Академический Документы
Профессиональный Документы
Культура Документы
Mahdi
To provide redundancy:
Create a Distributed File System (DFS)
Configure a file server. Configure Distributed File System (DFS). Configure shadow copy services Configure backup and restore. Manage disk quotas.
Lesson 1: Managing File Security Lesson 2: Sharing Folders Lesson 3: Backing Up and Restoring Files
Lesson 1
Determine which users can view or update files Default NTFS file permissions:
Permission User files System files %SystemRoot% Program files %ProgramFile% Users Full Control Read Read Run Prog Administrator Full Control Full Control Install App/Update Full Control Install App Others Cant R/W
Modify
Full Control
1. 2. 3. 4.
5.
6.
7.
8.
If the user you want to configure access for does not appear in the Group or User Names list, click Add. Type the user name, click Ok. Select the user you want to configure access for. select the check boxes for the desired Permissions For User or Group name list. Repeat steps 5 and 6 to configure access for additional users. Click OK twice.
When taking the exam, expect questions where a user is granted access to a file but denied access through a group membership. Remember that although permission assignment are cumulative
denied access overrides all others permissions.
NTFS
Protected files and folders as long as windows is
running
EFS
Protects files and folders by encrypting them on
the disk. Windows control access to the decryption key and provides its only to authorized users.
3.
4. 5.
Open Windows Explorer Right-click the file or folder, click Properties. In the General tab, click Advanced. Select the Encrypt Contents to Secure data check box. Click Ok twice.
To share an EFS-protected files with other users on your local computer, follow these steps: 1. Open the Properties dialog box for an encrypted file. 2. In the General tab, click advanced. 3. Click the Details button. 4. Click the Add button. 5. Select the user you want to grant access to, click Ok. 6. Click Ok three more times to close all open dialog boxes
Security Setting\ Public Key Policies\ Encryption File System] node Choose Properties to open the Encryption file system properties dialog box
Display Key Backup Notifications Where user key Is created or change Allow EFS to Generate Self-Signed Certificate When A Certification
1.
To enable recovery of encrypted files, EFS supports DRAs DRAs can decrypt the encrypted files To configure an enterprise DRA, Follow these steps:
Configure an enterprise CA.
i.e. , you can install the Windows Server 2008 Active Directory Certificate Services server role. The default settings work well.
2.
3.
4.
Right-click [Computer Configuration\Policies\Windows Settings\ Security Settings\Public Key Policies\Encrypting File System] Create Data
Recovery Agent.
The Group Policy Management Editor creates a file recovery certificate for the DRA account.
accounts password
Lesson 2
1. 2. 3. 4. 5.
6.
In Server Manager, Select Right-click Roles. Choose Add Role. On the Before You Begin Page, click Next. On the Server Roles Page, Select the File Services Check box. Click Next. On the File Services page, click Next. On the Select Role Services Page, Select from the following roles:
File Server Distributed File System File Server Resources Manager Services for Network File System Windows Search Service Windows Server 2003 File Services Respond to any roles service wizard that appear. On the Confirmation page, click Install. On the Results page, click Close.
7. 8.
You can Access the File-Service tools using the Roles\File Services node in the server manager.
Disk quotas make it easy to monitor users who consume more than a specified amount of disk space You can Configure disk quotas Using: 1. The Quota Management Console 2. The DirQuota command-line tool 3. The Group Policy Settings 4. The Windows Explorer
You can mange disk quotas Using: 1. The Quota Management Console
The Quota Management snap-in supports the use of quota Templates Creating Quota Templates:
100 MB Limit
Define hard quota of 100MB per user, Send e-mail warnings to the user at 85%, 95%, Send e-mail to the user & administrator at 100% Define hard quota of 200MB per user, Send e-mail warnings to the user at 85%, 95%, Send e-mail to the user & administrator at 100% Send e-mail warnings to the user & administrator when quota reached 200MB Then apply 250MB Extended Limit the user to 250MB Send e-mail warnings to the user at 70%, 80%, 90%, 100% of the 20GB soft quota Send e-mail warnings to the user at 80%, 90%, 100%, 120M of the 500MB soft quota
Quota Templates, choose Create Quota Template 2. In the Create Quota Template dialog box, select template you want to base your new template on, click Copy 3. To Add threshold, edit a quota template or a quota, and then click Add.
1. 2.
3.
4.
5.
Create Quota. Click the Browse button to select a folder to apply the quota to, click Ok. Optionally, select Auto Apply Template And Create Quotas On Existing And New Sub Folders. Selecting this option applies a template to any new folders created within the parent folder you select. Select the Derive Properties From This Quota Template option, and then select the quota template from the drop-down list. Otherwise, you can select the Define Custom Quota Properties option click the Custom Properties button to define a quota not based on an existing template. Click Create.
Use the DirQuota command to configure disk quotas at the command prompt or from a script.
For example, the following command applies the
standard 200MB Limit Reports To User template to the C:\ Shared folder:
dirquota quota add/Path: c:\Shared /SourceTemplate: 200MB Limit Reports To User
command:
DirQuota/?.
4.
Management Select the Limit Disk Space To option. Specify the limit and warning levels.
Windows does not notify users if they exceed either threshold.
5.
To add an event for the warning or limit levels select The Log Event When A User Exceeds Their Quota Limit or Their Warning Level.
Use event triggers to send an e-mail or run a program when these events are added.
6.
Optionally, select the Deny Disk Space To Users Exceeding Quota Limit check box.
If you choose this check box users will be unable to save or update files when they exceed their quota limit. Instead, create an event trigger that notifies IT when a user exceeds the quota limit so that IT can follow up with the user.
7.
usage.
In the Quota Entries window, double-click a user to configure a user-specific quota that differs from the default settings for the disk.
8.
Click OK to close the Quota settings For user name dialog box, close the Quota Entries For drive letter window, click OK again to close the
You can share folders, configure quotas, and specify security by following steps:
1. In Server Manager, Right-click [Roles\File
Services\Share And Storage Management] choose Provision Share. 2. On the Shared Folder Location page, Click the Browse button to select the folder to share. Click OK. Click Next. 3. On the NTFS Permission page, select Yes, Change NTFS Permissions if necessary, Click Edit Permissions. Configure the NTFS permissions as necessary Click OK. Click Next.
4.
On the Share Protocols page you can choose whether to share the folder using Windows protocol or using a UNIX protocol.
Typically, SMB will suffice, even for UNIX clients. SMB = Server Message Blook On the SMB Settings page, click Advanced if you want to
5.
6.
change the default settings for the number of simultaneous users permitted or Offline Files. Click Next. On the SMB Permissions page, select the permissions you want to assign.
To define custom permissions, select Users And Groups Have Custom Share Permissions, click the Permissions button. Click Next.
On the Quota Policy page, select the Apply Quota check box if you want to define a quota. select a quota template. Click Next. 8. On the File Screen Policy page, select the Apply File Screen check box if you want to allow only specific types of files in the folder. select the file screen you want to use. Click Next. 9. On the DFS Namespace Publishing page, select the Publish The SMB share to A DFS Namespace check box if desired. provide the DFS namespace information. Click Next. 10. On the Review Settings And Create Share page, click Create. 11. Click Close.
7.
storage Management\File Server Resource Manager\File Screening Management] node of Server Manager. Using the FileScrn.exe command-line tool in scripts or when running Windows Server 2008 Server Core.
To share folders from a script or a command prompt use the net share command.
To view existing shares, type:
net share
To share the same folder with read access for everyone but disallow Offline Files, type:
net share Files=C:\Shared/GRANT: Everyone, Read/CACHE: None
parameter:
To connect to shared folders across the network Use: The Universal Name Convention (UNC) Format:
\\<server_name>\<share_name>
DFS (Distributed File System) provide a single namespace that allows users to connect to any shared folder in your organization
All shared folders can be accessible using a
3.
If you dont create a DFS namespace or add folders, you can add them later using the DFS Management console in Server Manager.
On the DFS Namespace page, choose whether to create a namespace. Click Next. If the Namespace type page appears, choose whether to use a domainbased (Active Directory environments) or stand-alone namespace (workgroup environments). If all DFS server for the namespace are running Windows Server 2008, enable Window Server 2008 mode. Click Next. If the Namespace Configuration page appears, click Add button to add folders. You can also do this later using the DFS Management snap-in. click Next.
3.
4.
5. 6.
In Server Manager, right-click Roles\File Services\DFS Management\Namespaces choose New Namespace. On the Namespace Server page, type the name of the server that will host the namespace for redundancy. Users do not reference the server name when accessing the DFS namespace. Click Next. On the Namespace Name And Settings page, type a name. This name acts as the share name when users access the DFS namespace Click the Edit Settings button to configure the permission for the namespace. Click next. On the Namespace Type page, choose whether to create a domainbased namespace or a stand-alone namespace. Click Next. On the Review Settings And Create Namespace page, click Create. On the Confirmation page, click Close.
2.
3.
Services\Share And Storage Management]. 2. In the details pane, right-click the share you want to configure, choose Properties. 3. Type the name for the folder,
4.
if you want the folder to contain files, click Add button to associate it with a shared folder, If you add multiple folder target, you can configure automatic replication between folders
Click OK
Use the DFSUtil tool to configure DFS form a command prompt or script
To view the DFS roots in a domain, run
dfsutil domain <domain_name>
in, run
To Configure Offline caching behavior for a shared folder, follow these steps:
In Server Manager, select [Roles\File Services\Share And Storage Management]. 2. In the details pane, right-click the share you want to configure, choose Properties. 3. In the Sharing tab, click Advanced. 4. In the Advanced dialog box, click the Caching tab. Select one of the following three options, click OK twice.
1. 1.
Only The Files And Programs That Users Specify Are Available Offline.
Works well when users understand how to use offline files
2.
All Files And Programs That Users Open From The Share Are Automatically Available Offline.
Works well when users dont understand how to use offline files
3.
if you choose the first option, users must configure mapped drives for use with Offline Files. In Windows Vista, configure a mapped drive for Offline Files by following these steps:
1. In Windows Explorer, right-click the network folder, choose Properties. 2. On the Offline Files tab, select the always Available Offline check box. click OK.
Lesson 3
Allow backup software to access files that are in use Volume Shadow Copy creates a shadow copy of the files in its current state and then given the backup process the access to the shadow copy.
You can manage shadow copies using the Windows Explorer interface. Follow these steps:
1. 2.
3. 4. 5. 6.
In Windows Explorer, right-click a volume, choose Configure Shadow Copies. In the Select A Volume list, select the volume you want to configure. Then, do any of the following: Click Enable, click Yes to enable shadow copies on the volume. Similarly, you can click Disable click Yes to turn shadow copies back off. Click Settings to define where shadow copies are stored, how much space they will consume, and how often they will be created. Click Create Now to immediately create a shadow copy. Click OK.
You can manage shadow copies from the command prompt using the VSSAdmin tool.
To create a shadow copy of the C:\ volume, run the following
you could revert to the shadow copy using the following command:
Windows server backup copies an entire disk volume on a .vhd file on a second local disk. After performing you can restore individual files or an entire volume
2.
In Server Manager, right-click Features, choose Add Features. On the Features page, expand Windows Server Backup Features. select either the Windows Server Backup check box(for graphical tools)or the Command-Line Tools check box(to script backups), or both check boxes.
If you are prompted to install additional features to support the Command-Line Tools, click Add Required Features. click Next. On the Confirmation page, click Install. On the Results page, click Close.
3. 4.
2. 3.
dialog box. In the Actions pane, click Backup Once. On the Backup Options page, choose whether to use the same or new options click Next.
If you choose to use the same options, you will skip to step 9. On the Server Backup Configuration page, choose
4.
whether to backup the full server or select Custom to select specific volumes. If you are backing up to a local disk, you should select Custom so that you can exclude the backup volume from the backup. click Next.
If the Select Backup Items page appears, select the check boxes for the volumes you want to back up, click Next. 6. On the Specify Destination page, choose whether to back up locally or to a shared folder on the network. Click Next. 7. On the Select Backup Destination page, choose where to save the backup file. Click Next. 8. On the Specify Advanced Option page, leave the default setting of VSS Copy Full Backup selected to protect VSS log files that might be used by other backup applications. If you do not use another backup application, select VSS Full Backup. Click Next. 9. On the Confirmation page, click Backup. 10. On the Backup Progress page, you can watch the backup progress or click Close to allow the backup to continue in the background.
5.
Scheduling backups requires a dedicated local disk To schedule a backup to run automatically, follow these steps:
1.
2. 3. 4.
5.
Server Backup. In the Action pane, click Backup Schedule. On the Getting Started page, click Next. On the select Backup Configuration page, choose whether to back up the full server or select Custom to select specific volumes. If you are backing up to a local disk, you should select Custom so that you can exclude the backup volume from the backup. If the Select Backup Items page appears, select the check boxes for the volumes you want to back up, click Next.
6. On the Specify Backup Time page, select the time and frequency of your backups. Click Next. 7. On the Select Destination Disk page, choose where
8.
9. 10. 11.
to save the back up file. This disk will be reformatted , and all data will be lost. Click Next. Click Yes when prompted. On the Label Destination Disk page, click Next. On the Confirmation page, click Next. On the Summary page, the Backup Schedule Wizard formats the backup destination disk. Click Close.
To initiate a backup of the C drive to L drive, you would run the following command prompt from an elevated command prompt:
wbadmin start backup backupTarget:L: -include:C:
-quiet
parameters.
1.
2.
What command should you run to configure shadow copies? What command should you run to initiate a backup?
You can restore individual files from a backup or a recent shadow copy by following these steps:
1. In Windows Explorer, right-click a file you want to restore, choose Restore Previous Versions.
2.
Select the version you want to restore, click
In the Action pane, click Recover. On the Getting Started page, select the server to recover, click Next. On the Select Backup Date page, choose the backup from which to recover. click Next. On the Select Recovery Type page, choose one of the following three options, click Next:
1.
2.
3.
Files And Folders: browse files that have been backed up and select specific files, folders, or both to be recovered. Applications: applications can register with Windows Server Backup to store application-specific data. volumes: allows you to restore an entire volume. However, you cannot use this to restore the operating system volume.
To do that, follow the steps of Recovering from a Backup When Windows Will Not Start
6. If the Select Items To Recover page appears, browse the backup to select a folder or files to recover, click Next, click OK.
7. If the Specify Recovery Options page appears, choose the backup destination and whether existing files will be overwritten. Click Next. 8. If the Select Volumes page appears, select the volume check box, click Next. 9. On the Confirmation page, click Recover. 10. On the Recovery Progress page, click Close.
you can start the computer from the Windows Server 2008 DVD and use the Windows Complete PC Restore Wizard to recover the operating system. Follow these steps:
1.
the computer. 2. When the Press Any Key To Boot From The CD prompt appears, press a key.
3. On the language selection page, click Next. 4. Click Repair Your Computer.
Choosing to repair your computer from the Windows Server 2008 DVD
5. On the System Recovery Options dialog box, select the operating system instance, click Next. 6. Click Windows Complete PC Restore. 7. On the Restore Your Entire Computer From A
Different Backup if you need to restore an older backup , click Next. 8. On the Choose How To Restore The Backup page, click Next. 9. On the final page, click Finish. 10. In the dialog box, select the I Confirm check box, click OK.