Windows Server 2008 R2 Unleashed (220 page)
Read Windows Server 2008 R2 Unleashed Online
Authors: Noel Morimoto
1120
CHAPTER 28
File System Management and Fault Tolerance
Sfc.exe can be configured to run using Group Policy. Sfc.exe options are configurable
using Group Policy with settings found in Computer Configuration\Policies\
Administrative Templates\System\Windows File Protection. This might be a good
option for supporting workstations to maintain system stability. It might also prove to be
useful for servers, but as a general guideline, use is on workstations and servers only when
system file corruption or driver issues have been reported as problematic.
Windows Server 2008 R2 systems, out of the box, can be used to share folder data right
after installation. To get the most out of the system, the File Services role should be added.
Adding the File Services role not only configures settings to optimize the system for file
sharing, but also enables the administrator to choose which file server options as well as
which tools for managing the file system will be installed. To install the File Services role,
perform the following steps:
1. Log on to the Windows Server 2008 R2 system with an account with administrator
privileges.
ptg
2. Click Start, click All Programs, click Administrative Tools, and select Server Manager.
3. In the tree pane, click on the Roles node.
4. In the tasks pane, click on the Add Roles link.
5. When the Add Roles window opens, read the information on the Before You Begin
page and if the system meets the recommendations to have a strong administrator
password, static IP address, and be updated with the latest Windows security
updates, click Next to continue.
6. On the Select Server Roles page, check the File Services check box, and click Next
to continue.
7. The next page provides a short introduction to the File Services role and notes the
fact that the Windows Search Service and the indexing service cannot be installed on
the same system. Click Next to continue with the installation of the File Services role.
8. The Role Services page enables administrators to select which File Services role
services will be installed on the system. The File Server service is selected by default.
In addition to this service, also check Windows Search Service to set up indexing of
the file system for faster searches and also check the File Server Resource Manager to
enable quota, file screening, file classification, and reporting functionality, as shown
in Figure 28.7. After checking the desired services, click Next to continue.
NOTE
When additional File Services role services are chosen, the corresponding tools to
manage the services are also installed.
Adding the File Services Role
1121
ptg
FIGURE 28.7
Selecting the File Services role services.
9. Because the File Server Resource Manager was selected, the next page is the
Configure Storage Usage Monitoring page. Check the box next to each drive letter
that will have storage reporting enabled and when completed, accept the default
settings for monitoring, and click Next to continue.
10. On the Set Report Options page, accept the defaults of storing reports on the root
folder, Storage Reports, and click Next to continue.
28
NOTE
Detailed configuration of the File Server Resource Manager reports and monitor settings
are outlined in the “File Server Resource Manager (FSRM)” section later in this chapter.
11. Because the Windows Search Service was selected, the next page will be the Select
Volumes to Index for Windows Search Service. Check the volumes that will contain
user data that should be indexed, and click Next to continue.
12. The Confirm Installation Selections page enables the administrator to review the
chosen settings. After confirming that the settings are correct, click Install to install
and configure the services and tools chosen.
13. Review the details on the results page and click Close to complete the installation.
1122
CHAPTER 28
File System Management and Fault Tolerance
Managing Data Access Using Windows Server
Providing access to data stored on a Windows Server 2008 R2 server can be very simple to
configure using Windows shares. Existing folders and entire drives can be shared with a
few clicks, but understanding who can access that data is critical to security and, in some
cases, licensing. Server shares are accessed using the UNC or Universal Naming
Convention of \\server\sharename. Administrators can configure a few different settings
when creating or updating shares. Share options or features include the following:
. Determining whether the share will be visible or hidden, based on the share name
. Setting the description of the share
. Configuring the type of share; if Server for NFS is installed, there will be two options
. Configuring the number of simultaneous connections allowed through the share
. Configuring the cache or offline sync settings of the share
. Enabling or disabling BranchCache
. Configuring access-based enumeration to control folder and file visibility based on
ptg
NTFS permissions
. Configuring NTFS permissions on the folder or volume hosting the file share
. Configuring share permissions to manage whether users can read, change, or have
full control over a share
Because sharing can be performed for CD drives, DVD drives, and FAT and NTFS volumes,
the configurable share permissions are limited to Full Control, Change, and Read. Full
Control permissions allow users to manage all data and to reset permissions. Change
allows users to manage all data and Read only allows users to read the data. Because share
permissions are not very granular, folder shares should be created only on NTFS volumes,
when possible, to increase the security of data.
When shares are created on NTFS volumes, both the Share and NTFS folder and file
permissions are applied to the user. Windows Server 2008 R2 will combine the permis-
sions, and the most restrictive permissions will apply. For example, if a folder located at
c:\users is shared and testuser1 is granted Read permission at the share and Change or
Modify permissions on the NTFS folder, testuser1 will only have Read permission when
accessing the data across the network through the share. If testuser1 logs on to the system
console and accesses the c:\users folder directly, testuser1 will have Change or Modify
permissions.
Access-Based Enumeration
A new sharing feature included with Windows Server 2008 and Windows Server 2008 R2 is
called access-based enumeration. Access-based enumeration, when enabled on a share,
hides the folders or files within the share from view for users who do not have access to
Managing Data Access Using Windows Server 2008 R2 Shares
1123
the data. Access-based enumeration, however, does not hide the share itself. This feature
can simplify data access for end users as they will only see what they can access, but, on
the flip side, users who are collaborating and trying to instruct their co-workers on where
to locate the data might be confused when the folders cannot be located.
Client-Side Caching and Offline Files
To provide flexibility for mobile users and to provide centralized storage for end-user data,
Windows Server 2008 R2 shares can be configured to allow, enforce, or disable client-side
caching of shared server data. Client-side caching (CSC) is a feature that enables data
shared on a server to be synchronized between the server and end-user workstations. This
enables end users to access data when the server is unavailable or when the workstation is
not connected to the company network. This feature also can be used to ensure that any
data stored in a synchronized end-user workstation folder is copied to the server for
centralized storage and backup and recoverability.
For CSC to function properly, both the workstation and the server must be configured to
support it. CSC from the workstation and server side is more commonly referred to as
Offline Files. Depending on the workstation operating system version, different synchro-
nization options are available. A common usage of offline files is to couple offline files
with a Group Policy setting called Folder Redirection.
ptg
Folder Redirection can be used to redirect the end user’s My Documents or Documents
folder to a server share. When an end user’s My Documents or Documents folder is redi-
rected to a server share with offline files enabled, enforced or not, the folder is automati-
cally configured to synchronize with the server. This functionality ensures that any file an
end user saves to their default documents folder will be copied up to the server during
synchronization. Folder Redirection is covered in Chapter 27, “Group Policy Management
for Network Clients.” The default offline file synchronization settings for Windows 7 and
Windows Server 2008 R2 will synchronize with the server at logon, logoff, and when a file
is opened or saved. Additionally, synchronization can be configured to run when a
28
computer has been idle or when a user locks or unlocks a workstation.
Offline files can be configured on a per-share basis using the shared folder’s share property
page. By default, all shares allow end users to configure offline file synchronization as they
desire. Certain folders—for example, the My Documents or Documents folders—when
redirected to a Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2
system, will automatically enable and configure the folder to be synchronized. To synchro-
nize additional shares, perform the following steps on the server and the workstation:
1. Log on to the Windows Server 2008 R2 system with an account with administrator
privileges.
2. Click Start, click All Programs, click Administrative Tools, and select Server Manager.
3. Double-click on Roles, and then double-click on File Services.
4. Select Share and Storage Management.
5. In the tasks pane, right-click the share that needs to be available offline, and select
Properties.
1124
CHAPTER 28
File System Management and Fault Tolerance
6. On the Sharing tab, click the Advanced button.
7. Select the Caching tab, and verify that one of the following option buttons is selected:
. Only the Files and Programs That Users Specify Are Available Offline
. All Files and Programs That Users Open from the Share Are Automatically
Available Offline
8. Close the Share Properties dialog box and the Share and Storage Management console.
9. Log on to the Windows 7 workstation with an account with administrator privileges.
10. Click the Windows flag, or Start button, and select Control Panel.
11. Near the upper-right corner of the Control Panel window, pull down the View By
menu and choose to view the window by Small Icons instead of Categories.
12. Scroll down in the window as necessary to locate Sync Center and click on the link.
13. When the Sync Center window opens, click on the Manage Offline Files link in the
left pane of the window.
14. When the Offline Files window opens, verify that the top button on the General tab
is labeled Disable Offline Files, which means that offline file functionality is enabled.
If the button is labeled Enable Offline Files, click the button and click OK to save the
settings and reboot the workstation.
ptg
BranchCache
BranchCache is a new feature for Windows Server 2008 R2 and Windows 7. BranchCache
allows a branch office that has no server to allow local workstations to locate and locally
store copies of files and folders hosted on remote Windows Server 2008 R2 BranchCache
file servers. When BranchCache is installed on a Windows Server 2008 R2 file server, and
BranchCache is enabled on a particular file share, when a remote branch office user on a
Windows 7 workstation requests the file from the file server, it broadcasts the request on
the local network. If no copy exists, it will pull a copy to the local machine. The updates
to that file will be sent across the network as changes are made. When the next Windows
7 workstation attempts to access this same file from across the network, the broadcast for
