Training Guide Administering Windows Server 2012 R2 (2014)
Chapter 9. Managing file services
The management of file servers is an important, if somewhat less than invigorating, task that Windows Server administrators need to perform on a regular basis because file servers are the most commonly deployed workload for computers running a Windows Server operating system. The main thing that administrators need to ensure is that file servers remain available. To ensure that a file server remains available, you need to be able to control what files are stored there, not only by type and size, but also by age and content. In this chapter, you’ll learn how to use File Server Resource Manager (FSRM) to control the type of files that are stored on file servers. You’ll learn how to simplify the location of specific shared folders in an organization that has a large number of file servers. You’ll also learn how to protect volumes and individual files with encryption.
Lessons in this chapter:
Lesson 1: Configuring File Server Resource Manager
Lesson 2: Configuring a Distributed File System
Lesson 3: Configuring file and disk encryption
Before you begin
To complete the practice exercises in this chapter:
You need to have deployed computers SYD-DC, MEL-DC, and ADL-DC, as described in the Introduction, using the evaluation edition of Windows Server 2012 R2.
Lesson 1: Configuring File Server Resource Manager
File Server Resource Manager (FSRM) enables you to simplify the management of file servers by the following:
Enabling you to apply storage quotas
Using file screens
Performing file classification
Generating reports on the properties of volumes, folder trees, and folders
In this lesson, you’ll learn how to stop users from consuming more than a specified amount of storage space in a folder, how to block them from writing specific file types to a folder, and also learn how to generate reports listing the biggest files stored on a volume, and files that have not been accessed recently.
After this lesson, you will be able to:
Configure file screens.
Enable file classification.
Configure file management tasks
Generate storage reports.
Estimated lesson time: 45 minutes
Quotas enable you to control the amount of storage space consumed by a user on a volume, folder tree, or individual folder. In previous versions of the Windows server operating system, NTFS quotas enabled you to apply quotas on a per-volume basis. FSRM quotas are more sophisticated, enabling you to apply different quotas to different folder trees on the same volume.
You apply quotas to different locations using a quota template. As Figure 9-1 shows, a quota template enables you to specify a space limit, determine whether the quota is hard or soft, and provide notification thresholds.
FIGURE 9-1 Quota template
The difference between a hard quota and a soft quota is as follows:
A hard quota blocks users from exceeding the specified limit. They can’t write additional data to the folder tree to which the quota template applies.
A soft quota doesn’t block users from exceeding the specified limit.
You can configure notification thresholds at any percentage of the quota, including values above the quota value, such as 150 percent. Each notification threshold can be configured separately. You can configure the following options at a notification threshold:
Threshold Value at which the threshold action is triggered.
E-mail Sends an email message when storage utilization exceeds the threshold value.
Event Log Writes an item to the event log when storage utilization exceeds the threshold value.
Command Runs a command when storage utilization exceeds the threshold value.
Report Generates a report when storage utilization exceeds the threshold value.
Configuring file screens
File screens enable you to block specific file types, on the basis of the file name extension, from being written to volumes, folder trees, or individual folders. You configure file screens by selecting a specific file group to the screen or by selecting a file screen template and applying it to a specific location.
A file group is a collection of file types associated with a particular kind of file. For example, the Image Files file group includes the file extensions associated with common image file formats such as .bmp, .jpg, .gif, and .png. You can edit which file extensions are associated with existing file groups or create custom file groups.
A file screen template, shown in Figure 9-2, includes file groups, email settings, event log settings, command prompt settings, and report settings related to the file screen. You use these additional settings to configure a response when a user attempts to write a file to a location that is screened.
FIGURE 9-2 File screen template
Real World: Getting around file screens
Clever users can get around file screens by changing the file name extension. If you find a clever user who perpetrates this type of shenanigan, draft her into the IT department.
A file screen exception enables you to create an exemption to an existing file screen. For example, you might have a file screen that blocks a number of file types being written to a specific volume, but you might need to allow one of those blocked file types to be written to a specific folder on that volume. To deal with this scenario, you configure a file screen exception. You specify the exception path, as shown in Figure 9-3, and the file groups to be excluded from screening. The exception applies only to the specified path.
FIGURE 9-3 File screen exception
You want to allow file types to be written to a subfolder that are blocked by a file screen applied to the folder. How can you accomplish this goal?
Quick check answer
Configure a file screen exception.
Enabling file classification
File classification enables you to apply metadata to files based on file properties. File classification properties can use one of the following property types:
Yes/No A Boolean value of either YES or NO. When multiple values apply, NO overrides YES.
Date-Time A date and time property.
Number A numeric property.
Multiple Choice List A list of values that can be assigned to a property. Multiple values are allowed.
Ordered List A fixed list of values. If multiple values apply, the one closest to the top of the list is used.
String A text string that can be assigned to the property.
Multi-string A list of strings that can be assigned to a property.
Figure 9-4 shows a file classification property.
FIGURE 9-4 File classification property
A file classification rule applies a property to a file. When configuring a classification rule, you specify a scope, a classification mechanism, the property to be assigned to the file, and additional classification parameters.
Configuring file management tasks
File management tasks enable you to perform operations, from simply moving files to running a program (as shown in Figure 9-5) on files that have a specific classification property applied. For example, you can configure a file management task to automatically move files over a certain age to a shared folder on another server. When configuring a file management task, specify the following:
The scope of files to be checked for a condition
The condition checked for
The action taken
The task schedule
Notification and report settings
FIGURE 9-5 File management task
A storage report enables you to generate information about the type and nature of files stored on a storage server. Storage reports give you the information that you need to configure effective file screens and quotas. FSRM in Windows Server 2012 and Windows Server 2012 R2 support the following storage reports:
Duplicate Files Enables you to locate duplicate files.
File Screening Audit Enables you to generate a list of files blocked by a file screen on a per-user basis.
Files By File Group Lists files by file group. For example, all files on a file share that match the properties of the Office Files file group. You configure file groups when configuring file screens.
Files By Owner Enables you to view files by owner. You can use this report to determine which users are consuming a disproportionate amount of disk space.
Files By Property Enables you to view files on the basis of file classification property.
Folders By Property Enables you to view folders on the basis of classification property.
Large Files A report of files that are larger than a specified size.
Least Recently Accessed Files A report of files that have not been accessed in a specified number of days.
Most Recently Accessed Files A report of files that have been accessed in a specified number of days.
Quota Usage A report of information on quotas where the quota usage exceeds a benchmark value.
When you want to generate reports, you create a report task. You use the Storage Reports Task Properties dialog box, shown in Figure 9-6, to configure which reports to include in a report task. You can also configure the parameters and scope of the reports. The parameters and scope of the reports determine which folders will be checked, whether the reports are emailed, and how often the reports are generated. Reports can be output in HTML, DHTML, XML, CSV, and Text format. Reports can also be run on an on-demand basis if necessary.
FIGURE 9-6 Configure storage reports
Note: File Server Resource Manager
For more information about FSRM, consult the following TechNet article at http://technet.microsoft.com/en-us/library/hh831701.aspx.
Quotas enable you to apply limits on the amount of data that a user can store in a particular folder or folder tree.
File screens enable you to block users from writing specific types of files to folders.
File classification enables you to assign metadata to files based on file properties.
File management tasks enable you to perform tasks on files based on the file metadata.
Storage reports enable you to generate reports about files stored in particular locations, including largest files, least recently accessed files, and duplicate files.
Answer the following questions to test your knowledge of the information in this lesson. You can find the answers to these questions and explanations of why each answer choice is correct or incorrect in the “Answers” section at the end of this chapter.
1. You want to stop users from saving audio and video files to shared folders hosted on your organization’s Windows Server 2012 R2 file servers. You have installed FSRM on each file server. Which of the following must you configure to accomplish this goal?
A. File Classification Rule
B. File Screen
C. File Screen Template
D. File Groups
2. You have configured a file screen for the Research shared folder. This file screen currently blocks all files except Office document files. You want to keep this file screen in place, but allow compressed files, which can’t be written to the Research folder, to be able to be stored in the Old_Projects folder, a subfolder of the Research folder. It should not be possible for users to store compressed files in the Research folder or in other subfolders of the Research folder. Which of the following should you configure to accomplish this goal?
A. File Screen Template
B. File Screen Exception
C. Classification Rule
D. File Groups
3. You want to apply the same file screen to 20 different shares hosted on a Windows Server 2012 R2 file server. This file screen includes six different file groups. Which of the following should you configure to minimize the amount of work you need to do to accomplish this goal?
A. Configure a file