70-410 Configuring Access to Files and Shares

File Server Resource Manager (FSRM)
Set of tools that enable you to manage
resources used by files and folders on your
server by performing such tasks as limiting
the amount of space used by users, restricting the types of files being saved, and monitoring the amount of storage used.
Include improvements in file classification and management, customized Access Denied messages for Windows 8/8.1 clients, and Dynamic Access Control
Distributed File System (DFS)
Uses an single tree structure to simplify the logical grouping of shared resources on multiple servers.
DFS replication optimizes the synchronization of multiple locations on your network, providing fault tolerance and load balancing.
Enhancements in 2012 R2 are NEW PS module, nre DFS replicaiton WMO provider, faster replication when high bandwidth is available, omprovements in conflict resolution and preexsiting data recovery, capabilities to rebuild corrupted databases without data loss.
Data Deduplication
New feature that reduces the amount of duplicate blocks of data in storage. More data can be stored ina volume, compared to olders volumes that used Single instance Storage or NTFS. Stnd files ranges 2:1 ratio, 20:1 for virtualization data VHD files
Services for Network File System (NFS)
Enables file sharing among servers running Windows and UNIX. Added in Windows Server 2012 R2 is an NFS module for Windows PowerShell with several new cmdlets specific to NFS.
Support for Resilient File System (ReFS)
ReFS is a new file system in Windows Server 2012 R2 that provides a cost-effective platform for maximum data availability that scales efficiently to very large data volumes.
Support for Server Message Block (SMB) 3.0
Network file sharing protocol that enables applicaitons to read and write data and request infromation from programs on network servers.
Storage Manager for SANs
A role feature that assists you in creating and managing physical and logical storage solutions pertaining to storage area networks (SANs) that include Fibre Channel and iSCSI disk drive subsystems.
Share and Storage Management
A role feature for the administration of shared resources. Access-Based Enumeration, where users see only files and folders entitled to according to share and security permissions.
Storage Pools and Storage Spaces
Includes support for the creation of Pooled Storage that can be divided into one or more Storage Spaces using Virtual Disks.
Windows Search Service
A role feature that indexes files and folders to facilitate rapid searching by users when connecting to shared folders.
Transactional NTFS
Enables sequential operations on a file volume running NTFS to be performed as a single transaction. This means that all steps in the sequential operation must succeed for the transaction to be completed; if any step fails, the previous steps in the transaction are rolled back.
iSCSI Target Server
Using the Internet SCSI (iSCSI) standard,
provides block storage to other servers and
applications on the network. Improved in
Windows Server 2012 to include virtual disk
enhancements, manageability enhancements in
cloud services, and improved optimization for
disk-level caching.
SMB Share – Quick
File Share Profile
Basic Profile represents the fastest way to create an SMB file share, typical used with windows-based computers.
-General file sharing.
-Advances options can be configured later.
SMB Share – Advanced
File Share Profile
Offers additional options to configure SMB file share
-Set folder owners for access-denied assistance
-Configure default classification of data in the folder for mgmt and access policies
-Enable quotas.
SMB Share – Applications
File Share Profile
This profile creates an SMB file share with settings appropriate for Hyper-V, certain databases, and other server applications.
NFS Share – Quick
File Share Profile
Fastest way to create a NFS file share, typically used to share files with UNIX-based computers.
-Suitable for general file sharing
-Advanced options can be configured later by using the Properties dialog
Only available when managed servers have NFS installed.
NFS Share – Advanced
File Share Profile
This advanced profile offers additional options to configure a NFS file share.
-Set the folder owners for access-denied assistance
-Configure default classification of data in the folder for management and access policies
-Enable quotas
Network discovery – Advanced Sharing Settings
Enables the computer to locate other computers and
devices on the network and enables these computers to locate your computer.Turn off by default.
File and printer sharing – Advanced Sharing Settings
Shred Files and Printers can be accessed by users on the network.
Default is off
Public Folder Sharing – Advanced Sharing Settings
Enables the Public Folder sharing model, thereby
allowing others on the network to access files in your Public folders of each
Windows library (Documents, Pictures, Videos, and Music). This is a simplified
folder sharing model that is not normally used on a server-based
computer.
Media Streaming – Advanced Sharing Settings
Password protected sharing – Advanced Sharing Settings
Increases security by limiting access of shared files and printers to only those who have a user account and password on your computer.
What are the 3 network profiles in Windows 2012 R2?
-Private
-Guest or Public
-All Networks
How to share a folder in Windows 2012 R2?
-From File Explorer, select folder and right click.
-Select “Share with”
-Click “Specific People”
-Type user name and click Add. (name appears with default permission Read
-Change permissions if needed.
-Click Share
How to remove a shared folder in Windows 2012 R2?
Right-click the folder and select Share with > Stop sharing .
What is the User limit for Shared Folder options in Windows 2012 R2?
16,777,216
What is the default permission in Simple file share for Everyone and Administrators groups?
Full Control
What is Transparent Caching Offline Files?
It enables client computers to temporarily cache files obtained across a slow WAN link more aggressively, thereby reducing the number of times the client might have to retrieve the file across the slow link. Reduces consumption of bandwith across the WAN link.
Introduced in Windows Server 2008 R2 and Windows 7 and continued in Windows Server 2012, 2012 R2.
What is the GPO the path to Enabling the Always Offline mode
From the GPO navigate to
ComputerConfiguration>Policies>Administrative Templates>Network>Offline Files>Configure slow-link mode>Enable
Options>Show>Show Contents Window
Work Folders Capabilities
-Single point of access to data on a user’s computer and devices running Windows 8.1 or Window RT 8.1. Extended in the future to Windows 7 and iPads.
-Can be deployed alongside other files including folder redirection, offline files, and home folders.
-Data encripted during sync, enables corporate data wipe by using Windows Intune.
-Data can be manage using file server tecnologies disk quota and file classification.
How to enable Work Folders with PowerShell?
Add-WindowsFeature FS-SyncShareService
Wat are the device policies for Work Folders?
-Encript Work Folders
-Automatically lock screen, and require a password.
How to create a Work Folder with PowerShell?
New-SyncShare SalesShare -path C:SalesShare -User itconceptsSales -RequireEncryption $true -RequirePasswordAutoLock $true
What is ACL?
ACL Access Control List is a list of users and groups that have been granted access for a particular file or folder, as well as the types of access that the users and groups have been granted.
What is the command line utility that can be used to script the configuration of NTFS permissions?
icacls.exe
icacls examples
To save the DACLs for all files in the C:Windows directory and its subdirectories to the ACLFile file, type:
icacls c:windows* /save aclfile /t

To restore the DACLs for every file within ACLFile that exists in the C:Windows directory and its subdirectories, type:
icacls c:windows /restore aclfile

To grant the user User1 Delete and Write DAC permissions to a file named “Test1”, type:
icacls test1 /grant User1:(d,wdac)

To grant the user defined by SID S-1-1-0 Delete and Write DAC permissions to a file, named “Test2”, type:
icacls test2 /grant *S-1-1-0:(d,wdac)

What are the effective permissions for a user?
Effective permissions are a combination of all permissions configured for your user account and for the groups of which you are a member. Least restrictive permissions apply. Explicit denial of permission always overrides any allowed permissions.

In access over network both shared and NTFS folder permissions apply with the most restrictive permission.

What is the effect on NTFS permissions when copying a file or folder within the same partition?
The copy inherits the NTFS permissions of the destination folder
What is the effect on NTFS permissions when copying a file or folder from one NTFS partition to another NTFS partition?
The copy inherits the NTFS permissions of the destination folder.
What is the effect on NTFS permissions when copying a file or folder from an NTFS partition to a FAT or FAT32 partition?
The copy of a file or folder loses its NTFS permissions completely. NTFS permissions apply only on NTFS partitions.
What is the effect on NTFS permissions when moving a file or folder within the same partition?
The file or folder retains its NTFS permissions, regardless of the permissions that exist for the destination folder.
What is the effect on NTFS permissions when moving from one NTFS partition to another NTFS partition?
The file or folder inherits the NTFS permissions of the destination folder.
What is the effect on NTFS permissions when moving from an NTFS partition to a FAT or FAT32 partition?
The file or folder loses its NTFS permissions completely. NTFS permissions apply only on NTFS partitions.
What are the methods to enable Access-Based Enumeration?
Shared Folder Wizard and Modifying an Existing share
What are the basic parts of VSS?
VSS service
VSS requester
VSS writer
VSS provider
VSS service
VSS service Part of the Windows operating system that ensures the other components can communicate with each other properly and work together.
VSS requester
VSS requester The software that requests the actual creation of shadow copies (or other high-level operations like importing or deleting them). Typically, this is the backup application. The Windows Server Backup utility and the System Center Data Protection Manager application are VSS requesters. Non-Microsoft® VSS requesters include nearly all backup software that runs on Windows.
VSS writer
VSS writer The component that guarantees we have a consistent data set to back up. This is typically provided as part of a line-of-business application, such as SQL Server® or Exchange Server. VSS writers for various Windows components, such as the registry, are included with the Windows operating system. Non-Microsoft VSS writers are included with many applications for Windows that need to guarantee data consistency during back up.
VSS provider
VSS provider The component that creates and maintains the shadow copies. This can occur in the software or in the hardware. The Windows operating system includes a VSS provider that uses copy-on-write. If you use a storage area network (SAN), it is important that you install the VSS hardware provider for the SAN, if one is provided. A hardware provider offloads the task of creating and maintaining a shadow copy from the host operating system.
How is VSS enabled?
Open Shared Folders snap-in
Right-click Shared Folders.
From the All Tasks menu,
click Configure Shadow Copies
——OR———
Through File Explorer by accessing the properties of a local volume
What is the command line used to configure VSS in server core installations?
vssadmin

vssadmin add shadowstorage /for=c: /on=d: /maxsize=900mb

VSS Guidelines
-VSS is a complement to backups not a replacement.
-Consider I/O load, if higher then configure less frequent shadow copies.
-64 is the max of shadow copies per vol. If maxed of storage runs out then older copies are deleted.
-Restored file permissions remain the same. if a deleted file restored, permissions are reset to the default folder permissions.
-Shadow copies do not include data from mounted points.
-Use when possible separate volume for shadow copies.
-Before deleting a volume disable shadow copy services.
What is NTFS Quotas?
A feature that allows administrator to set a limit on the amount of disk space used by an individual user. File Server Resource Manager (FSRM) enable quotas on shared folders within disk volumes, and features like notification to users.
How to enable NTFS Quotas?
From File Explorer or from the File Server Resource Manager (FSRM)
When enabling Quotas what are the differences between File Explorer and FSRM?
Enabling quotas from File Explorer permits to set different quotas for different users; the quotas apply to all folders within the specified volume.

Enabling quotas from FSRM, on the other hand, permits you to set quotas that apply to given folders on the server; however, cannot specify different quota levels for different users.

What are the disk Quota configuration options?
-Enable quota management
-Deny disk space to users exceeding quota limit
-Do not limit disk usage
-Limit disk space to
-Set warning level to
-Log event when a user exceeds their quota limit
-Log event when a user exceeds their warning level
FSRM Hard Quota
Denies additional disk space to a user exceeding quota limit and generates notifications when data saved reaches configured thresholds.
Equivalent to selecting the Deny disk space to users exceeding quota limit
FSRM Soft Quota
Generates the configured notifications when data saved
reaches configured thresholds.
FSRM notifications
Can generate notifications for file classification, including email notifications, logged events, execution of commands or scripts, or generation of storage reports.
QUOTA important fact!!!!
Quotas can be set by user only from File Explorer.
Quotas can be set by shared folder only by configuring them from FSRM.
How can disk quotas be used to only monitor disk space usage?
-From “File Explorer” specify a soft quota by clearing the “Deny disk space to users exceeding quota limit” check box.
-From FSRM select Soft quota.