Objectives
• Discuss File Services in Windows Server 2008
• Install the Distributed File System in Windows
Server 2008
• Discuss and create shared file resources in
Windows Server 2008
• Encrypting File Services
1
Introduction to File Services
• Functions of the Windows Server 2008 File
Services role
–
–
–
–
–
File Server
Distributed File System
File Server Resource Manager
Services for Network File System
Windows Server 2003 File Services
2
File and Folder Sharing
• Sharing creates
– A network access point for clients to access data
across the network
• Clients use
– Server Message Block (SMB) connections to access
shared resources
3
Public and Standard Sharing
• Public folder sharing
– Allows users to share files with all the users logged on
locally or on the network, if that feature is enabled
– Public folders are located in the
• %systemdrive%\Users\Public directory
• Standard file sharing
– Makes files and folders accessible from a network
location
– NTFS
• The preferred format in Windows Server 2008
• Shares on FAT32 volumes can only use share
permissions
4
Share Permission
• Share-level permissions
– Defined at the shared resource level
– Allow clients access to a network share
– Apply only when a file or folder is being accessed via
the network
– Do not apply to a user logged into the machine locally
5
Hidden Shares
• Default and administrative shares
– Administrative shares can be identified by name
because they always end with a dollar sign ($)
– Default shares include:
•
•
•
•
Drive Letter Shares
Admin$
IPC$
NETLOGON
6
NTFS Permission
• User-level permissions
– Defined at the folder or file level
– NTFS
• The preferred file system used in Windows networks
• Permissions apply anytime a file or folder resource is
accessed
• Permissions are divided into two types: file permissions
and folder permissions
7
Access Control
• Access control lists (ACL)
– Used by NTFS to define permissions to resources
• Authentication
– Token: object attached to a user’s account that
validates the user’s identity and privileges
– Security identifiers (SIDs): used to make every
user, computer, and resource on a network unique
8
Deploying Shares
• File and folder sharing can be implemented through:
– Shared Folders console
• Computer Management console
– Windows Explorer
• File Sharing Wizard or Right ClickPropertiesSharing
– Net share command
– Share and Storage Management console
9
Offline Files
• Allow shared file resources to be available to clients
when they are not connected to the network
• Caching: defined by administrators at the shared
resource level
10
Encrypting File Services
• Symmetric encryption
– Uses a single key and is faster and more efficient than
public key encryption
• Public-Private key pair (asymmetric) encryption
– Each user has a public key available to everyone and a
private key known only to the user
• EFS in Windows Server 2008
– When a user encrypts a file, a symmetric file encryption
key (FEK) is generated that EFS uses to encrypt the file
– User’s public key locked FEK
– Only user’s private key can unlock FEK
– EFS only affects accessing file LOCALLY
11
Introduction to DFS (Distributed File System)
Distributed File System
• Distributed File System (DFS)
– Set of client and server services that allows companies to
deploy their shared file resources as a single file structure
– Comprised of two technologies
• DFS namespace
Allows you to create an entry point for shared file
resources using a naming convention of your choice
Two types of implementations
» Domain-based
» Stand-alone
• DFS replication: Synchronize Data within DFS
• Load balancing
• Fault Tolerance
• Backup centralization
14
15
16
Configuring DFS
• Steps for deploying DFS
– Install the File Services role and the Distributed File System
role services
– Create a namespace to act as a central point for access
– Add folders to the namespace
– Configure the DFS referral order
– Create a DFS replication group
17
18
Configuring DFS (continued)
• Adding servers to DFS namespace
– Once added to the DFS namespace
• The new server creates the file system hierarchy for
the namespace in its DFS root located at c:\DFSRoot
• Configuring the DFS referral order
– DFS namespaces use a referral order to determine
the DFS server that will provide shared resources to
client requests
19
Managing Server 2008 with FSRM
• FSRM (File Server Resource Manger) allows
administrators to perform various tasks in
managing files and disk volumes through the
FSRM console, including:
– Managing file and disk quotas
– Screening files using built-in and custom templates
• Block specific types of files from being stored in
Windows Server 2008 file directories
– Creating reports on storage resources
• Forecast space needs and plan for deploying
additional storage
20