Ch. 5 Final 19-9-2022

Chapter : 5
Storage Management
5.0 Objectives
5.1 Storage Management in Windows 10
5.2 Cloud Storage - One Drive
5.3 Windows 10 NTFS Permissions
5.4 Summary
5.5 Check Your Progress Answers
5.6 Questions for Self Study
5.0 Objectives
At the end of the module, you will be able to:
Explain Local Storage and Disk Pools.
Configure OneDrive Storage.
Configure NTFS, EFS (Encrypted File System) and Share
Permissions.
Manage BitLocker.
5.1 Storage Management in Windows 10

Disk Management is a feature in Windows 10 used for
managing the connected disks. It can be accessed through the
Run command diskmgmt.msc.
The Disk Management window enables you to know your
Disks, Volumes, Partitions and File Systems.
The image illustrates the Disk Management window in a
Windows 10 Operating System.
Storage Management / 81
Disk Management provides an option to manage the Disks
connected to the computer or virtual machine.
Additionally, you can attach or detach a vhd (virtual hard disk)
file in a specific computer or a virtual machine.
All disk level operation like, format, drive label etc. can be
performed.
5.1.1 Windows 10 Storage Spaces

Storage Spaces is a Windows feature that allows users to
group different types of drives to create a single larger logical
storage pool. This pool can be used later to store data.
Storage Spaces were introduced in Windows 8.1 Client
Operating System and Server 2012 Operating System.
You can access storage spaces option from the control panel
of the Windows 10 Operating system.
5.1.2 Supported Drives in Storage Spaces

Storage Spaces enables cost-effective, highly available and
scalable storage solutions with a perspective of Storage
Virtualization.
The supported devices for Storage Spaces is:
ATA : Advanced Technology Attachment is a standard for
connecting and transferring data from hard disk drives.
SATA : Serial Advanced Technology Attachment.
SAS : It is Serial Attached SCSI disks. It is preferred storage
in Servers.
USB : It is Universal Serial Bus and an external storage.
Technology variants like Spinning Disks and SSDs (Solid
State Drives) are supported. Network based technology like
iSCSI is not supported for Storage Spaces. RAID (Redundant
Array of Independent Disks) is also not supported.
The image shows Windows 10 Storage Spaces. There are 3
physical drives that contains 3.5 Terabytes of Physical Storage.
82 / Operating System 1
A Real Storage Pool can be created with 3.5 Terabyte of
Storage. Now by using the concept of Storage Spaces and Thin
Provisioning. You can over-provision a storage as shown in the
image.
It contains:
Storage Space 1 with 3 TB of storage. o Storage Space 2
with 2TB of storage. o Storage Space 3 consists of 2.5 TB of
storage.
5.1.3 Features of Storage Spaces

The features of Storage Spaces are:
Storage Pools : These are building blocks of Storage
Spaces. By using a set of physical disks an Administrator can
create one Storage pool.
Resilient Storage : Storage Spaces provide three storage
layouts, they are:
Mirror : it helps protect your data from disk failures and
provides great performance.
Parity : It is a stripe across physical disks used to create
redundant disks for storage archival.
Simple : It provides storage but, simple layout doesn’t
provide any protection from disk failures.
Resilient is the ability to withstand or recover quickly from
difficult conditions. The image describes the storage tiers.
There are 3 replicas for a particular storage.
Replicate 1 and Replicate 2 are working in distribute mode.
Replicate 3 has backup copy of the data stored in distributed
mode replicas. This ensures resilience of stored data.
It should be noted that, sufficient storage disks, minimum 2
disks, must be available if you are planning to create storage
spaces.
5.1.4 Creating Storage Spaces
Storage Space is a feature available in Windows Client
Operating like windows 8.1 or Windows 10.
The process for creation of Storage Spaces on your Windows
machine is:
Open Control Panel.
Navigate to storage spaces, select the option “Create a new
5.1.5 Creating Storage Spaces

Considerations while creating Storage Spaces are:
Drive Letter: While configuring storage space you will
encounter an option to assign the appropriate drive letter.
You can assign a File System, the options available are NTFS
and ReFS, Resilient File System.
The other important option that can be configured is
Resiliency, it is critical for storage system with available
resiliency options like,
Simple,
Two-Way Mirror,
3-Way Mirror and Parity.
Finally you can set the Size of the allocated storage spaces.
5.1.6 Storage Spaces - Physical Disk Utilization

Analyzing Physical Disk Utilization while using Storage
Spaces. Storage Spaces supports 4 types of resiliency options.
They are:
Simple : A simple storage space writes one copy of your
data and does not protect you from driver failures. Minimum
one disk is required for this option. The advantage of this type
of resiliency is 100% utilization of Physical Disk, while
disadvantage is if drive fails, the data is lost.
2-Way Mirror option writes two copies of your data on the
drives, which can protect your data from a single drive failure.
Two-way mirror requires at least two drives. There is a 50%
utilization of the physical disk because duplicate data is
stored on the other disk.
3-Way Mirror is similar to the two-way mirror, but it writes
three copies of your data on the drives, which will help you to
protect your data from two simultaneous drive failures. Three
way mirror requires, at least, three drives. There is 33% of
Physical Disk utilization, as 3 copies of same data are in the
3 disks.
Parity is similar to standard RAID5 technology, Parity for
storage spaces writes your data with parity information and
provides redundancy from single drive failure. This option
needs 3 physical disks.
5.1.7 Storage Spaces with ReFS

Microsoft based ReFS was designed as a file-system to be
used in conjunction with Storage Spaces.
Features of ReFS are:
ReFS disks are Compatible with existing windows file
systems like NTFS and FAT32.
As the volume of data grows, ReFS is designed to work
efficiently with large sets of data without compromising on
performance. ReFs provides a true scalability file system.
ReFS gives priority to the availability of data. This implies that
if some corruption occurs, the repair process focuses on the
corrupt area and does not require the disk to be taken offline
for repair. It performs all repairs online.
ReFS proactively works in a background by running the data
integrity checks, and periodically initiates repair of corrupt
data, this is termed as Self-Healing capabilities of ReFS.
5.1.8 Computer Network Storage - Work Folders

Using Microsoft Work Folders users can store and access
work files on personal or corporate computers and mobile
devices, often referred to as bring-your-own device (BYOD).
Features of Work Folders are :

Synchronized Content: Syncs files that are stored on a file
server with PCs and mobile devices (supports BYOD). Office
365 applications can now store content in Work Folders. As
soon as personal BYOD connects to network,
synchronization is automatically started.
Phone and PC support
PCs running Windows 8.1 and higher Operating System. o
Windows 8 or higher Mobiles. o iPhones and iPad with iOS 8
and higher.
Android Devices with 4.4 and higher. All the devices must be
able to support SSL certificate issued by Work Folder Server.
Remote Wipe: It is a feature used if you lose your corporate
device, it guarantees that even if the device is lost, data
cannot be stolen from lost device. Work Folders can be
integrated with Microsoft Intune and Exchange Active Sync
for mobile device policies.
Domain/Non-Domain Support is about deploying Work
Folders in corporate Domain joined device by using Group
Policy. Microsoft Intune can be used to deploy Work Folders
on nondomain joined devices. Data encryption and password
policies can be defined for Work Folders Security.
5.2 Cloud Storage - One Drive

Microsoft based Cloud storage is OneDrive. Microsoft
debuted in cloud storage industry in year
2007, with a product named “SkyDrive”. Later in 2014, SkyDrive
was renamed as OneDrive.
OneDrive storage is offered in following 2 categories:
OneDrive for consumers: It comes with Windows 10 but, you
need Microsoft account to use it. By default, free 5GB space
is available. Additional 50GB for 2$ per month.
Also, OneDrive App is available for Mobile Platforms like
Windows Phone, Android, iPhone and iPad. You can
configure your mobile photos to auto-upload to cloud from
your phone.
Optional type is OneDrive for Business: It is based on
SharePoint, Office365 (Cloud). It is also included in Office Pro
Plus 2013. Also, you can opt for OneDrive for Business by
using Microsoft Azure subscription.
5.2.1 OneDrive Features

Following are the features of OneDrive:
Recycle Bin : There is deletion sync between local OneDrive
on Windows 10 Machine and the online OneDrive. Cloud
Recycle Bin auto-deletes after 30 days. Even after you have
emptied the local recycle bin, you can still recover from cloud
within 30 days. The image shows the Recycle Bin in cloud
based One-Drive.
Office Online : Formerly known as "Office Web Apps”. You
can create online Word, Excel, PowerPoint files. If a
document is shared, collaboration is done in real time.
Access from Other Devices : OneDrive can be accessed
through web portal or device specific apps for Android,
iPhone or windows mobile.
Setup file sharing : You can share your documents and
images with individuals, public. You can assign “View”
permissions or “Edit” permissions.
OneDrive “Fetch” : It is enabled on Host PCs (not on MAC
machines). it is used to fetch files from remote host (OneDrive
installed). Note, this feature is available on Windows 7, 8, and
10
5.3 Windows 10 NTFS Permissions

NTFS (New Technology File System) is a Microsoft based
File System.
NTFS permissions are available with drives formatted with
NTFS.
Terms used in NTFS permissions are:
Security Identifier (SID) : It identifies the user or group. The
image marked as 1 shows the SID.
ACL : Access Control List: It consists of Permissions for the
users. These permissions are Full Control, modify etc., as
shown in the image and marked as 2.
ACE is Access Control Entry : It consists of Allow or deny
permissions to specific users. The image marked 3 shows
ace list.
Securable Objects are Files, Folders, Registry keys, shares
and printers.
NTFS Advanced Permissions are:
Inheritance : It is the property of NTFS. It corresponds to any
permissions set on the parent folder, automatically passes to the
child objects inside the folder.
Explicit permissions are permissions that are set by default
when the object (folder or file) is created by user action.
Note - User Rights apply to User Accounts, Permissions
apply to Objects (files and folders).
5.3.1 Basic NTFS Permissions

NTFS Permissions configured by a Desktop Engineer are of
following 2 types, they are :
Basic NTFS Permissions.
Advanced NTFS Permissions.
The table shows the available options for Basic NTFS
permissions. Also, the adjoining image shows the NTFS security
Tab with Basic Permissions. The tick marks in the Allow column
are the permissions the user has for an object.
5.3.2 Advanced NTFS Permissions
You must login with Administrator privileges, to change
Advanced Permissions. The advanced permissions are:
Full Control : Is used to change permissions and attributes.
An Administrator can take ownership of any content (files or
folders). Note - Standard Users have full control on their
Documents folder while an Administrator has full control of
the entire computer.
Auditing : It provides detailed historical information on what
a user or group has done or attempted to do on a particular
content (file or folder). Audit is listed as Success or Fail.
Effective Access : It shows the resultant list of access rights
on a particular user or group.
Some conditions demand that parent folder has different
permissions and child object inside the parent folder must
have different permissions. This requires Administrator to
Disable Inheritance from the parent, and change the new
NTFS permissions for the child object.
5.3.3 NTFS based Share Permissions

There are 2 types of Sharing available in Windows
Environment.
Local Sharing is sharing a local folder on the machine, the
scope of users that will access to a local share is defined on the
folder of the local machine.
Network Sharing - Companies typically don’t allow local
workstation folder to be shared. They support a Network Server
to share the contents with minimum level of access permissions
considering the security aspects of the shared data.
The options for Sharing Folder are:
Sharing Wizard : It can be found when you right click on the
Folder. Sharing choices are Read, Read/Write.
Advanced Sharing : It can be found when you access the
properties and sharing Tab of the Folder. The settings defined
on Advanced Sharing tab enables the possibility for efficient
network access.
Default Share : It is also known as Hidden Share. By default,
local Disk C is a hidden default share, any folder can be
created to default share by inserting "$” dollar symbol.
5.3.4 Integration of NTFS and Share Permissions

Combining NTFS and Share Permissions for Restrictive
Access.
Share Permissions : It allows network users to access a
shared folder.
Note - Files cannot be shared individually, folders containing
files are shared.
NTFS permissions : It defines access to a folders or files,
By Default NTFS permissions are defining local access. If there
is a permission mismatch between NTFS and Share
Permissions, No Access is granted to the affected user of group.
5.3.5 EFS (Encrypting File System)

EFS (Encrypting File System) allows "all users” to encrypt
files and folders easily. Any standard user can encrypt files, you
need not to be an Administrator for Encryption.
EFS can be deployed on Following Scenarios:
Mobile Clients consists of corporate users with Laptops or
Notebooks. The emergence of cloud storage has made local
file encryption even more important. In this scenario,
encryption works best with BitLocker.
In Domain Based Clients scenario, a domain-based
certificate server provides authority certificate to encrypt files
and folders on your computer.
Deployment and Management of EFS is complicated in
Network folders. By default, an encrypted file is unencrypted
when they travel across the network, but Network Storage file
when encrypted remains encrypted while traversing on the
network.
Encryption can be disabled to ensure users don’t encrypt any
files, Disable EFS can be
done by using Group Policy.
The image illustration is as follows:
The user 1 sends an encrypted message to the other user 2
by using internet. This encrypted message is sniffed by a
Hacker, but since the message is encrypted the hacker
cannot decrypt it as decryption keys is not available with the
Hacker. So, this image shows, an encrypted message is
secure on network.
5.3.6 Cryptography and EFS

Cryptography is a method of storing and transmitting data in
a particular form so that only those for whom it is intended can
read and process it.
Cryptographic terms used in EFS are:
Public Key : It is used to "lock” the content that is later
"unlocked” by a specific private key. EFS Public Keys are by
default created as a stand-alone key.
Private Keys : It is a user specific key. Private keys unlock
"content”. If a private key is damaged, files cannot be
decrypted. Note Private Keys can be recovered from Server
2012
R2 Certificate Authority if it is damaged or lost.
Symmetric Keys : It can "lock” and "unlock” contents.
Symmetric keys are dangerous without protection. Symmetric
keys are also used when you access HTTPS websites or
enable IPSec.
FEK, File Encryption Key : It is a symmetric key that is
locked with a user’s public key. FEK is either used to encrypt
or decrypt content. The keys are stored in User’s profile.
The image illustrates, a Public Key is used to encrypt the
Content and a "Private Key” is used to decrypt the content.
5.3.7 Cipher and Data Recovery Agent (DRA)
Cipher is built-in command tool for managing encryption
tasks.
DRA (Data Recovery Agent): It has permissions to decrypt
data that was encrypted by another user.
The image shows that user uses key "A” to encrypt the data,
while the Recovery Agent that is DRA has a key "B”.
There are 2 scenarios to decrypt the data:
First scenario is where the User uses his private Key "A” to
decrypt the data.
In the second scenario, the recovery agent can use key "B”
to decrypt the data.
BitLocker Basics
Encryption software like BitLocker was introduced in
Windows 7, and revised in later Operating System version
like Windows 8.1.
The objective of BitLocker is to encrypt data stored on
Operating System and Data volumes.
BitLocker provides Offline and Start-Up Protection to the data
stored on the volumes.
BitLocker uses TPM chip to protect the keys used to encrypt
your computer's data. TPM is Trusted Platform Module, TPM
1.2 supports a single "owner" authorization, with RSA 2048
bits security standards.
While, TPM 2.0 has the similar functionality, additionally it
used for signing/attestation with unique "owner” authorization
encryption.
BitLocker To Go is a process in BitLocker used to encrypt the
removable media.
5.1, 5.2 & 5.3 Check Your Progress.

1) .................. allows "all users” to encrypt files and folders
easily.
2) .................. is built-in command tool for managing
encryption tasks.
3) .................. : It is used to "lock” the content that is later.
5.4 Summary
Diskmgmt.msc is used to access the Disk Management
Console in Windows 10 OS.
Storage Spaces combines multiple physical disks.
Storage Spaces features include, Storage Pools and
Resilient Storage
Work Folders, is used to access work files anywhere, any
device.
OneDrive is Microsoft based cloud storage solution; types
of OneDrive are:
OneDrive for Consumers
OneDrive for Business.
Features of OneDrive are, Recycle Bin, Office Online, App
based access from mobile devices, OneDrive "Fetch”
NTFS permissions consist of SID, ACL, and ACE> NTFS and
Share Permissions can be combined for restrictive access to a
network data.
EFS is used to encrypt and secure data, Cryptographic Terms
in EFS:
Public Key, Private Key, Symmetric Key, FEK.
DRA has permissions to decrypt data that was encrypted by
another user.
BitLocker in Windows 10 supports,
Device Health Attestation, Device Guard, Credential Guard.
BitLocker To Go is used to secure contents stored on
removable drives.
5.5 Check Your Progress Answers
5.1, 5.2, 5.3
1) EFS (Encrypting File System)
2) Cipher
3) Public Key
5.6 Questions for Self Study

1) What are the types of supported disks used in Storage
Spaces?
2) Discuss the comparison between Storage Spaces and
OneDrive.
3) What is the use of OneDrive Fetch?
4) What are the cryptographic terms used in EFS?
5) Which are the various scenarios to implement EFS?
6) What is the use of DRA?
7) Discuss in detail the features are supported by Windows 10
BitLocker.
Notes
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
Notes
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________

Ch. 5 Final 19-9-2022

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ch. 5 Final 19-9-2022

Uploaded by

Copyright:

Available Formats

Chapter : 5

5.1 Storage Management in Windows 10

5.1.1 Windows 10 Storage Spaces

5.1.2 Supported Drives in Storage Spaces

5.1.3 Features of Storage Spaces

5.1.5 Creating Storage Spaces

5.1.6 Storage Spaces - Physical Disk Utilization

5.1.7 Storage Spaces with ReFS

5.1.8 Computer Network Storage - Work Folders

Features of Work Folders are :

5.2 Cloud Storage - One Drive

5.2.1 OneDrive Features

5.3 Windows 10 NTFS Permissions

5.3.1 Basic NTFS Permissions

5.3.2 Advanced NTFS Permissions

5.3.3 NTFS based Share Permissions

5.3.4 Integration of NTFS and Share Permissions

5.3.5 EFS (Encrypting File System)

5.3.6 Cryptography and EFS

5.1, 5.2 & 5.3 Check Your Progress.

5.6 Questions for Self Study

You might also like