Guide to MCSE 70-290, Enhanced
7-1
Chapter 7: Advanced File System Management
Objectives
After reading the chapter and completing the exercises, students should be able to:




Understand configure file and folder attributes
Understand and configure advanced file and folder attributes
Implement and manage disk quotas
Understand and implement the Distributed File System
Teaching Tips
File and Folder Attributes
1.
Introduce the four standard file and folder attributes available since MS-DOS. They will be discussed in
detail in following sections.
Read-only
1.
2.
3.
4.
Describe the read-only attribute. Note that it can be configured on the FAT, FAT32, and NTFS file
systems and discuss the differences in security among the systems.
Describe how to configure the read-only attribute from the Properties of a file or folder.
Note that the read-only attribute configured for a folder applies only to the files it contains. Also if the readonly checkbox appears as a solid gray, some but not all of the files have been marked as read-only.
Make sure that students understand that they can access a read-only file but cannot save changes or delete
the file.
Archive
1.
2.
3.
Describe the purpose of the archive attribute, particularly with respect to backup.
Discuss how to configure the archive attribute (note that this is different on FAT and FAT32 systems than
it is on NTFS systems).
Explain that the status of the archive attribute can be determined using Windows Explorer and the ATTRIB
command, but note that these are discussed in more detail later.
System
1.
2.
Note that this attribute has a rather inconsistent background going back to MS-DOS, but that in Windows
Server 2003, it is used in conjunction with the hidden attribute to control the display of files and folders.
Explain the concepts of “super hidden” and “protected operating system files”.
Explain that the system attribute can only be manipulated using the ATTRIB command as will be discussed
later.
Guide to MCSE 70-290, Enhanced
7-2
Hidden
1.
2.
Describe the purpose of the hidden attribute and the different display options (such as the semi-transparent
icon). Note the default display type.
Discuss how to configure the attribute from the View tab of the Folder Options program in the Tools menu
of Windows Explorer. Go over the relevant settings as shown in Figure 7-5. Particularly discuss the
“hidden file and folder” setting and the “hide protected operating system files” setting.
Activity 7-1: Viewing and Configuring File and Folder Attributes
Using Windows Explorer
1.
2.
3.
The purpose of this activity is for students to explore how file attributes are viewed and configured from
Windows Explorer.
Describe how to see the attributes associated with a file or folder from the Details of the View menu.
Explain the notation for the attributes.
Note how to access and use the Advanced Settings menu. Students will reconfigure attributes and observe
the results. Students will have the opportunity to explore various settings.
The ATTRIB Command
1.
2.
Discuss how the ATTRIB command can be used to view and configure the four main attributes discussed
above. Be sure that students understand this is a command-line utility and that they know how to invoke it.
Go over the syntax for viewing, adding, and removing attributes from a file or folder. Note that the
wildcard figure is supported.
Activity 7-2: Changing File Attributes Using the ATTRIB
Command
1.
In this activity, students will view and change file attributes from the command line. Students first create
files and folders, change attributes, and observe results using ATTRIB and Windows Explorer. Note that
this is a good opportunity to explore the implications of setting hidden and system attributes as well.
Teaching
Tip
This is the end of the section describing the four main attributes of files and folders. It is a
good opportunity to briefly review what they are and to set a context for the upcoming section
on Advanced Attributes.
Guide to MCSE 70-290, Enhanced
7-3
Advanced Attributes
1.
2.
3.
4.
Note that advanced attributes are only available for files and folders stored on NTFS partitions and
volumes.
Describe how to access the Advanced Attributes window and note the two sections of the Advanced
Attributes window as shown in Figure 7-9.
Discuss the two options in the Archive and Index attributes section of the window. Describe how the
window for folder is similar to that of a file and go over what is different.
Discuss the two options in the Compress or Encrypt attributes section of the window. Note that you cannot
encrypt and compress a file or folder at the same time.
File Compression
1.
2.
3.
Explain what compression does and that files and folders are automatically uncompressed when they are
accessed.
Note the color change that occurs in the Windows Explorer display when a file or folder is compressed
(blue by default).
Go over the issues that are involved when a compressed file or folder is moved or copied. Note that the
same rules apply to encrypted files.
Activity 7-3: Configuring Folder Compression Settings
1.
The objective of this activity is for students to explore using the Advanced Attributes window to configure
a folder to compress its contents. Students create and compress a folder and then observe results. Note that
the Size value in the properties of a file and the Size on disk value are different for compressed files.
COMPACT
1.
2.
3.
Note that COMPACT is a command-line utility that also can be used to control the compression attribute of
files and folders. Go over the syntax of the command with and without switches. Describe the most
common switches.
Note that COMPACT can only be used for NTFS files and folders.
Describe how to get help for the COMPACT command.
File Encryption
1.
2.
3.
4.
5.
Note the purpose of file encryption, relating security back to share and NTFS permissions.
Describe how encryption is done using session and public keys. Go over the encryption terms introduced
(file encryption key, data decryption field, etc.).
Explain that a problem with using keys that are specific to a user is what to do if the user leaves the
organization. Describe the concept of a data recovery agent and how that works. Note that there is a
default data recovery agent specified but that additional agents can be specified using Certificate Services
and Group Policy.
Describe how to configure EFS encryption for files and folders.
Note that encrypting a folder results in encrypting the content of the folder rather than the folder itself.
Discuss what happens when a file or folder is moved into or out of an encrypted folder. Mention again that
compression and encryption are mutually exclusive.
Guide to MCSE 70-290, Enhanced
7-4
Activity 7-4: Encrypting Files Using Windows Explorer
1.
2.
In this activity, students will be implementing and testing file encryption security using EFS. Students
create and configure an encryption folder, first exploring the mutual exclusivity of compression and
encryption. They create an encrypted file in the folder and observe what happens when another user
attempts to access the file. They explore what happens when a data recovery agent tries to access the file.
Note that the encrypted folder is colored green to help identify its encrypted status.
Sharing Encrypted Files
1.
2.
Note that Windows Server 2003 supports a new feature that allows encrypted files to be shared with
designated users other than a data recovery agent. Describe how to access and use the Encryption Details
window for an EFS-encrypted file.
Go over the list of issues that are discussed for sharing encrypted files. Note that more help on user
certificates is available if needed in the Help and Support Center.
The CIPHER Command
1.
2.
Describe how to use the CIPHER command-line utility to encrypt files and folders from the command line.
Go over the syntax of the command with and without switches. Note that a common use is to do bulk
encryption using the wildcard character.
Note that CIPHER is used only with the NTFS file system and cannot be used to encrypt files with their
read-only attribute set.
Activity 7-5: Encrypting Files Using the CIPHER Utility
1.
The objective of this exercise is to encrypt and decrypt files using the CIPHER utility. Students will create
a new folder and several new files. They will explore using CIPHER with and without a wildcard to
encrypt files and observe the results of this encryption.
Quick Quiz
1.
What are the four standard file and folder attributes that have been available since MS-DOS?
Answer: Read-only, archive, system, hidden
2.
True or False: The main purpose of the archive attribute is to provide a method for administrators and
applications to determine which files and folders have recently been created or changed.
Answer: True
3.
____________________ is a command-line utility that can be used to add or remove any of the four main
attributes of files and folders.
Answer: ATTRIB
4.
True or False: In order to uncompress a file before accessing it, you should disable its compression
attribute.
False: Files are automatically uncompressed when they are accessed.
Guide to MCSE 70-290, Enhanced
5.
7-5
The header attached to a file with encrypted data is known as the ____________________.
Answer: Data decryption field
Disk Quotas
1.
2.
3.
4.
5.
6.
Discuss with students why available disk space can become an issue and why management might choose to
limit the amount of space made available to individual users.
Go over the advantages of using disk quotas from both a management and planning perspective.
Note that disk quotas are disabled by default but can be enabled for any NTFS volume.
Explain how to configure default disk quotas from the Quota tab of the Properties of a volume or partition.
Go over the configuration parameters described in Table 7-1.
Explain how to configure a disk quota for a single user.
Note that if ownership of a file changes, it affects the disk quota.
Activity 7-6: Configuring and Managing Disk Quotas
1.
In this activity, students will enable and manage disk quota settings using the Quota tab of the Properties of
a drive. Students will set “soft quotas” and warnings for monitoring purposes and force a warning to be
generated. Discuss with students why warnings are useful.
Managed Disk Quotas from the Command Line
1.
2.
3.
Introduce the use of the FSUTIL utility for managing disk quotas. Describe the different FSUTIL QUOTA
subcommands and give examples of syntax. Note that the warning threshold and limit values are specified
in bytes.
Discuss using the Event Viewer to view the System log. Make sure that students are aware of how to
manage the quota events written to the log using the FSUTIL BEHAVIOR command and why they might
need to change the interval at which events are being logged.
Ensure that students know how to get more information about both the FSUTIL QUOTA and FSUTIL
BEHAVIOR commands from the Help and Support Center.
Distributed File System
1.
2.
Discuss with students the purpose of the Distributed File System. Note that the main tool for configuring
DFS is the Distributed File System console in Administrative Tools.
Describe the structure of a DFS share (root, links, etc.). Go over Figure 7-22 to be sure students understand
the difference between the actual physical structure of the files and folders and the structure that they see in
Windows Explorer.
Guide to MCSE 70-290, Enhanced
7-6
DFS Models
1.
2.
3.
Briefly introduce the two models for implementing DFS and go over Table 7-2 that summarizes the
models.
Note that Windows versions before Windows 2000 will need to have Active Directory client extensions
installed to access resources through DFS.
Go over the topology and elements of the domain-based DFS model, briefly explaining each of the
elements.
Activity 7-7: Implementing Domain-Based DFS and Creating
Links
1.
In this activity, students create a domain-based DFS root and add DFS links from the Distributed File
System console. They use the New Root Wizard to create a domain root. Then they will create links
within the root and observe the results.
Managing DFS
1.
2.
3.
Discuss the tasks that are involved in managing a DFS system once the root has been set up. Students
should know how to delete a root from the Distributed File System console. They should also be able to
remove a link.
Discuss the replication capability that was briefly introduced in the DFS Models section. Make sure that
students understand the concept of a replica set, why it is useful, and what is required. Note that they can
obtain information on configuring DFS replication in the Help and Support Center.
Introduce the problem of inaccessible DFS links due to server problems. Explain how to check the status
of a DFS root, link, or replica.
Quick Quiz
1.
What is a typical range of default disk space allotted on home folders that have disk quotas enabled?
Answer: 10 to 100 MB per user
2.
Disk quotas can be managed from the command line using the ____________________ command.
Answer: FSUTIL QUOTA
3.
What are the two models for implementing DFS?
Answer: standalone model and domain-based model
4.
True or False: A DFS root is the container for DFS links.
Answer: True
Guide to MCSE 70-290, Enhanced
7-7
Class Discussion Topics
1.
2.
3.
Ask students to discuss the issues involved in setting disk quotas from both a management perspective and a
user perspective. Does it basically come down to a lack of responsibility on the part of users? Or is the
management of an organization acting too harshly when they set quotas, basically assuming that users will be
irresponsible?
Do students feel that the different levels of “hidden” files and folders are valuable? Is the combination of
system and hidden attributes effective or can they imagine a different representation that might be less
cumbersome?
As an employee of an organization, when would you use encryption? What types of things should be
encrypted? Who should decide what things should be encrypted? Is there any reason not to encrypt
documents?
Additional Projects
1.
Use the Internet to research the history of encryption. What are the some common encryption tools available
today? How does key cryptography work?
2.
Do some research on the use of indexing in Windows Server 2003. Is this a useful feature? Does it have any
drawbacks?
3.
Research and describe the options available for the FSUTIL QUOTA and FSUTIL BEHAVIOR commands.
Solutions to Additional Projects
1.
At a minimum, students should note that encryption preceded the advent of computers, but that the ability to
make and break codes was greatly enhanced by their arrival. In addition to Microsoft’s Encrypting File System,
encryption systems have included dedicated machines (Enigma), DES, RSA, and PGP. Key cryptography
requires a public and a private key that are related algorithmically. Only the public key is ever given out to be
used for encryption and only the private key can be used for decryption.
2.
At a minimum, students should understand that the Windows Indexing Service is similar to what they are used
to in their browser in terms of the types of searches that can be performed on text in documents. After you turn
on the Indexing Service, it searches the system and builds catalogs that contain an index of file-system items
and their property information. Each time a user performs a search in the catalogs, the search uses the index.
Indexing is computation-intensive and slows down performance in the system when used extensively.
3.
The FSUTIL QUOTA command has the following forms:
 fsutil quota [disable] volumename (disables quota tracking and enforcement on the specified volume)
 fsutil quota [enforce] volumename (enforces quota usage on the specified volume)
 fsutil quota [modify] volumename threshold limit [username] (modifies an existing disk quota or
creates a new quota)
 fsutil quota [query] volumename (lists existing disk quotas)
 fsutil quota [track] volumename (track disk usage on the specified volume)
 fsutil quota [violations] (searches the system and application logs and displays a message to indicate
that quota violations have been detected, or that a user has reached their quota threshold or quota limit)
The FSUTIL BEHAVIOR command has a number of different behaviors. It can be used to query the current
settings for generating 8.3 character-length file names, allowing extended characters in 8.3 character-length file
names on NTFS volumes, updating the last access timestamp on NTFS volumes, how often quota events are
written to the system log, NTFS paged pool and NTFS non-paged pool memory cache levels, and the size of the
master file table (MFT) Zone. Enables or disables the use of 8.3 character-length file names, allowing extended
Guide to MCSE 70-290, Enhanced
7-8
characters in 8.3 character-length file names on NTFS volumes, and updating the last access timestamp on
NTFS volumes. Enables you to change how often quota events are written to the system log, to change the
internal cache levels of NTFS paged pool and NTFS non-paged pool memory, and to change the amount of disk
space reserved for the MFT Zone. It supports the following forms:
 fsutil behavior query {disable8dot3|allowextchar|disablelastaccess|quotanotify|memoryusage|mftzone}
(queries the file system behavior parameters)
 fsutil behavior set [{disable8dot3 {1|0}|allowextchar {1|0}|disablelastaccess {1|0}|quotanotify
frequency|memoryusage value|mftzone value}] (changes the file system behavior parameters)