Windows Server 2008 R2 Unleashed (220 page)

1120

CHAPTER 28

File System Management and Fault Tolerance

Sfc.exe can be configured to run using Group Policy. Sfc.exe options are configurable

using Group Policy with settings found in Computer Configuration\Policies\

Administrative Templates\System\Windows File Protection. This might be a good

option for supporting workstations to maintain system stability. It might also prove to be

useful for servers, but as a general guideline, use is on workstations and servers only when

system file corruption or driver issues have been reported as problematic.

Adding the File Services Role

Windows Server 2008 R2 systems, out of the box, can be used to share folder data right

after installation. To get the most out of the system, the File Services role should be added.

Adding the File Services role not only configures settings to optimize the system for file

sharing, but also enables the administrator to choose which file server options as well as

which tools for managing the file system will be installed. To install the File Services role,

perform the following steps:

1. Log on to the Windows Server 2008 R2 system with an account with administrator

privileges.

ptg

2. Click Start, click All Programs, click Administrative Tools, and select Server Manager.

3. In the tree pane, click on the Roles node.

4. In the tasks pane, click on the Add Roles link.

5. When the Add Roles window opens, read the information on the Before You Begin

page and if the system meets the recommendations to have a strong administrator

password, static IP address, and be updated with the latest Windows security

updates, click Next to continue.

6. On the Select Server Roles page, check the File Services check box, and click Next

to continue.

7. The next page provides a short introduction to the File Services role and notes the

fact that the Windows Search Service and the indexing service cannot be installed on

the same system. Click Next to continue with the installation of the File Services role.

8. The Role Services page enables administrators to select which File Services role

services will be installed on the system. The File Server service is selected by default.

In addition to this service, also check Windows Search Service to set up indexing of

the file system for faster searches and also check the File Server Resource Manager to

enable quota, file screening, file classification, and reporting functionality, as shown

in Figure 28.7. After checking the desired services, click Next to continue.

NOTE

When additional File Services role services are chosen, the corresponding tools to

manage the services are also installed.

Adding the File Services Role

1121

ptg

FIGURE 28.7

Selecting the File Services role services.

9. Because the File Server Resource Manager was selected, the next page is the

Configure Storage Usage Monitoring page. Check the box next to each drive letter

that will have storage reporting enabled and when completed, accept the default

settings for monitoring, and click Next to continue.

10. On the Set Report Options page, accept the defaults of storing reports on the root

folder, Storage Reports, and click Next to continue.

28

NOTE

Detailed configuration of the File Server Resource Manager reports and monitor settings

are outlined in the “File Server Resource Manager (FSRM)” section later in this chapter.

11. Because the Windows Search Service was selected, the next page will be the Select

Volumes to Index for Windows Search Service. Check the volumes that will contain

user data that should be indexed, and click Next to continue.

12. The Confirm Installation Selections page enables the administrator to review the

chosen settings. After confirming that the settings are correct, click Install to install

and configure the services and tools chosen.

13. Review the details on the results page and click Close to complete the installation.

1122

CHAPTER 28

File System Management and Fault Tolerance

Managing Data Access Using Windows Server

2008 R2 Shares

Providing access to data stored on a Windows Server 2008 R2 server can be very simple to

configure using Windows shares. Existing folders and entire drives can be shared with a

few clicks, but understanding who can access that data is critical to security and, in some

cases, licensing. Server shares are accessed using the UNC or Universal Naming

Convention of \\server\sharename. Administrators can configure a few different settings

when creating or updating shares. Share options or features include the following:

. Determining whether the share will be visible or hidden, based on the share name

. Setting the description of the share

. Configuring the type of share; if Server for NFS is installed, there will be two options

. Configuring the number of simultaneous connections allowed through the share

. Configuring the cache or offline sync settings of the share

. Enabling or disabling BranchCache

. Configuring access-based enumeration to control folder and file visibility based on

ptg

NTFS permissions

. Configuring NTFS permissions on the folder or volume hosting the file share

. Configuring share permissions to manage whether users can read, change, or have

full control over a share

Because sharing can be performed for CD drives, DVD drives, and FAT and NTFS volumes,

the configurable share permissions are limited to Full Control, Change, and Read. Full

Control permissions allow users to manage all data and to reset permissions. Change

allows users to manage all data and Read only allows users to read the data. Because share

permissions are not very granular, folder shares should be created only on NTFS volumes,

when possible, to increase the security of data.

When shares are created on NTFS volumes, both the Share and NTFS folder and file

permissions are applied to the user. Windows Server 2008 R2 will combine the permis-

sions, and the most restrictive permissions will apply. For example, if a folder located at

c:\users is shared and testuser1 is granted Read permission at the share and Change or

Modify permissions on the NTFS folder, testuser1 will only have Read permission when

accessing the data across the network through the share. If testuser1 logs on to the system

console and accesses the c:\users folder directly, testuser1 will have Change or Modify

permissions.

Access-Based Enumeration

A new sharing feature included with Windows Server 2008 and Windows Server 2008 R2 is

called access-based enumeration. Access-based enumeration, when enabled on a share,

hides the folders or files within the share from view for users who do not have access to

Managing Data Access Using Windows Server 2008 R2 Shares

1123

the data. Access-based enumeration, however, does not hide the share itself. This feature

can simplify data access for end users as they will only see what they can access, but, on

the flip side, users who are collaborating and trying to instruct their co-workers on where

to locate the data might be confused when the folders cannot be located.

Client-Side Caching and Offline Files

To provide flexibility for mobile users and to provide centralized storage for end-user data,

Windows Server 2008 R2 shares can be configured to allow, enforce, or disable client-side

caching of shared server data. Client-side caching (CSC) is a feature that enables data

shared on a server to be synchronized between the server and end-user workstations. This

enables end users to access data when the server is unavailable or when the workstation is

not connected to the company network. This feature also can be used to ensure that any

data stored in a synchronized end-user workstation folder is copied to the server for

centralized storage and backup and recoverability.

For CSC to function properly, both the workstation and the server must be configured to

support it. CSC from the workstation and server side is more commonly referred to as

Offline Files. Depending on the workstation operating system version, different synchro-

nization options are available. A common usage of offline files is to couple offline files

with a Group Policy setting called Folder Redirection.

ptg

Folder Redirection can be used to redirect the end user’s My Documents or Documents

folder to a server share. When an end user’s My Documents or Documents folder is redi-

rected to a server share with offline files enabled, enforced or not, the folder is automati-

cally configured to synchronize with the server. This functionality ensures that any file an

end user saves to their default documents folder will be copied up to the server during

synchronization. Folder Redirection is covered in Chapter 27, “Group Policy Management

for Network Clients.” The default offline file synchronization settings for Windows 7 and

Windows Server 2008 R2 will synchronize with the server at logon, logoff, and when a file

is opened or saved. Additionally, synchronization can be configured to run when a

28

computer has been idle or when a user locks or unlocks a workstation.

Offline files can be configured on a per-share basis using the shared folder’s share property

page. By default, all shares allow end users to configure offline file synchronization as they

desire. Certain folders—for example, the My Documents or Documents folders—when

redirected to a Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2

system, will automatically enable and configure the folder to be synchronized. To synchro-

nize additional shares, perform the following steps on the server and the workstation:

1. Log on to the Windows Server 2008 R2 system with an account with administrator

privileges.

2. Click Start, click All Programs, click Administrative Tools, and select Server Manager.

3. Double-click on Roles, and then double-click on File Services.

4. Select Share and Storage Management.

5. In the tasks pane, right-click the share that needs to be available offline, and select

Properties.

1124

CHAPTER 28

File System Management and Fault Tolerance

6. On the Sharing tab, click the Advanced button.

7. Select the Caching tab, and verify that one of the following option buttons is selected:

. Only the Files and Programs That Users Specify Are Available Offline

. All Files and Programs That Users Open from the Share Are Automatically

Available Offline

8. Close the Share Properties dialog box and the Share and Storage Management console.

9. Log on to the Windows 7 workstation with an account with administrator privileges.

10. Click the Windows flag, or Start button, and select Control Panel.

11. Near the upper-right corner of the Control Panel window, pull down the View By

menu and choose to view the window by Small Icons instead of Categories.

12. Scroll down in the window as necessary to locate Sync Center and click on the link.

13. When the Sync Center window opens, click on the Manage Offline Files link in the

left pane of the window.

14. When the Offline Files window opens, verify that the top button on the General tab

is labeled Disable Offline Files, which means that offline file functionality is enabled.

If the button is labeled Enable Offline Files, click the button and click OK to save the

settings and reboot the workstation.

ptg

BranchCache

BranchCache is a new feature for Windows Server 2008 R2 and Windows 7. BranchCache

allows a branch office that has no server to allow local workstations to locate and locally

store copies of files and folders hosted on remote Windows Server 2008 R2 BranchCache

file servers. When BranchCache is installed on a Windows Server 2008 R2 file server, and

BranchCache is enabled on a particular file share, when a remote branch office user on a

Windows 7 workstation requests the file from the file server, it broadcasts the request on

the local network. If no copy exists, it will pull a copy to the local machine. The updates

to that file will be sent across the network as changes are made. When the next Windows

7 workstation attempts to access this same file from across the network, the broadcast for