Mcts chapter 6

MCTS Guide to Configuring
Microsoft Windows Server 2008
Active Directory

Chapter 6: Windows File and Print
Services

Objectives
• Describe features of the major Windows file
systems
• Secure access to files with permissions
• Share folders with Windows file sharing
• Use Windows storage management tools
• Work with Windows printers

MCTS Windows Server 2008 Active Directory 2

Windows File Systems
• A file system defines the method and format that
an OS uses to store, locate, and retrieve files from
electronic storage media
• Modern file systems are composed of some or all
of the following components:
– Filenaming convention
– Hierarchical organization
– Data storage method
– Metadata
– Attributes
– Access Control lists (ACLs)


The FAT File System
• FAT (File Allocation Table) consists of two
variations: FAT16 and FAT32
• FAT16 is limited to 2GB partitions (Windows NT
extends this to 4GB) with a maximum file size of
2GB
• FAT32 allows partitions up to 2TB in size, but
Windows 2000 and later limit size of FAT32
partitions at creation to 32GB due to performance.
FAT32 supports files up to 4GB in size


The NTFS File System
• First introduced in Windows NT
• Supports file and folder permissions, an advantage
over FAT
• Features added with the release of Windows 2000:
– Disk quotas
– Volume mount points
– Shadow copies
– File compression
– Encrypting File System (EFS)


Disk Quotas
• Disk quotas help administrators control how disk
space is used on a server
• Options for setting quotas
– Enable quota management
– Deny disk space to users exceeding quota limit
– Do not limit disk usage
– Limit disk space to
– Log event when a user exceeds their quota limit
– Log event when a user exceeds their warning level
– Quota Entries


Volume Mount Points
• Volume mount points enable you to access a
volume as a folder in another volume instead of by
using a drive letter
• Volume holding the folder to serve as the mount
point must be an NTFS volume
• Reasons for using mount points:
– Extend the apparent amount of free space on an existing
volume
– Consolidate frequently accessed volumes
– Consolidate several shared volumes under a single network
share


Shadow Copies
• Allows access to previous versions of files, and the
ability to restore files that were deleted or corrupted
• Upon enabling Shadow Copies, Windows will warn
that default settings are not ideal for heavily used
servers
• The following can be configured in the Settings
dialog box for Shadow Copies:
– Located on this volume
– Details
– Maximum size
– Schedule

File Compression and Encryption
• Both file compression and encryption are implemented as
attributes
• Mutually exclusive; Both compression and encryption cannot
be enabled on a file
• File compression can be enabled on an entire volume, or on
a folder
• Rules for compression behavior:
– Files copied to a new location inherit the compression attribute from
the parent container
– Files moved to a new location on the same volume retain their current
compression attributes
– Files moved to a new location on a different volume inherit the
compression attribute from the parent container


File Compression and Encryption (cont.)

• File encryption on NTFS made possible by Encrypting File
System (EFS)
• Can be set on a file or a folder, but not an entire volume
• Rules for encryption behavior:
– Encrypted files that are copied or moved always stay encrypted,
regardless of the destination’s encryption attribute
– Unencrypted files that are moved or copied to a folder with the
encryption attribute set are always encrypted
• The user who initially encrypted the file can add additional
users who can decrypt the file. However, a user must have a
valid EFS certificate in order to be added


File Compression and Encryption (cont.)


Securing Access to Files with Permissions

• Two ways to secure files
– Share permissions
– NTFS permissions
• Share permissions apply when using a network to
access shared files, while NTFS permissions apply
whether accessing network shares or local files
• If accessing a network share, the effective
permissions will always be the most restrictive
permissions between Share and NTFS permissions


Share Permissions
• Share permissions apply to folders and files
accessed across the network
• Can’t be configured on individual files
• Three share permissions
– Read
– Change
– Full Control
• Generally, the default share permission is Read for
Everyone


NTFS Permissions
• NTFS permissions can be configured on folders
and files
• 6 permissions and 14 special permissions for
folders
• 5 permissions and 13 special permissions for files
• NTFS standard permissions:
– Read
– Read & Execute
– List folder contents
– Write
– Modify
– Full

NTFS Permissions (cont.)


File and Folder Ownership
• Owner of an object is granted certain implicit
permissions
• A user can become the owner of a file system
object in three ways:
– Create the file or folder
– Take ownership of a file or folder
– Assigned ownership


NTFS Permission Inheritance
• By default, initial permissions are set at the root of
a volume, and then new folders and files inherit
these settings unless configured otherwise
• Permission inheritance can be disabled in the
Advanced Security settings dialog box, by clearing
the “Include inheritable permissions from this
object’s parent” option


NTFS Permission Inheritance (cont.)


Windows File Sharing
• File services role required to share folders
• Folders in Windows Server 2008 can only be
shared by members of the Administrators or Server
Operators groups
• Methods to configure folder sharing in Windows
Server 2008:
– File Sharing Wizard
– Advanced Sharing dialog box
– Shared Folders snap-in
– Share and Storage Management


Windows File Sharing (cont.)


Default and Administrative Shares
• Administrative shares are hidden shares available only to
members of the Administrators group
• Computers that aren’t domain controllers have these shares:
– Admin$
– Drive$
– IPC$
• Domain controllers have the previous three shares, plus
these shares:
– NETLOGON
– Sysvol
• Dollar sign at the end of a share name makes it hidden


Managing Shares with the Shared Folders
Snap-in
• Shared Folders snap-in can be used to create,
delete, and monitor shares; as well as view open
files or monitor and manage user connections or
sessions


Accessing File Shares from Client
Computers
• Shares are most commonly accessed via the
following methods:
– UNC Path
• Example syntax: servershare[subfolder][file]
– Active Directory search
– Browsing the network
– Mapping a drive


Windows Storage Management
• File Services role installs the File Services role
service, but can also install the following additional
services:
– File Server
– Distributed File System
– File Server Resource Manager (FSRM)
– Services for Network File System
– Windows Search Service
– Windows Server 2003 File Services


Share and Storage Management
• Share and Storage Management snap-in includes
all functions present in Shared Folders snap-in
• Can also
– Provision storage
– Share files with NFS
– Publish shares to DFS
– Manage volumes
• Protocol column under the shares tab will display
whether a share is using the Server Message Block
(SMB) protocol or NFS


Share and Storage Management (cont.)

• The Disk management snap-in provides more
advanced features than the Share and Storage
Management snap-in in relation to disk
administration, and can perform the following tasks:
– Bring new disks online
– Initialize new disks
– Import foreign disks
– Create, format, and delete volumes
– Extend and shrink volumes
– Convert disks from basic to dynamic
– Create RAID volumes


Share and Storage Management (cont.)


Distributed File System
• Distributed File System (DFS) groups shared
folders from multiple servers into a single folder
hierarchy, with replication for fault tolerance
• A DFS hierarchy is referred to as a namespace
• Entire namespaces can be replicated
• DFS load-balances the servers involved in
replication
• Does not require AD, however load balancing and
fault tolerance are only available on a domain
based namespace

Distributed File System (cont.)


File Server Resource Manager
• File Server Resource Manager (FSRM) is a suite of
services and management tools for monitoring
storage space, managing quotas, controlling the
types of files that users can store on a server, and
creating storage reports
• Contains three tools:
– Quota Management
– File Screening Management
– Storage Reports Management


File Server Resource Manager (cont.)


Windows Printing
• Print device
– Physical print device, two basic types:
• Local print device
• Network print device
• Printer
– The icon in the Printers folder that represents print devices
• Print Server
– A Windows computer that’s sharing a printer
• Print queue
– A storage location for print jobs awaiting printing


Configuring a Print Server
• A print server can provide additional printing
functions:
– Access Control
– Printer pooling
– Printer Priority
– Print job Management
– Availability control
• In order to configure a Windows 2008 Server
system as a print server, a printer must be shared.


Configuring a Print Server (cont.)
• The Sharing tab in a printer’s Properties dialog box
provides the following options:
– Share this printer
– Share name
– Render print jobs on client computers
– List in the directory
– Additional Drivers


• The Advanced tab of a print server’s Properties dialog box
provides more options for controlling the print server:
– Always available / Available from
– Priority
– Driver
– Spooling options
– Hold mismatched documents
– Print spooled documents first
– Keep printed documents
– Enable advanced printing features
– Printing Defaults
– Print Processor
– Separator Page


Printer Permissions
• Provides similar control to Share and NTFS
permissions
• No permission inheritance for printers
• Three standard permissions:
– Print
– Manage printers
– Manage documents
• In addition, there are 6 special permissions


Print Management from the Print Services
Role
• Print Services role is not necessary to create
printer shares or to manage the print server
• Provides the Print Management snap-in, which can
be used to manage multiple printers and print
servers
• Allows the installation of two other role services:
Line Printer Daemon (LPD) and Internet Printing


Print Management from the Print Services
Role
• Print Management MMC is made available
• Using Print Management, you can view status
information and manage all printers and print
servers on the network
• Tasks you can perform:
– Install a new printer
– Share a printer
– Migrate printers
– Deploy printers by using group policies
– List or remove printers from Active Directory
– Display printers based on a filter


Chapter Summary
• File systems define the method and format that an
OS uses to store, locate, and retrieve files from
storage media. Windows supports two file systems:
FAT and NTFS
• FAT file system consists of two variations: FAT16
and FAT32. FAT16 is limited to 2 GB partitions,
and FAT32 supports up to 2 TB. FAT file systems
lack encryption, file compression, and file and
folder security


Chapter Summary (cont.)
• NTFS is the ideal file system on Windows systems.
Features include file and folder security, disk
quotas, mount points, shadow copies, file
compression, and EFS
• Files can be accessed interactively (locally) or
across the network (remotely). Share permissions
are applied only to network access, and NTFS
permissions are applied to interactive and network
access. The most restrictive permission of the two
is enforced.


• There are three share permissions: Read, Change,
and Full control. NTFS permissions have 6
standard permissions and 13 special permissions
• Files can be shared by using the File Sharing
Wizard, the Advanced Sharing dialog box, the
Shared Folders snap-in, and the Share and
Storage Management snap-in
• Windows includes administrative shares
automatically, which are hidden and accessible
only by members of the Administrators group


• The File Services role adds tools to manage all
aspects of storage, and can install several
additional role services
• Windows printing consists of these components:
print device, printer, print server, and print queue
• The Print Services role provides printer sharing, the
Print Management snap-in, and optionally the LPD
Service and Internet Printing role services


Mcts chapter 6

More Related Content

What's hot

Similar to Mcts chapter 6

Recently uploaded

Mcts chapter 6