Windows Server 2008 R2 Unleashed (215 page)
Read Windows Server 2008 R2 Unleashed Online
Authors: Noel Morimoto
GPO to leave it in; instead, define it within the member policy setting of a
restricted group.
. When naming group policies, try to use naming conventions that will more easily
help identify the function of the policies for the organization.
. Assign or publish software to high-level Active Directory objects. Because Group
Policy settings apply by default to child containers, it is simpler to assign or publish
applications by linking a Group Policy Object to a parent organizational unit or
ptg
domain as long as each of the objects in the child containers requires the application.
. Assign or publish just once per Group Policy Object. When multiple packages are
included in a single policy, often only one package gets applied and they do not
necessarily get processed in order.
. When using folder redirection for user profile folders, allow the system to create the
folders and ensure that the share and root folder permissions are set up appropri-
ately to allow this.
. Configure policies with application control policies to be processed by machines
running Windows 7 Enterprise and Ultimate operating systems and/or Window
Server 2008 R2 systems.
. Use fully qualified (UNC) paths, such as \\server.companyabc.com\share or DFS
links such as \\companyabc.com\share.
. Have systems administrators use standard user accounts to do their day-to-day tasks
and use User Account Control to allow for prompting of elevation when administra-
tor privileges are required.
IN THIS CHAPTER
File System Management
. Windows Server 2008 R2 File
System Overview/Technologies
and Fault Tolerance
. File System Access Services
and Technologies
. Windows Server 2008 R2 Disks
. Utilizing External Disk
Subsystems
Computer networks were created to share data. The most
. Managing Windows Server
primitive form of sharing data on computer networks, of
2008 R2 Disks
course, is accessing files and folders stored on networked
. System File Reliability
systems or central file servers, such as Windows Server 2008
R2 file servers.
. Adding the File Services Role
As data storage needs and computer services have evolved
. Managing Data Access Using
Windows Server 2008 R2
in the past 20 or so years, many different methods have
Shares
become available to present, access, secure, and manage
ptg
data. As an example, data can be accessed through a web
. Volume-Based NTFS Quota
browser; by accessing data stored on external storage media,
Management
such as USB drives, floppy disks, CDs, and DVDs; and by
. File Server Resource Manager
accessing data stored on any of the different types of media
(FSRM)
for the many different operating systems, network storage
devices, and file systems available.
. The Distributed File System
. Planning a DFS Deployment
This chapter covers the file system features and services
included with Windows Server 2008 R2. The goal of this
. Installing DFS
chapter is to introduce administrators to the Windows Server
. Managing and Troubleshooting
2008 R2 file services and give them the tools they require to
DFS
deploy fault-tolerant and reliable enterprise file services for
their organizations using Windows Server 2008 R2.
. Backing Up DFS
. Using the Volume Shadow
Copy Service
Windows Server 2008 R2 provides many services that can
be leveraged to deploy a highly reliable, manageable, and
fault-tolerant file system infrastructure. This section of the
chapter provides an overview of these services.
1098
CHAPTER 28
File System Management and Fault Tolerance
Windows Volume and Partition Formats
When a new disk is added to a Windows Server 2008 R2 system, it must be configured by
choosing what type of disk, type of volume, and volume format type will be used. To
introduce some of the file system services available in Windows Server 2008 R2, you must
understand a disk’s volume partition format types.
Windows Server 2008 R2 enables administrators to format Windows disk volumes by
choosing either the file allocation table (FAT) format, FAT32 format, or NT File System
(NTFS) format. FAT-formatted partitions are legacy-type partitions used by older operating
systems and floppy disk drives and are limited to 2GB in size. FAT32 is an enhanced
version of FAT that can accommodate partitions up to 2TB and is more resilient to disk
corruption. Data stored on FAT or FAT32 partitions is not secure and does not provide
many features. NTFS-formatted partitions have been available since Windows NT 3.51 and
provide administrators with the ability to secure files and folders, as well as the ability to
leverage many of the services provided with Windows Server 2008 R2.
NTFS-Formatted Partition Features
NTFS enables many features that can be leveraged to provide a highly reliable, scalable,
secure, and manageable file system. Base features of NTFS-formatted partitions include
ptg
support for large volumes, configuring permissions or restricting access to sets of data,
compressing or encrypting data, configuring per-user storage quotas on entire partitions
and/or specific folders, and file classification tagging, which is discussed later in this chapter.
Several Windows services require NTFS volumes; as a best practice, we recommend that
all partitions created on Windows Server 2008 R2 systems are formatted using NT File
System (NTFS).
File System Quotas
File system quotas enable administrators to configure storage thresholds on particular sets
of data stored on server NTFS volumes. This can be handy in preventing users from inad-
vertently filling up a server drive or taking up more space than is designated for them.
Also, quotas can be used in hosting scenarios where a single storage system is shared
between departments or organizations and storage space is allocated based on subscription
or company standards.
The Windows Server 2008 R2 file system quota service provides more functionality than
was included in versions older that Windows Server 2008. Introduced in Windows 2000
Server as an included service, quotas could be enabled and managed at the volume level
only. This did not provide granular control; furthermore, because it was at the volume
level, to deploy a functional quota-managed file system, administrators were required to
create several volumes with different quota settings. Windows Server 2003 also included
the volume-managed quota system, and some limitations or issues with this system
included the fact that data size was not calculated in real time. This resulted in users
exceeding their quota threshold after a large copy was completed.
Windows Server 2008 R2 File System Overview/Technologies
1099
Windows Server 2008 and Windows Server 2008 R2 include the volume-level quota
management feature but also can be configured to enable and/or enforce quotas at the
folder level on any particular NTFS volume using the File Server Resource Manager service.
Included with this service is the ability to screen out certain file types, as well as real-time
calculation of file copies to stop operations that would exceed quotas thresholds.
Reporting and notifications regarding quotas can also be configured to inform end users
and administrators during scheduled intervals, when nearing a quota threshold, or when
the threshold is actually reached.
Data Compression
NTFS volumes support data compression, and administrators can enable this functionality
at the volume level, allowing users to compress data at the folder and file level. Data
compression reduces the required storage space for data. Data compression, however, does
have some limitations, as follows:
. Additional load is placed on the system during read, write, and compression and
decompression operations.
. Compressed data cannot be encrypted.
Data Encryption
ptg
NTFS volumes support the ability for users and administrators to encrypt the entire
volume, a folder, or a single file. This provides a higher level of security for data. If the
disk, workstation, or server the encrypted data is stored on is stolen or lost, the encrypted
data cannot be accessed. Enabling, supporting, and using data encryption on Windows
volumes and Active Directory domains needs to be considered carefully as there are
administrative functions and basic user issues that can cause the inability to access previ-
ously encrypted data.
File Screening
28
File screening enables administrators to define the types of files that can be saved within a
Windows volume and folder. With a file screen template enabled, all file write or save
operations are intercepted and screened and only files that pass the file screen policy are
allowed to be saved to that particular volume or folder. The one implication with the file
screening functionality is that if a new file screening template is applied to an existing
volume, files that would normally not be allowed on the volume would not be removed if
they are already stored on it. File screening is a function of the File Server Resource
Manager service, covered in the “File Server Resource Manager (FSRM)” section later in
this chapter.
File Classification Infrastructure
Windows Server 2008 R2 includes a new feature called the File Classification Infrastructure
(FCI). The FCI enables administrators to create classification policies that can be used to
identify files and tag or classify files according to properties and policies defined by the
file server administrators. FCI can be managed by using the File Server Resource Manager
1100
CHAPTER 28
File System Management and Fault Tolerance
console and allows for file server administrators to identify files and classify these files by
setting specific FCI property values to these files based on the folder they are stored in
and/or based on the content stored within the file itself. When a file is classified by FCI, if
the file is a Microsoft Office file, the FCI information is stored within the file itself and
follows the file wherever it is copied or moved to. If the file is a different type of file, the
FCI information is stored within the NTFS volume itself, but the FCI information follows
the file to any location it is copied or moved to, provided that the destination is an NTFS
volume hosted on a Windows Server 2008 R2 system. More information on FCI is detailed
later in this chapter.
Volume Shadow Copy Service (VSS)
Windows Server 2003 introduced a file system service called the Volume Shadow Copy
Service (VSS). The VSS enables administrators and third-party independent software
vendors to take snapshots of the file system to allow for faster backups and, in some cases,
point-in-time recovery without the need to access backup media. VSS copies of a volume
can also be mounted and accessed just like another Windows volume if that should
become necessary.
Shadow Copies of Shared Folders
ptg
Volume shadow copies of shared folders can be enabled on Windows volumes to allow
administrators and end users to recover data deleted from a network share without having
to restore from backup. The shadow copy runs on a scheduled basis and takes a snapshot
copy of the data currently stored in the volume. In previous versions of Windows prior to
Windows Server 2003, if a user mistakenly deleted data in a network shared folder, it was
immediately deleted from the server and the data had to be restored from backup. A
Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2 NTFS volume
that has shadow copies enabled allows a user with the correct permissions to restore
deleted or overwritten data from a previously stored shadow copy backup. It is important
to note that shadow copies are stored on local volumes and if the volume hosting the
shadow copy becomes inaccessible or corrupted, so does the shadow copy. Shadow copies
are not a replacement for backups and should not be considered a disaster recovery tool.
Volume Shadow Copy Service Backup
The Volume Shadow Copy Service in Windows Server 2008 R2 also provides the ability for
Windows Backup and third-party software vendors to utilize this technology to improve
backup performance and integrity. A VSS-compatible backup program can call on the
Volume Shadow Copy Service to create a shadow copy of a particular volume or database,
and then the backup can be created using that shadow copy. A benefit of utilizing VSS-
aware backups is that the reliability and performance of the backup is increased as the
backup window will be shorter and the load on the system disk will be reduced during the
backup. More information on volume shadow copy backups is detailed in Chapter 30,
“Backing Up the Windows Server 2008 R2 Environment.”
Windows Server 2008 R2 File System Overview/Technologies
