70-290: MCSE Guide to Managing
a Microsoft Windows Server 2003
Environment
Chapter 7:
Advanced File System
Management
Objectives
• Understand and configure file and folder attributes
• Understand and configure advanced file and folder
attributes
• Implement and manage disk quotas
• Understand and implement the Distributed File
System
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
2
File and Folder Attributes
• Used since MS-DOS operating system
• Attributes describe files, folders, and their
characteristics
• Applicable utilities include graphical tools and the
ATTRIB command
• Four standard file and folder attributes
•
•
•
•
Read-only
Archive
System
hidden
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
3
Read-only
• Designates that the contents of a file cannot be
changed and file cannot be deleted
• Available in all file systems (FAT, FAT32, NTFS
partitions and volumes)
• FAT, FAT32 attributes can be changed by any user
• NTFS attribute can only be changed by a user with
appropriate permissions
• Can be configured for a file or folder
• For folders, attribute pertains to the files it contains, not
the folder itself
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
4
Read-only (continued)
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
5
Archive
• Marks which files and folders have been recently
changed or created
• Recently modified files are marked as ready for
archiving
• Important for backup
• Backup methods update the status of the archive
attribute
• Viewing the attribute is done using Windows
Explorer or command-line utilities (e.g., DIR,
ATTRIB)
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
6
System
• Originally designed to identify O.S. in MS-DOS
• In Windows Server 2003
• Used in conjunction with hidden attribute
• When system and hidden both true, file or folder is
“super hidden” (not displayed in Windows Explorer
interface)
• Treated as “protected operating system files” with
specific alternate display options
• Can only be manipulated using ATTRIB command
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
7
Hidden
• Used to make files and folders less visible to users
from Windows Explorer and command-line
• Default configuration in Windows Server 2003
displays hidden files as semi-transparent icons
unless in conjunction with system attribute
• Hidden attribute can be configured from General
tab of Properties
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
8
Hidden (continued)
• Visibility can be configured from View tab of
Folder Options from Tools in Windows Explorer
• Show hidden file and folders
• Hidden files and folders appear in Windows
Explorer as semi-transparent icons
• Do not show hidden files and folders
• Files with set hidden attributes do not appear in
Windows Explorer
• Hide protected operating system files
• All files with both hidden and system attributes set
are hidden in Windows Explorer when set
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
9
Hidden (continued)
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
10
The ATTRIB Command
• A command-line utility used to view, add or
remove the four attributes of files and folders
• Only way to configure system attribute
• Supports wildcards (*) allowing multiple files or
folders to be changed simultaneously
• Syntax
• View: attrib filename
• Set: attrib +attribute filename
• Remove: attrib –attribute filename
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
11
Advanced Attributes
• Advanced attributes found on NTFS partitions or
volumes
• Archive and Index attributes
• File is ready for archiving
• Indexing service
• Compress or Encrypt
• Compress contents to save disk space
• Encrypt contents to secure data
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
12
Advanced Attributes
(continued)
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
13
File Compression
• Reduces amount of disk space needed for files and
folders
• Automatically uncompressed when the resource is
accessed
• Compressed resources displayed in different color
in Windows Explorer (blue by default)
• Moving and copying resources can affect
compression
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
14
COMPACT
• Used with NTFS file system only
• Command-line utility for configuring the
compression attribute
• Syntax
• COMPACT
(to view)
• COMPACT switches resourcename (to set attributes)
• Switches
• /c (to compress resources)
• /u (to uncompress resources)
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
15
File Encryption
• Encrypting File System (EFS) uses public key
cryptography to encrypt files and folders
• Only on NTFS file systems
• Transparent to user
• Implemented using 2 main types of keys
• File encryption key (FEK)
• Session key added to header of encrypted data (data
decryption field)
• Public key encrypts DDF
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
16
File Encryption (continued)
• Main challenge for public key cryptography is
when users leave organization
• Can rename user account
• Can use data recovery agent
• FEK also stored in data recovery field (DRF)
• Encrypted using data recovery agent’s public key
• Default is administrator, additional recovery agents can
be designated
• Moving or copying files can affect encryption
• Encrypted files cannot be compressed, vice versa
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
17
Sharing Encrypted Files
• In Windows 2000, only user and data recovery
agent could access an encrypted file
• In Windows Server 2003, Advanced Attributes
allows sharing with other specific named users
• Issues:
•
•
•
•
Only for files, not folders
Can only share with users, not groups
Users must have a certificate on computer
Users must have appropriate NTFS permissions
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
18
Sharing Encrypted Files
(continued)
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
19
The CIPHER Command
• Command-line utility for file and folder
encryption
• Used by administrator
• NTFS partitions and volumes only
• Syntax
• CIPHER
(to view)
• CIPHER switches resourcename (to set attributes)
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
20
The CIPHER Command
(continued)
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
21
The CIPHER Command
(continued)
• Switches
• /e (to encrypt a folder)
• /d (to decrypt a folder)
• /a (to apply other switches to a file rather than a folder)
• Cannot encrypt files which have their read-only
attribute set
• Can use the wildcard character (*)
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
22
Activity 7-5: Encrypting Files
Using the CIPHER Utility
• Objective: To encrypt and decrypt files using
CIPHER
• Create a new folder and files
• Encrypt a single file and observe the results
• Encrypt files using the wildcard character and
observe results
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
23
Disk Quotas
• Disk quotas used to monitor and control user disk
space
• Advantages
•
•
•
•
Prevents users from consuming all disk space
Encourages users to delete old files
Allows monitoring for planning purposes
Allows monitoring of individual users
• Disabled by default
• Implemented only on NTFS volumes
• Configured from Properties of a volume
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
24
Disk Quotas (continued)
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
25
Disk Quotas (continued)
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
26
Disk Quotas (continued)
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
27
Managing Disk Quotas from
the Command Line
• FSUTIL QUOTA command-line utility can be
used to manage disk quotas
• Can enable/disable, modify, display, track, report
• Example (to enable disk quotas on drive E)
• fsutil quota enforce e:
• Events written to System log (displayed in Event
Viewer) every hour by default
• fsutil behavior command can change the interval
• Help available for fsutil quota and fsutil behavior
commands in Help and Support Center
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
28
Managing Disk Quotas from
the Command Line (continued)
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
29
Distributed File System
• Makes it appear that multiple shared-file resources
are stored in a single hierarchical structure
• Users do not have to know which server a shared
folder resides on
• Configured using the Distributed File System
console in Administrative Tools menu
• Tree structure (root and DFS links)
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
30
Distributed File System (continued)
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
31
DFS Models
• Two models:
• Standalone DFS model (more limited capabilities)
• Domain-based DFS model
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
32
DFS Models (continued)
• Hierarchical structure is called DFS topology or
logical structure, three elements to structure
• The DFS root
• Main container on host server
• The DFS links
• Pointers to physical location of shared folders
• Servers on which the DFS shared folders are replicated
as replica sets
• Replica set is set of shared folders that is replicated
across multiple servers
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
33
Managing DFS
• Tasks involved in managing DFS system
•
•
•
•
Deleting a DFS root
Removing a DFS link
Adding root and link replica sets
Checking the status of a root or link
• Replication capability provides fault tolerance and
load balancing
• DFS replication options and topologies managed
from Configure Replication wizard
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
34
Managing DFS (continued)
• DFS element status is indicated with colored icons
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
35
Summary
• File and folder attributes are:
• Read-only (can a resource be modified or deleted)
• Archive (has a resource recently been changed)
• System (does resource have specific display
requirements, especially in conjunction with Hidden)
• Hidden (should the resource appear normally in
Windows Explorer)
• File and folder attributes can be set through
graphical tools or the ATTRIB command-line
utility
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
36
Summary (continued)
• Advanced attributes on NTFS partitions or
volumes include:
•
•
•
•
Archiving (specifies whether to back up file)
Indexing (makes resource searchable)
Compression (saves disk space)
Encryption (makes resources accessible only to those
holding keys)
• Command-line utilities for advanced attributes
include:
• COMPACT
• CIPHER
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
37
Summary (continued)
• Disk quotas allow management of disk space
usage by individual users
• Managed from the Properties of a volume or using the
FSUTIL command-line utility
• Distributed File System allows management of
shared-file resources
• Appear as a single hierarchical structure
• Can be physically located on different servers
• 2 DFS models: standalone and domain-based
70-290: MCSE Guide to Managing a Microsoft
Windows Server 2003 Environment
38