- Extended attributes: Archive, Index (not Windows Search Service), Compress, Encrypt
- -When you check read-only for a folder, the folder is read-only, but not the files in the folder.
- -This means the folder cannot be deleted from the command prompt (even though the folder attribute says “Only applies to files in a folder”).
- -When a file is checked as read-only, it also cannot be deleted from the command prompt.
- -Most Windows Server 2008 server administrators ignore the read-only attribute box and set the equivalent protection in permissions instead, because the read-only permissions apply to the folder and can be inherited by its files.
- -Folders and files can be marked as hidden to prevent users from viewing their contents, which is a carryover from MS-DOS operating systems.
- -The hidden attribute can be defeated by any Windows 98 and above client using My Computer or Windows Explorer, if the user makes a selection in the operating system Control Panel Folder Options to view hidden files and folders.
Compression: how compression attribute is applied to files/folders
- -A folder and its contents can be stored on the disk in compressed format, which is an option that enables you to reduce the amount of disk space used for files, particularly in situations in which disk space is limited or for folders that are accessed infrequently, such as those used to store accounting data from a previous fiscal year.
- -Compression saves space and you can work on compressed files in the same way as on uncompressed files.
- -The disadvantage of compressed files is increased CPU overhead to open the files and to copy them.
- -On a busy server, this might be an important consideration.
- -Further, you can’t execute a compressed program file.
- -When you compress a folder, you have the option to compress the folder, its subfolders, and files in the folder.
- -Also, when you add new files to a folder marked with the compress attribute, the new files are compressed automatically.
- -By default, compressed files and folders are displayed in colored font, such as blue.
- and what happens when files are moved/copied.
- • When a file or folder is moved or copied, it will inherit the destination folder permissions.
- • The only exception is when a file/folder is moved within the same NTFS volume - then it will retain its original permissions.
- -The NTFS encrypt attribute protects folders and files so that only the user who encrypts the folder or file is able to read it.
- - An encrypted folder or file uses the Microsoft Encrypting File System (EFS), which sets up a unique, private encryption key associated with the user account that encrypted the folder or file.
- -The file is protected from network intruders and in situations in which a server or hard drive is stolen.
- -EFS uses both symmetric and asymmetric encryption techniques.
- -The symmetric portion uses a single key to encrypt the file or folder.
- -In the asymmetric portion, two encryption keys are used to protect the key for encrypting the file or folder.
- -Because the asymmetric portion is connected to a user account, the account should have a strong password to help ensure that attackers can’t guess it easily.
- -When you move an encrypted file to another folder on the same computer, that file remains encrypted, even if you rename it.
- -No prompt is given to retain the Encrypt attribute when you move the file.
- -The same holds true for copying the file to a different Windows Server 2008 (or 2003) server.
- -If the folder or file is moved to a Windows 2000 Server or Windows XP/Vista/7 computer, however, there should be a prompt to determine whether the Encrypt attribute is retained.
File/Folder NTFS permissions.
- • NTFS permissions are specified in the object’s ACL and are used to control access to the object
- • 2 Categories of permissions: Standard and Special
- • Standard are pre-set, frequently used permissions for objects
- • Special provide finer granularity to file/folder security
- • NTFS permissions can be assigned by an owner, a user with Full Control, or a user with Change Permissions.
- Also, a user with Take Ownership permission can take ownership of the file/folder and then change permissions.
- inherited permissions- Permissions of a parent object that also apply to child objects of the parent, such as to subfolders within a folder.
- -inherited permissions, which means that the same permissions on a parent object, such as the root folder in this case, apply to the child objects such as files and subfolders within the parent folder.
List of Standard permissions, what do they mean, and what do they include.
- • Read- Can view file contents, view folder attributes and permissions, but cannot traverse folders or execute files; applies to folders and files
- • Read&Execute- Implies the capabilities of both List folder contents and Read (traverse folders, view file contents, view attributes and permissions, and execute files); ; applies to folders and files
- • List Folder Contents- Can list (traverse) files in the folder or switch to a subfolder, view folder attributes and permissions, and execute fi les, but cannot view file contents; ; applies to folders only
- • Write- Can create files, write data to files, append data to files, create folders, delete files (but not subfolders and their files), and modify folder and file attributes; applies to folders and files
- • Modify- Can read, add, delete, execute, and modify files; cannot delete subfolders and their file contents, change permissions, or take ownership; applies to folders and files
- • Full Control- Can read, add, delete, execute, and modify files plus change permissions and attributes, and take ownership; applies to folders and files
- • An owner is the person who creates a folder/file.
- • Owner can change permissions
- • Ownership can be transferred to a user with Full Control or Take Ownership permissions
- • Administrators can always take ownership
- • Shared folder gives users access over the network
- • In Server 2008 sharing is more secure (not shared with Everyone by default)
- • Share permissions are different from NTFS (NTFS and share permissions are cumulative)
- • Deny permissions take precedence’
- • Shared folders can be cached
- • Shared Folders can be published in AD
- • Reader (former Read)
- • Contributor (former Change)
- • Co-owner (former Full Control)
- • Owner
How share and NTFS permissions combine.
- -When combining share and NTFS permissions always chose the MOST restrictive combination
- 1. Determine effective shared by choosing the least restrictive of all shared. The exception is Denied permission overrides Allow.
- 2. Determine effective NTFS by choosing the least restrictive of all shared. The exception is Denied permission overrides Allow.
- 3. Combine the results of steps 1 and 2 and choose the MOST restrictive permission out of share and NTFS. IF there is no overlap - no permissions are effective.
Publishing a shared folder in AD.
- -enable certain objects to be “published” so that users can find and access them quickly.
- -To publish an object means to make it available for users to access when they view Active Directory contents.
- -Publishing an object also makes it easier to find when a user searches for that object
Distributed File system – what is it,
Distributed File System (DFS) A system that enables folders shared from multiple computers to appear as though they exist in one centralized hierarchy of folders instead of on many different computers.
what is the DFS purpose?
- -If DFS is used in a domain, then shared folder contents can be replicated to one or more DCs or member servers, which means that if the original server goes offl ine then its shared folders are still available to users through the replica servers.
- Also, from the server administrator’s perspective, he or she can update software in a shared folder without having to make the folder temporarily inaccessible during the update.
- -A way to combine multiple shared folders on different servers into one hierarchy (under 1 root)
- • Shared folders can be set up so that they appear in one hierarchy of folders, enabling users to save time when searching for information.
- • NTFS access permissions fully apply to DFS on NTFS-formatted volumes.
- • Fault tolerance is an option by replicating shared folders on multiple servers resulting in uninterrupted access for users.
- • Access to shared folders can be distributed across many servers, resulting in the ability to perform load balancing, so that one server does not experience more load than others.
- • Access is improved to resources for Web-based Internet and intranet sites.
- • Vital shared folders on multiple computers can be backed up from one set of master folders.
- -In addition to enabling users to be more productive, server administrators are also immediately more productive because DFS reduces the number of calls to server administrators asking where to find a particular resource.
- -Another advantage of DFS in a domain is that folders can be replicated automatically or manually through Microsoft File Replication Service.
- -When you set up DFS so that shared folders are replicated on two or more servers (called targets), the Microsoft File Replication Service performs the copying to the target servers. Each time the contents of a DFS folder are changed, the Microsoft File Replication Service goes into action.
- Shared folders in DFS are copied to each designated target computer, which yields two significant advantages:
- • Important information is not lost when a disk drive on one server fails.
- • Users always have access to shared folders even in the event of a disk failure.
Difference between stand-alone and directory-based DFS.
- stand-alone DFS model - A DFS model in which no Active Directory implementation is available to help manage the shared folders. This model provides only a single or flat level share. - only exists on 1 server; Combine shared folder on only 1 server
- Directory-based DFS- combine shared across many different file server
- domain-based DFS model - A DFS model that uses Active Directory and is available only to servers and workstations that are members of a particular domain. The domain-based model enables a deep, root-based, hierarchical arrangement of shared folders that is published in Active Directory. DFS shared folders in the domain-based model can be replicated for fault tolerance and load balancing. - allows fault-tolerance and load balancing, as well as using AD for copying a folder to multiple targets
- -The stand-alone DFS model offers more limited capabilities than the domain-based model.
- -In the stand-alone DFS model, no Active Directory implementation is available to help manage the shared folders, and this model provides only a single or flat level share, which means that the main DFS shared folder does not contain a hierarchy of other shared folders.
- -Also, the stand-alone model does not have DFS folders that are linked to other computers through a DFS container that has a main root and a deep, multilevel hierarchical structure.
- -The domain-based DFS model has more features than the stand-alone approach.
- -Most important, the domain-based model takes full advantage of Active Directory and is available only to servers and workstations that are members of a domain.
- -The domain-based model enables a deep, root-based, hierarchical arrangement of shared folders that is published in Active Directory.
- -DFS shared folders in the domain-based model are replicated for fault tolerance and load balancing, whereas the stand-alone DFS model does not implement these features.
Printing process steps
- § Application client generates a print file
- § Application communicates with the Windows graphics device interface (GDI)
- § When the GDI is finished, the print file is formatted with control codes
- § The remote print provider at the client makes a remote procedure call to the network print server
- § The network print server uses four processes to receive and process a print file: router, print provider, print processor, and print monitor
- § The Server service calls its router, the Print Spooler service
- § While the file is spooled, the print provider works with the print processor to ensure that the file is formatted to use the right data type
- § The print monitor pulls it from the spooler’s disk storage and sends it off to the printer
Network printing process components
- § Local print device- A printer, such as a laser printer, physically attached to a port on the local computer.
- § Network print device- A printing device, such as a laser printer, connected to a print server through a network.
- § Print client- Client computer or application that generates a print job.
- § Print server- Network computer or server device that connects printers to the network for sharing and that receives and processes print requests from print clients.
- § Print job- A document or items to be printed.
- § Printer driver- Contains the device-specific information that Windows Server 2008 requires to control a particular print device, implementing customized printer control codes, font, and style information so that documents are converted into a printer-specific language.
Print Spooler service.
- spool file A print file written to disk until it can be transmitted to a printer.
- spooler In the Windows environment, a group of DLLs, information fi les, and programs that process print jobs for printing.
- spooling A process working in the background to enable several print fi les to go to a single printer. Each file is placed in temporary storage until its turn comes to be printed.
- -Spooling frees the server CPU to handle other processing requests in addition to print requests
Sharing a printer.
- • In Windows Server 2008, you can configure a printer that is attached to the server computer as a local printer
- ○ And then enable it as a shared printer
- • When you share a printer, the Windows Server 2008 server becomes a true print server
- printer pooling Linking two or more identical printers with one printer setup or printer share.
- -Involves configuring two or more identical printers connected to one print server
- ○ All of the printers in a pool must be identical so that they use the same printer driver and handle print files in the same way
- ○ The Add Port button enables you to add a new port
- ○ The Delete Port button is used to remove a port option from the list of ports
printer scheduling, printer priority scenarios.
- ○ The Advanced tab allows you to:
- ○ Have a printer available at all times
- ○ Limit the time to a range of hours
- ○ You can set the priority higher to give a particular printer or printer pool priority
- ○ Over other printers attached to the server
- ○ Printer scheduling can be useful when there is one printer and two printer objects (shares) for that printer
- ○ The Advanced tab provides the option to use spooled printing or to bypass the spooler
- ○ Works best to spool print jobs so they are printed on a first-come, first-served basis
- § Enable background printing so the CPU can work on other tasks
- § Also helps ensure that jobs are printed together
Managing print jobs (cancel, restart, resume)
- • Users with Print permissions can:
- ○ Send print jobs to the printer
- ○ Pause, resume, and restart their own print jobs
- ○ Cancel their own print jobs
- • Print Operators, Server Operators, and other groups having Manage documents permissions can:
- § Send print jobs to the printer
- § Pause, resume, and restart any user’s print jobs
- § Cancel any user’s print jobs
Basic vs. Dynamic storage.
- -basic disk In Windows Server 2008, a partitioned disk that can have up to four partitions and that uses logical drive designations. This type of disk is compatible with MS-DOS, Windows 3.x, Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Vista, Windows 7, Windows Server 2003, and Windows Server 2008.
- -dynamic disk In Windows Server 2008, a disk that does not use traditional partitioning, which means that there is no restriction to the number of volumes that can be set up on one disk or to the ability to extend volumes onto additional physical disks. Dynamic disks are only compatible with Windows Server 2008, Windows Server 2003, and Windows 2000 Server platforms.
MBR and GPT support.
- -Globally Unique Identifier (GUID) Partition Table or GPT A method for partitioning disks that allows for theoretically unlimited partitions and use of larger disks. In Windows Server 2008, the maximum number of partitions on a GPT disk is 128, and the maximum partition size is up to 18 exabytes.
- -Master Boot Record (MBR) Data created in the first sector of a disk, containing startup information and information about disk partitions.
- ○ When a drive is partitioned, a Master Boot Record (MBR) and a partition table are created
- § At the beginning track and sectors on the disk
- ○ The MBR is located in the first sector and track of the hard disk
- § Has startup information about partitions and how to access the disk
- ○ The partition table contains information about each partition created
Basic storage: partition types
- primary partition
- extended partition
- system partition
- boot partition
- active partition
- - Partition or portion of a hard disk that is bootable.
- -from which you can boot an OS, such as MS-DOS or Win2K Server. Can only have 4 per disk.
- - A partition that is created from unpartitioned free disk space and is linked to a primary partition in order to increase the available disk space.
- -serves to overcome limit of 4 primary partition, is not bootable. Can only have 1 per disk.
- - Partition that contains boot files.
- -contains O/S boot files. Can only exists on a primary
- - Holds the Windows Server 2008 Windows folder containing the system files.
- -contains O/S system files. Can exist on a primary or extended.
- - The partition from which a computer boots.
- ® Partition needs to be formatted with a file system after it’s created, and it can then be assigned a drive letter.
- ◊ At least 1 partition needs to be marked active , that’s where your computer will look for the hardware-specific files to start the operating system
Dynamic storage: volume types. Be able to figure out what volumes can be created give the disk requirements. Know which volumes are FT, and how to provide FT for applications and system/boot volumes.
- mirrored volume - RAID 1
- RAID-5 volume
- Simple volume
- Spanned volume
- Stripped volume - RAID 0
- - RAID 1
- -Two dynamic disks that are set up for RAID level 1 so that data on one disk is stored on a redundant disk.
- • Creating a shadow copy of data on a backup disk
- • Requires 2 disks
- • Most guaranteed FT, but less efficient use of disk space
- • Read performance is the same as on any single disk drive, Write is slower than on single disk, but faster than RAID-5. No performance degradation when 1 disk fails.
- • Disk Duplexing – 2 drives/2 controllers
- - Three or more dynamic disks that use RAID level 5 fault tolerance through disk striping and creating parity blocks for data recovery.
- • Similar to striped, but is fault-tolerant
- • Logically distributes the information simultaneously across all 3 or more disks, one of which stores parity
- • If 1 disk fails, data can be reconstructed, but if more than 1 – it can’t.
- • Writing is slower than striped, but reading is the same. When 1 disk fails performance degrades
- • Calculate usable space: parity takes 1/n of the data, where n= number of disks in the volume.
- • Free space areas on each drive need to be of equal size.
- - A portion of a disk or an entire disk that is set up as a dynamic disk.
- • A portion of a disk or an entire disk that is setup as a dynamic disk
- • Can be extended with an unallocated space
- • Doesn’t provide FT
- - Two or more Windows Server dynamic disks that are combined to appear as one disk.
- • Method of combining free space on 2 to 32 physical disks into a single volume with available space on each of the spanned disks of varying size
- • Storage is accomplished by filling the space on one disk and moving to each subsequent spanned disk
- • Not FT
- • Can be extended (only those formatted with NTFS)
- - RAID 0
- -Two or more dynamic disks that use striping so that fi les are spread in blocks across the disks.
- • Similar to spanned in that both permit 2-32 disks combined.
- • Logically distributes the information simultaneously across all the disks, unlike spanned which sequentially store data. This architecture provides faster I/O
- • Not FT
- • Free space areas on each disk need to be of equal size.
what is a mounted drive?
- -A physical disk, CD/DVD, removable drive, or other drive that appears as a folder and that is accessed through a path like any other folder.
- -One that appears as a folder and is accessed through a path like any other folder
advantages of a mounted drive?
- -Windows Server 2008 enables you to mount a drive as an alternative to giving it a drive letter
- -You can mount a basic or dynamic disk drive, a CD/DVD drive, or a removable drive