You are on page 1of 38

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Chapter 7: Advanced File System Management

Objectives
Understand and configure file and folder attributes Understand and configure advanced file and folder attributes Implement and manage disk quotas Understand and implement the Distributed File System

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

File and Folder Attributes


Used since MS-DOS operating system Attributes describe files, folders, and their characteristics Applicable utilities include graphical tools and the ATTRIB command Four standard file and folder attributes
Read-only Archive System hidden
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment 3

Read-only
Designates that the contents of a file cannot be changed and file cannot be deleted Available in all file systems (FAT, FAT32, NTFS partitions and volumes)
FAT, FAT32 attributes can be changed by any user NTFS attribute can only be changed by a user with appropriate permissions

Can be configured for a file or folder


For folders, attribute pertains to the files it contains, not the folder itself
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment 4

Read-only (continued)

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Archive
Marks which files and folders have been recently changed or created Recently modified files are marked as ready for archiving Important for backup Backup methods update the status of the archive attribute Viewing the attribute is done using Windows Explorer or command-line utilities (e.g., DIR, ATTRIB)
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment 6

System
Originally designed to identify O.S. in MS-DOS In Windows Server 2003
Used in conjunction with hidden attribute When system and hidden both true, file or folder is super hidden (not displayed in Windows Explorer interface) Treated as protected operating system files with specific alternate display options Can only be manipulated using ATTRIB command

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Hidden
Used to make files and folders less visible to users from Windows Explorer and command-line Default configuration in Windows Server 2003 displays hidden files as semi-transparent icons unless in conjunction with system attribute Hidden attribute can be configured from General tab of Properties

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

Hidden (continued)
Visibility can be configured from View tab of Folder Options from Tools in Windows Explorer
Show hidden file and folders Hidden files and folders appear in Windows Explorer as semi-transparent icons Do not show hidden files and folders Files with set hidden attributes do not appear in Windows Explorer Hide protected operating system files All files with both hidden and system attributes set are hidden in Windows Explorer when set
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment 9

Hidden (continued)

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

10

The ATTRIB Command


A command-line utility used to view, add or remove the four attributes of files and folders Only way to configure system attribute Supports wildcards (*) allowing multiple files or folders to be changed simultaneously Syntax
View: attrib filename Set: attrib +attribute filename Remove: attrib attribute filename
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment 11

Advanced Attributes
Advanced attributes found on NTFS partitions or volumes Archive and Index attributes
File is ready for archiving Indexing service

Compress or Encrypt
Compress contents to save disk space Encrypt contents to secure data
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment 12

Advanced Attributes (continued)

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

13

File Compression
Reduces amount of disk space needed for files and folders Automatically uncompressed when the resource is accessed Compressed resources displayed in different color in Windows Explorer (blue by default) Moving and copying resources can affect compression
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment 14

COMPACT
Used with NTFS file system only Command-line utility for configuring the compression attribute Syntax
COMPACT (to view) COMPACT switches resourcename (to set attributes)

Switches
/c (to compress resources) /u (to uncompress resources)
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment 15

File Encryption
Encrypting File System (EFS) uses public key cryptography to encrypt files and folders Only on NTFS file systems Transparent to user Implemented using 2 main types of keys
File encryption key (FEK) Session key added to header of encrypted data (data decryption field) Public key encrypts DDF
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment 16

File Encryption (continued)


Main challenge for public key cryptography is when users leave organization Can rename user account Can use data recovery agent
FEK also stored in data recovery field (DRF) Encrypted using data recovery agents public key Default is administrator, additional recovery agents can be designated

Moving or copying files can affect encryption Encrypted files cannot be compressed, vice versa
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment 17

Sharing Encrypted Files


In Windows 2000, only user and data recovery agent could access an encrypted file In Windows Server 2003, Advanced Attributes allows sharing with other specific named users Issues:
Only for files, not folders Can only share with users, not groups Users must have a certificate on computer Users must have appropriate NTFS permissions
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment 18

Sharing Encrypted Files (continued)

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

19

The CIPHER Command


Command-line utility for file and folder encryption
Used by administrator NTFS partitions and volumes only

Syntax
CIPHER (to view) CIPHER switches resourcename (to set attributes)

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

20

The CIPHER Command (continued)

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

21

The CIPHER Command (continued)


Switches
/e (to encrypt a folder) /d (to decrypt a folder) /a (to apply other switches to a file rather than a folder)

Cannot encrypt files which have their read-only attribute set Can use the wildcard character (*)

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

22

Activity 7-5: Encrypting Files Using the CIPHER Utility


Objective: To encrypt and decrypt files using CIPHER Create a new folder and files Encrypt a single file and observe the results Encrypt files using the wildcard character and observe results

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

23

Disk Quotas
Disk quotas used to monitor and control user disk space Advantages
Prevents users from consuming all disk space Encourages users to delete old files Allows monitoring for planning purposes Allows monitoring of individual users

Disabled by default Implemented only on NTFS volumes Configured from Properties of a volume
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment 24

Disk Quotas (continued)

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

25

Disk Quotas (continued)

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

26

Disk Quotas (continued)

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

27

Managing Disk Quotas from the Command Line


FSUTIL QUOTA command-line utility can be used to manage disk quotas
Can enable/disable, modify, display, track, report Example (to enable disk quotas on drive E) fsutil quota enforce e: Events written to System log (displayed in Event Viewer) every hour by default fsutil behavior command can change the interval

Help available for fsutil quota and fsutil behavior commands in Help and Support Center
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment 28

Managing Disk Quotas from the Command Line (continued)

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

29

Distributed File System


Makes it appear that multiple shared-file resources are stored in a single hierarchical structure Users do not have to know which server a shared folder resides on Configured using the Distributed File System console in Administrative Tools menu Tree structure (root and DFS links)

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

30

Distributed File System (continued)

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

31

DFS Models
Two models:
Standalone DFS model (more limited capabilities) Domain-based DFS model

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

32

DFS Models (continued)


Hierarchical structure is called DFS topology or logical structure, three elements to structure
The DFS root Main container on host server The DFS links Pointers to physical location of shared folders Servers on which the DFS shared folders are replicated as replica sets Replica set is set of shared folders that is replicated across multiple servers
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment 33

Managing DFS
Tasks involved in managing DFS system
Deleting a DFS root Removing a DFS link Adding root and link replica sets Checking the status of a root or link

Replication capability provides fault tolerance and load balancing DFS replication options and topologies managed from Configure Replication wizard
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment 34

Managing DFS (continued)


DFS element status is indicated with colored icons

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment

35

Summary
File and folder attributes are:
Read-only (can a resource be modified or deleted) Archive (has a resource recently been changed) System (does resource have specific display requirements, especially in conjunction with Hidden) Hidden (should the resource appear normally in Windows Explorer)

File and folder attributes can be set through graphical tools or the ATTRIB command-line utility
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment 36

Summary (continued)
Advanced attributes on NTFS partitions or volumes include:
Archiving (specifies whether to back up file) Indexing (makes resource searchable) Compression (saves disk space) Encryption (makes resources accessible only to those holding keys)

Command-line utilities for advanced attributes include:


COMPACT CIPHER
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment 37

Summary (continued)
Disk quotas allow management of disk space usage by individual users
Managed from the Properties of a volume or using the FSUTIL command-line utility

Distributed File System allows management of shared-file resources


Appear as a single hierarchical structure Can be physically located on different servers 2 DFS models: standalone and domain-based
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment 38