INFORMATION SHEETS

CO3.1-2
“FILE SERVICES”
Managing Files
Many types of documents, including financial
spreadsheets, business plans, and sales presentations,
must be shared on your network while remaining
protected from unauthorized access. Windows
Server 2008 R2 offers a suite of technologies to
provide both availability and security for documents.
Objectives in this chapter:

■ Configure a file server.

■ Configure Distributed File System (DFS).
■ Manage file server resources.
■ Configure backup and restore.
Lessons in this chapter:

■ Lesson 1: Managing File Security

■ Lesson 2: Sharing Folders
■ Lesson 3: Backing Up and Restoring Files
Managing file security
Much of an organization’s most confidential
data is stored in files and folders. Windows
Server 2008 R2, along with most recent
business versions of windows, provide three
technologies for controlling access to files,
folders, and volumes: NTFS fie permissions,
EFS, and BitLocker.
 NTFS File Permissions
NTFS file permissions determine which users
can view or update files. For example, you
would use NTFS fie permissions to grant your
Human Resources group access to personnel
files while preventing other users from
accessing those files.
User files
-Users have full control
permissions over their own files.
Administrators also have full control.
Other users who are not administrators
cannot read or write to a user’s files.
 System files
-Users can read, but not write to, the
%SystemRoot% folder and subfolders.
Administrators can add and update files.
This allows administrators, but not users,
to install updates and applications.
Program files
-administrators to install
applications. Users have read
access, and administrators have full
control.
List folder Contents

-Users can browse a

folder but not necessarily
open the files in it.
Read
-Users can view the contents of a
folder and open files. If a user has
Read but not Read & Execute
permission for an executable fie, the
user will not be able to start the
executable
 Read & Execute
-In addition to the Read
permission, users can run
applications.
 write
-Users can create files in a folder but
not necessarily read them. This permission
is useful for creating a folder in which
several users can deliver files but not access
each other’s files or even see what other
files exist.
 modify
-Users can read, edit, and
delete files and folders.
 full Control

-Users can perform any action

on the fie or folder, including
creating and deleting it as well as
modifying its permissions.
To protect a file or folder with NTFS, follow these steps:

1.Open Windows Explorer (for example, by clicking Start

and then choosing Computer).
2.Right-click the file or folder, and then choose Properties.
The Properties dialog box for the file or folder appears.
3.Click the Security tab.
4.Click the Edit button. The Permissions dialog box
appears.
5.If the user you want to configure access for does not
6.appear in the Group Or User Names list, click Add. Type
the user name, and then click OK.
7.Select the user you want to configure access for.

Then, select the check boxes for the desired permissions

in the Permissions For Users list, as shown in Figure 1.2
Figure 1.2
7.Repeat steps 5 and 6 to configure access for additional
users.
8.Click OK twice.
Additionally, there are more than a dozen special
permissions that you can assign to a user or group. To
assign special permissions, click the Advanced button on
the Security tab of the file or Administrator Properties
dialog box, as shown in Figure 1-3.
Figure 1.3
Encrypting File System

NTFS provides excellent protection for

files and folders as long as Windows is running.
However, an attacker who has physical access
to a computer can start the computer from a
different operating system (or simply reinstall
Windows) or remove the hard disk and connect
it to a different computer.
Protecting Files and Folders with EFS
To protect a file or folder with EFS, follow these steps

1.Open Windows Explorer (for example, by clicking Start and then choosing
Computer).
2.Right-click the file or folder, and then click Properties. The Properties dialog
box appears.
3.On the General tab, click Advanced. The Advanced Attributes dialog box
appears.
4.Select the Encrypt Contents to Secure Data check box.
5.Click OK twice.
Figure 1-3.
Sharing folders
One of the most common ways for users to
collaborate is by storing documents in shared folders.
Shared folders allow any user with access to your network
and appropriate permissions to access files.
Although all versions of Windows since Windows for
Workgroups 1.4 have supported file sharing, Windows
Server 2008 R2 includes the File Services server
Installing the File Services Server Role
1.In Server Manager, select and then right-click Roles. Choose Add
Role. The Add Roles Wizard appears.
2.On the Before You Begin page, click Next.
3.On the Server Roles page, select the File Services check box. Click
Next.
4.On the File Services page, click Next.
5.On the Select Role Services page, select from the following roles:
file server

- Although not required to share

files, adding this core role service
allows you to use the Share And
Storage Management snap-in.
Distributed file system

-Enables sharing files by using the DFS

namespace and replicating files between DFS
servers. If you select this role service, the
wizard will prompt you to configure a
namespace.
 file server Resources manager

- Installs
tools for generating storage
reports, configuring quotas, and defining
fie screening policies. If you select this role
service, the wizard will prompt you to
enable storage monitoring on the local
disks.
 services for network file system

-Provides connectivity for UNIX

client computers that use Network File System
(NFS) for fie sharing. Note that most modern
UNIX operating systems can connect to
standard Windows fie shares, so this service is
typically not required.
windows search service

-Indexes files for faster searching when

clients connect to shared folders. This role
service is not intended for enterprise use. If
you select this role service, the wizard will
prompt you to enable indexing on the local
disks.
windows server 2003 file services

-Provides services
compatible with computers
running Windows Server 2003.
branchCache for network files

-Caches shared files on servers

at branch offices to reduce bandwidth
usage on your Wide Area Network
(WAN).
6.Respond to any roles service wizard
pages that appear.
7.On the Confirmation page, click
Install.
8.On the Results page, click Close.
Folder Sharing
You can share folders across the network to
allow other computers to access them, as if the
computers were connected to a local disk. Sharing
Folders from Windows Explorer The simplest way
to share a folder is to right-click the folder in
Windows Explorer, choose Share With, and then
choose Specific People.
Figure 1.4
Sharing Folders by Using the Provision A Shared Folder Wizard

Using the Provision A Shared

Folder Wizard, you can share folders,
configure quotas, and specify security
by following these steps:
1.InServer Manager, right-click Roles\File Services\Share
And Storage Management, and then choose Provision
Share. The Provision A Shared Folder Wizard appears.
2.On the Shared Folder Location page, click the Browse
button to select the folder to share. Click OK. Click Next.
3.On the NTFS Permissions page, you can choose to edit
the NTFS fie system permissions for the shared folder.
4.On the Share Protocols page, you can choose whether to
share the folder by using Windows protocol (indicated as
SMB, which stands for Server Message Block) or using a
UNIX protocol (indicated as NFS, or Network File
System).
5.On the SMB Settings page, click Advanced if you want to
change the default settings for the number of simultaneous
users permitted, offline files, or accessbased enumeration.
6.On the SMB Permissions page, as shown in Figure 1.5,
select the permissions you want to assign.

To define custom permissions, select Users And

Groups Have Custom Share Permissions, and then click
the Permissions button. Click Next.
7.On the Quota Policy page, select the Apply Quota
check box if you want to define a quota. Then, select
a quota template. Click Next.

8.On the File Screen Policy page, select the Apply

File Screen check box if you want to allow only
specific types of files in the folder. Then, select the
file screen you want to use. Click Next.