adding the needed groups On the review screen, click C reate and then Close when it¶s done. You will end up with a brand new namespace with no folders:

Adding Folders to the DFS Namespace After you create the namespace, you will add folders to it, specifying the associated folder target. This means pointing to the actual file shares, making each one appear to users as a folder under the namespace. Before you do that, you want to think long and hard about the folder structure you¶re creating. A basic goal of DFS is to create a stable infrastructure that will not constantly change on your users. To start, click on the ³New Folder«´ action on the panel on the right. In the example below, I will enter the name of the folder which as ³Finance´. I will also enter one associated folder target, which will be ³ \\JOSEBDA-N2\FinanceDocs´ (this share was configured beforehand). Here are the results right before I click ³OK´ to create the new folder:

Here¶s the end result in the ³DFS Management´ window:

I could also have folders with no targets (just to create a hierarchy in the namespace) or folders with multiple folder targets. Multiple Targets It¶s useful to have multiple copies of the same data stored in different file servers. One reason for that is fault -tolerance (if one server is unavailable, you can still access the other one). The other reason is to choose the copy of the data that is closer to you. If you¶re in a branch office and you want to acc ess a very large file, you would rather get a copy from a server in that branch. It¶s actually quite simple to add more folder targets to an existing folder or create the folder with multiple targets initially. All you have to do is make sure that you prov ide the multiple targets for the same folder in that namespace when you configure it.

If you¶re using domain -based DFS, the clients will be directed to the target that is closest to them. If there is no target nearby, the clients will be pointed to a re mote one. This is similar to what happens when clients are looking for a domain controller. DFS uses the site information in Active Directory to determine which server works best. A Dfs topology consists of a Dfs root, one or more Dfs links, and one or mor e Dfs shared folders (also known as replicas), to which each Dfs link points.

In our example the referral status for both link targets is Enabled. This means DFS can refer resource requests to either target. Therefore, if one of the file servers had to be taken offline for maintenance, referrals for that server could be disabled and DFS would stop sending requests to the server until referrals were re -enabled. After creating a namespace, you can adjust settings by right -clicking it and then choosing Properties. The Properties dialog box for the namespace has three tabs:

General Allows you to type a description for the namespace. Referrals When a client accesses the root of a namespace or a folder with targets, the client receives a referral from the domain controller. Clients always attempt to access thefirst target computer in the referral list and, if the first target computer does not respond,access computers farther down the list. This tab gives you control over how multiple targetsin a referral list are ordered. Select Random Order from the Ordering Method dropdownlist to distribute referrals evenly among all targets (with targets in the same sitelisted first). Select Lowest Cost to direct clients to the closest target computer first using site link costs (which you can define using the Active Directory Sites And Services console). Select Exclude Targets Outsid e Of the Client¶s Site. If you would rather have clients fail instead of accessing a target in a different Active Directory site. Advanced Choose from two polling configurations: Optimize for Consistency or Optimize for Scalability. Optimize for Consistency configures namespace servers to querythe primary domain controller (PDC) each time the namespace changes, which reducesthe tim e it takes for changes to the namespace to be visible to users. Optimize for Scalabilityreduces the number of queries (thus improving performance and reducing utilizationof your PDC)

Offline Files
Mobile users might need access to shared folders even when they¶re disconnected from yourinternal network. Offline Files makes this possible by allowing client computers to automaticallycache a copy of files on shared folders and by providing transparent access to the fileswhen the user is disconnected from t he network. The next time the user connects to the network,Offline Files synchronizes any updates and prompts the user to manually resolve anyconflicts. To configure Offline Files caching for a shared folder 1. In Server Manager, select Roles \File Services\Share And Storage Management. 2. In the details pane, right -click the share you want to configure, and then choose Properties. 3.In the Sharing tab, click Advanced.

In the Advanced , click the Caching tab s elect oneof the three o ptions, and click OK twice

Only the files and programs that users specify a re available offline Users mustmanually select the files they want to access while offline. This option works wellwhen users understand how to use Offline Files. BranchCache improves the branch off ice experience by caching commonly used files locally, either on a Windows Server 2008 R2 server or user workstations, rather than forcing users to access files via centrally located network shares It acts like a proxy in that it works only when requested by a client user. The typical user scenario where BranchCache will be useful is where a branch office has a slow link back to the central office. No files or programs from the share are available offline Prevents users from accessing Offline Files. This option is the best choice for confidential documentsthat should not be stored on mobile computers. All files and programs that users open from the share are automatically available offline Files that users access while connected to th e network are automaticallycached for a limited amount of time. This option works well when users do notunderstand how to use Offline Files.

Backing Up and Restoring Files
With previous versions of Windows, administrators needed to rely on non-Microsoft software to back up servers. With Windows Server 2008, the operating system has useful backup capabilitiesbuilt in.

Shadow Copies

Shadow copies allow backup software to access files that are in use. If backup software (includingWindows Server Backup and non -Microsoft applications) needs to access a file that¶s inuse by a different application, Volume Shadow Copy creates a shadow copy of the file in its currentstate and then gives the backup process access to the shadow copy. This allows the applicationthat¶s using the file to make updates without affecting the backup. If an application updates a file after a shadow copy is made, Windows must store both the originaland changed portion of the file. Because shadow copies store only changes to files, the storage requirements are significantly less than the full size of files being accessed.

Managing Shadow Copies from Windows Explorer
1. Run Computer Management from Administrative Tools > Computer Management In Windows Explorer, right-click a volume, and then choose Configure Shadow Copies. The Shadow Copies dialog box appears.

Select the volume for which the shared folders is to be enabled. Click the Enable button.

A shadow copy will be created immediately by default and it will be display ed in the Shadow copies of selected volume section. You can disable the feature by clicking the Disable button.

Click the Settings button. This will open the Settings dialog box

In the Settings dialog box, provide the size limit for the shadow copies. Click the Schedule button. This will open a window with the Schedule tab.

In the tab, users can create a new schedule, delete an existing schedule.

Click the OK button

Windows Server Backup
Windows Server Backup copies an entire disk volume (for example, the volume Windows is installed on) to a .vhd file on a second local disk. After performing a backup, you can restore individual files or an entire volume. If Windows cannot start (for example, if the system volumehas failed), you can start the computer from the Windows installation media, restore thesystem volume from the backu p, and have the OS up and running in less thanan hour.

To install the Windows Server Backup Features
Click on Start and then click on Server Manager

Right click the Features Node and then choose Add Feature

Scroll down on the features list and click to add Windows Backup Features. Select eitherthe Windows Server Backup check box (for graphical tools) or the Command LineTools check box (to script backups), or both check boxes.

Install and Close Additional Features Wizard and Server Manager

To open the Backup utility Click Start and in the search box type Backup and click on the Windows Backup result

Click On Actions and then Backup Once

If you are creating the first backup of the domain controller, click Next to select Different options.

Choose Custom and Click Next

Choose the C: drive and also Enable System Recovery

Choose Local Drives for Destination type, you could also use a network drive location to backup your files to

Choose Physical Drive E: as the destination for backup, in our example, click Next

If you are backing up to a remote shared folder, on the Specify remote folder page, type the path to the shared folder, select Do not inherit under the Access Control section, click Next.

Choose the default of specifying the advanced option, this lets you choose VSS copy backup, if you have other backup prod ucts installed on your computer, it will not interfere with them.

Click Backup on the Confirmation Prompt

Backup will now proceed, it will take some time, depending upon how many applications, roles, features and data you have on your server to be backed up. Click Close on the Backup Completed Screen

Your Backed up files are present at the destination location, along with the Backup Catalogue and Media id information

Windows creates a WindowsImageBackup folder in the root of the backu p media. Inside that folder, it creates a folder with the current computer¶s name. It then creates a Catalogfolder containing the GlobalCatalog and BackupGlobalCatalog files and a ³Backup <year>-<month>-<date><time> ´ folder containing the .vhd disk image f ile.

MORE INFO Installing VHDMount Microsoft Virtual Server 2005 R2 SP1 includes VHDMount, a command -line tool for mounting .vhdfiles so that you can browse their contents. This is an excellent way to extract files from a WindowsServer backup.

Scheduling Backups Scheduling backups requires a dedicated local disk. You cannot use the Backup Schedule Wizardto back up to a disk that will be used by other applications, and you cannot back up to ashared folder on the network. After running the Backup Schedule Wizard, the backup targetdisk will not be visible in Windows Explorer. Open the Windows Server Backup console from the Administrative Tools and select Backup Schedule from Action Panel.

On the Getting Started page of the Backup Schedule Wizard, click Next. Select Custom on Backup Configuration Page and Press Next

Select C: (default) and D: on Backup Items

Specify the Time on when you want to Run the backups

Select Backup Destination: and press Next. It will show warning, press Yes to continue.

Press Next on Label Destination Disk

On the Confirmation page, review your selections, and click Finish

Recovering Individual Files You can restore individual files from a backup or a recent shadow copy In Windows Explo rer, right-click a file to restore, then choose Restore PreviousVersions. The properties dialog box appears with the Previous Versions tab selected.

Select the version you want to restore, and then click Restore.

Recovering Files or Volumes
To recover a server from a backup Click Start, choose Administrative Tools, and then choose Windows Server Backup. The Windows Server Backup console appears . In the Actions pane, click Recover.

The Recovery Wizard is launched. On the Getting started page you are asked to decide where the backup files are located make a selection then click Next

On the Select Backup Date page, choose the backup date from which to recover. Click Next

On the Select Recovery Type page, choose one of the following three options, and then click Next Files and folders Browse files that have been backed up and select specific files,folders, or both to be recovered. Applications This option allows you to selectively restore applicationdata. Volumes Allows you to restore an entire volume. However, you cannot use this to restore the operating system volume. If Files and folders was selected

If Applications was selected

Choose the Application You can confirm the details by clicking on View Details. This will show you the files that will be restored Choose the option to Recover to original location and click Next

If Volumes was selected

On the Confirmation page, click Recover. On the Recovery Progress page, click Close. Recovering from a Backup When Windows Will Not Start If Windows cannot start or if you need to recover the entire system volume from a backup, youcan start the computer from th e Windows Server 2008 DVD and use the Windows CompletePC Restore Wizard to recover the operating system. 1. Start the computer by using the Windows Server 2008 DVD 2. On the first screen Click Next.

Select the Repair your computer option in the lower -left corner of screen.

It will show you any currently installed operating systems. Click Next

If this screen is blank you may have to load a third -party driver for your mass storage driver. You can click Load Drivers to load th e mass storage driver from your USB flash drive.

Click Windows Complete PC Restore .

It will report A valid backup location could not be found . Click cancel.

Select Restore a different backup then Next.

Click Advanced

If the network adapter driver is included with Windows Server 2008 you can click ³Search for a backup on the network. If the network adapter driver is not included you have to click ³install a driver´ and browse to your driver to load it.

Click Yes to the ³Are you sure you want to connect to the network´ and then specify the path of your backup. You can use IP address instead to eliminate any netbios/dns issues.

Select the location of the backup and then click Next.

Select the backup then Next.

You are presented with the restore options.

The exclude disks option enables you to exclude disks from the restore process. The advanced button has the following options.

Click Finish to confirm the settings.

Click Finish to confirm the settings.

The computer will restart automatically or you can delay it

Exam Questions You are an enterprise administrator for Certk iller. The corporate network of Certkiller consists of a single Active Directory domain called Certkiller . com. The domain consists of a file server that runs Windows Server 2008. A network users of the company started restoring a critical large file by using the Previous Versions tab. The users wanted to view the progress of the file restoration. Which of the following options would you choose to view the progress of the file restoration? A. Click on Sessions under the Shared Folders node in the Computer Management. B. Click on Open Files under the Shared Folders node in the Computer Management C. Run vssadmin.exe query reverts on the command prompt. D. Run shadow.exe /v on the command prompt. E. None of the above Answer C

To view the progress of the file restoration, you need to run vssadmin.exe query reverts from the command prompt. The Windows Server 2003 Volume Shadow Copy Service can also be administered from the command line by using the VSSAdmin tool that is included with Windows Server 2003. This tool replicates the features of the Shadow Copies tab of the volume Properties screen and can be called from batch files and scripts. VSSAdmin does not follow the typical "Command /switch" form, but instead uses a list of fixed commands to guide its function. Query Reverts queries the status of in -progress revert operations.

Question You are an enterprise administrator for Certkiller . The corporate network of the company consists of a single Active Directory domain. All the servers in the domain run Windows Server 2008. A member server Called Certkiller Server1 has a SaleRecords folder created on it on the D: drive. The D:\ SaleRecords folder is corrupted. The most recent backup version is 01/28/2008 -09:00. Which of the following options would you choose to restore all the files in the D:\SaleRecords folder back to the most recent backu p version, without affecting other folders on the server? A. Run the Wbadmin start recovery -version: 01/28/2008 -09:00-itemType:File -items:d:\SaleRecords -overwrite -recursive -quiet command. B. Run the Wbadmin start recovery -backuptarget:D: -version: 01/28/2008 -09:00-overwrite -quiet command. C. Run the Recover d: \ SaleRecords command. D. Run the Wbadmin restore catalog -backuptarget:D: -version: 01/28/2008 -09:00-quiet command. Answer A Explanation: To restore all the files in the D: \ SaleRecords folder back to the most recent backup version without affecting other folders on the server, you need to run the Wbadmin start recovery -version:10/29/2007 -09:00 -itemType:File -items:d:\ SaleRecords-overwrite -recursive -quiet command. Wbadmin start recover y runs a recovery based on the parameters that are specified. In the above query, the -version 10/29/2007 -09:00 specifies the version identifier of the backup to recover, -itemtype:File specifies type of items to recover. In this case it is the file that n eeds to be recovered. The -items:d:\SaleRecords specifies that d: \SaleRecords folder needs to be recovered. -Overwrite causes Windows Server Backup to overwrite the existing file with the file from the backup. -recursive will only recover files which resid e directly under the specified folder. And -quiet runs the subcommand with no prompts to the user.

Question As an administrator at Certkiller .com, you install a member server named ebms1 that has Windows Server 2008 as its primary operating system. The Terminal Services role is installed on the ebms1. The Terminal Server user profiles are in a folder named as UPT on a server called CKTS. On CKTS3, a home folder is placed for each user. As you monitor CKTS, you find out that there is only 5% of hard disk space remaining because the users are saving their files on their profiles on CKTS instead of using their home folders. You have to limit the a mount of disk space allocated to each user to 200 MB. What should you do to achieve that?

A. On the ebms1, configure a group policy object. Configure a default quota limit to 200 MB and set a warning level policy B. Create a new group policy object and li nk it to the CKTS. Configure the UPT folder to limit the disk space quota to allocate 200 MB to all users. C. Configure the disk quotas for the volume that hosts UPT folder. Limit the users to use only 200 MB of space. D. Configure each profile by activati ng disk quota on each profile. Apply folder redirection settings to redirect the users to save their files on CKTS3 E. None of the above Answer C Explanation: To limit the amount of disk space allocated to each user to 200 MB, you need to configure the disk quotas for the volume that hosts UPT folder and then limit the users to use only 200 MB of space. Configuring a quota limit through group policy will not help in Terminal services scenario. Also disk quotas cannot be configured for each user profile ra ther it is configured on a volume or a folder.

Question Certkiller Server1 was accessed by many network users, who work on the server and used to store data on it. To manage the server space, you configured quotas on the server. Which of the following op tions would you choose to view each user's quota usage on a per folder basis? A. Run dirquota.exe quota list on the command prompt. B. Create a File Screen using File Server Resource Manager. C. Review the Quota Entries list from the properties of each vo lume. D. Create a Storage Management report from File Server Resource Manager. E. None of the above Answer D Explanation To view each users quota usage on a per folder basis, you need to create a Storage Management report from File Server Resource Manager. File Server Resource Manager allows you to create quotas to limit the space allowed for a volume or folder and generate notifications when the quota limits are approached or exceeded. It also allows you to generate storage reports instantly, on demand. To manage storage resources on a remote computer, you can connect to the computer from File Server Resource Manager. While you are connected, File Server Resource Manager will display the objects created on the remote computer.

Question You are an enterpri se administrator for Certkiller . The corporate network of the company runs Windows Server 2008 servers. One of the servers calledCertkiller Server1 has file server role installed on it. Certkiller Server1 is accessed by 100 network users, who work on the server and used to store data on it. To manage the server space, you decided to configure quotas on the server. Because too many quotas need to be configured, you decided to use a new quota template to apply quotas to 100 folders .Which of the following options would you choose to modify the quota settings for all100 folders by using the minimum amount of administrative effort?

A. Modify the quota template. B. Create a file screen template and apply it to the root of the volume that contains the folders. C. Delete and create the quota template again. D. Create a new quota template, apply it to all the folders, and then modify the quota for each folder. E. None of the above Answer A Explanation: To modify the quota settings for all 100 folders by using the minimum amount of administrative effort, you can simply modify the quota template with the new settings that you want for all the 100 folder s. If you base your quotas on a template, you can automatically update all quotas that are based on a specific template by editing that template. This feature simplifies the process of updating the properties of quotas by providing one central point where all changes can be made. Question Youare an enterprise a dministrator forCertkiller. The corporate networkof Certkiller consists of a file server that runs Windows Server 2008. All the network users store data on the file server on a shared fol der. Because the data stored by the network users is critical for the company, you don't want to deny users to store data on the shared folder when they exceed their 500 MB li mit ofdatastorage. However,you want to receive a notificationwhen a user stores more than 500 MB of data in the shared folder. Which ofthe following ele ments would you create to acco mplish this task? A.A Passive Screening File Screen. B. An Active Screening File Screen. C. A soft quota. D.A hard quota. E.An indirect quota Answer C Explanation: Toallow users to store more than 500 MB of data in the sh ared folder and to receive a notification when a user stores more than 500MB of data in the shared folder, you need to create a soft quota. A soft quota does not enforce the quota li mit but generates all configured notifications. Ahard quota cannot be used because it prevents users fromsavingfilesafterthespace li mit is reached and generates notificatio nswhen the volume of data reaches each configured threshold.

Master your semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master your semester with Scribd & The New York Times

Cancel anytime.