• A way to combine multiple shared folders on different servers into one hierarchy (under 1 root)
• Stand-alone- only exists on 1 server
• Domain-based – allows fault-tolerance and load balancing, as well as using AD for copying a folder to multiple targets
2 Categories of permissions
are pre-set, frequently used permissions for objects
provide finer granularity to file/folder security
New, Moved and Copied files and folders permissions
• When a file or folder is moved or copied, it will inherit the destination folder permissions.
• The only exception is when a file/folder is moved within the same NTFS volume - then it will retain its original permissions.
• User and Group NTFS permissions combine for the least restrictive combination, except where Deny overrides Allow. Files may have different permissions that parent folder permissions.
• When combining share and NTFS permissions always chose the MOST restrictive combination
Effective NTFS permissions
1. Determine effective shared by choosing the least restrictive of all shared. The exception is Denied permission overrides Allow.
2. Determine effective NTFS by choosing the least restrictive of all shared. The exception is Denied permission overrides Allow.
3. Combine the results of steps 1 and 2 and choose the MOST restrictive permission out of share and NTFS. IF there is no overlap - no permissions are effective.
Troubleshooting Permissions Problems
• When permissions are granted through group membership, a user needs to log off and log back on
• Watch out for “Deny” Permissions
• Watch out for individual folder permissions
• Watch out for a conflicting combination of NTFS/Shared permissions
• File permissions change after being moved/copied
Shared Folder Permissions
• Share permissions are different from NTFS (NTFS and share permissions are cumulative)
• Deny permissions take precedence’
• Shared folders can be cached
• Shared Folders can be published in AD
• Reader (former Read)
• Contributor (former Change)
• Co-owner (former Full Control)
Folder and File Auditing
• Auditing tracks access to folders and files
• Audited events are recorded in the Windows Server 2008 Security Log in Event Viewer
• Folder and File ownership
• An owner is the person who creates a folder/file.
• Owner can change permissions
• Ownership can be transferred to a user with Full Control or Take Ownership permissions
• Administrators can always take ownership
• NTFS permissions are specified in the object’s ACL and are used to control access to the object
• 2 Categories of permissions: Standard and Special
• Standard are pre-set, frequently used permissions for objects
• Special provide finer granularity to file/folder security
• NTFS permissions can be assigned by an owner, a user with Full Control, or a user with Change Permissions. Also, a user with Take Ownership permission can take ownership of the file/folder and then change permissions.
Folder and File Attributes
• Extended attributes: Archive, Index (not Windows Search Service), Compress, Encrypt
-Access Control List (ACL) – list of privileges given to a user account or a group
– discretionary ACL – configured by an admin or owner
– system control ACL – contains information for auditing access
Network printing process components
○ Local print device
○ Network print device
○ Print client
○ Print server
○ Print job
○ Printer driver
○ Frees the server CPU to handle other processing requests in addition to print requests
Printing process steps
○ Application client generates a print file
○ Application communicates with the Windows graphics device interface (GDI)
○ When the GDI is finished, the print file is formatted with control codes
○ The remote print provider at the client makes a remote procedure call to the network print server
○ The network print server uses four processes to receive and process a print file: router, print provider, print processor, and print monitor
○ The Server service calls its router, the Print Spooler service
○ While the file is spooled, the print provider works with the print processor to ensure that the file is formatted to use the right data type
○ The print monitor pulls it from the spooler’s disk storage and sends it off to the printer
XML Paper Specification (XPS)
An advanced way of printing documents for multiple purposes, including viewing electronic pages and printing pages in a polished format
Print Services role
○ Enables you to use the Print Management tool to manage shared printers
○ Also enables you to track printing events through a log you can view using the Event Viewer
Services within the print services role:
○ Print Server
○ Internet Printing
○ LPD Service
Involves configuring two or more identical printers connected to one print server
• All of the printers in a pool must be identical so that they use the same printer driver and handle print files in the same way
• The Add Port button enables you to add a new port
• The Delete Port button is used to remove a port option from the list of ports
Disk storage types
– uses static partitions (physical disk divisions) that can’t span physical drives. Use industry-standard partitioning and formatting and can contain up to 4 primary and 1 extended partitions, as well as logical drives
– uses volumes that can span physical drives. Supports advanced options, including fault-tolerance. Unlimited number of volumes. No other O/S can access dynamic storage; not supported on laptops.
○ A process that blocks a group of tracks and sectors to be used by a particular file system, such as NTFS
○ A process that creates a table containing file and folder information for a specific file system in a partition
Master Boot Record (MBR)
Globally Unique Identifier (GUID) Partition Table
– contains O/S boot files. Can only exists on a primary
– contains O/S system files. Can exist on a primary or extended.
- from which you can boot an OS, such as MS-DOS or Win2K Server. Can only have 4 per disk.
– serves to overcome limit of 4 primary partition, is not bootable. Can only have 1 per disk.
Dynamic disks support 5 volume types:
Redundant Array of Inexpensive (Independent) Disks
○ A set of standards for lengthening disk life provide better performance and FT
• Software or Hardware RAID
• RAID levels – 0 through 6
• Server 2008 supports RAID levels 0, 1 and 5 through software
Software RAID vs. Hardware RAID
• Software RAID implements fault tolerance through the server’s operating system
• Hardware RAID is implemented through the server hardware: ○ Independent of the operating system
• Advantages over software RAID:
-○ Faster read and write response
-○ The ability to place boot and system files on different RAID levels
-○ The ability to ‘‘hot-swap’’ a failed disk
-○ More setup options to retrieve damaged data
- implements fault tolerance through the server’s operating system
- is implemented through the server hardware:
○ Independent of the operating system
• A portion of a disk or an entire disk that is setup as a dynamic disk
• Can be extended with an unallocated space
• Doesn’t provide FT
• Method of combining free space on 2 to 32 physical disks into a single volume with available space on each of the spanned disks of varying size
• Storage is accomplished by filling the space on one disk and moving to each subsequent spanned disk
• Not FT
• Can be extended (only those formatted with NTFS)
Striped Volume – RAID 0
• Similar to spanned in that both permit 2-32 disks combined.
• Logically distributes the information simultaneously across all the disks, unlike spanned which sequentially store data. This architecture provides faster I/O
• Not FT
• Free space areas on each disk need to be of equal size.
• Similar to striped, but is fault-tolerant
• Logically distributes the information simultaneously across all 3 or more disks, one of which stores parity
• If 1 disk fails, data can be reconstructed, but if more than 1 – it can’t.
• Writing is slower than striped, but reading is the same. When 1 disk fails performance degrades
• Calculate usable space: parity takes 1/n of the data, where n= number of disks in the volume.
• Free space areas on each drive need to be of equal size.
Mirrored Volume – RAID 1
• Creating a shadow copy of data on a backup disk
• Requires 2 disks
• Most guaranteed FT, but less efficient use of disk space
• Read performance is the same as on any single disk drive, Write is slower than on single disk, but faster than RAID-5. No performance degradation when 1 disk fails.
• Disk Duplexing – 2 drives/2 controllers
Shrinking a volume
• Windows Server 2008 comes with the ability to shrink a basic or dynamic disk volume
• Shrinking a volume enables you to create a new partition when one is needed and you don’t have extra disks
• When you shrink a volume, Windows Server 2008 starts from the end of that volume
○ Works its way back through contiguous space to create unallocated disk space
You can specify the amount of space to recover
Mounting a Drive
• Windows Server 2008 enables you to mount a drive as an alternative to giving it a drive letter
• Mounted drive
○ One that appears as a folder and is accessed through a path like any other folder
• You can mount a basic or dynamic disk drive, a CD/DVD drive, or a removable drive