Desktop Management

Chapter 16: Managing Disks and File Systems

 Overview of Disks
• Before you can format a drive, it must first be
partitioned.

• However, Windows 7 natively allows for

partitions to be change while in use

• Partitions should still be planned ahead of

time though for requirements such as
bitlocker
 Question

• Your new computers have a 150 GB hard

drive. Your image, software, and user data will
never get above 50 GB. How big should your
partition be?
 MBR or GPT

• Master boot record and globally unique

identifier partition table are two ways of
partitioning disks.

• Windows 7 supports both ways.

• If able, use GPT

 Why GPT?

• GPT supports more than four partitions

• GPT can support partitions larger than a

terabytes (actually up to 18 exabytes - 18
millions terabytes)

• Use redundant index tables

 Basic or Dynamic

• Just choose basic...

 But why?

• In dynamic disks, only the OS that created

them can see them.

• Hard to recover if one disks in an array fails.

• Cant be used in multi boot environments

 Lab 16-1: Working with
Volumes
• Goal: Shrink an existing partition using disk
management

• Goal: Create a new volume from the new

space

• Goal: Delete the new volume

 VHDs

• Virtual hard disk is simply a file type that

presents itself as a hard disk.

• Beginning in Windows 7, VHDs can now be

mounted to and booted from
 Lab 16-2: VHD

• Goal: Create a VHD within the disk

management console.
 File System
Fragmentation
• First, on traditional hard disks, file fragmentation is a normal process

• However, excessive fragmentation or a many files being fragmented

into tiny chunks does decrease computer performance

• By default, the computer will fragment every week if it is Windows 7

or Vista

• Windows 7 will auto turn off defragmentation if the computer has a

solid state drive

• Because disk performance is only slowed with many small

fragments, the defragmentation process will not compact files larger
than 64 MB
 Shadow Copies

• Shadow copies allow for users to restore

previous versions of their files without
contacting tech support.
 Shadow Copies (2)
• In order to backup files in use, Microsoft uses
the volume shadow copy service. The service
will see if a file needing to be backed up is in
use. If so, it creates a simple copy.

• To restore a file, right click on the file (or

parent folder) and select the previous
versions tab
 Shadow Copies (3)

• So what do we need to use volume shadow

copies:

• A client that supports VSC: XP or higher

• A server running the volume shadow copy

service
 Windows Readyboost
• Ready boost was originally introduced in
Windows Vista

• Ready boost works by using external media

(thumb drives, SD cards, etc) as hard disk
cache. Think of it as faster page files

• Ready boost has no effect on SSD. Windows

7 will disable ready boost
 Test Question: Ready
boost
• What are the requirements for ready boost?

1. An OS of vista or greater

2. Media must be at least 256 MB

3. Meet a 2.5 MB/s throughput on random

reads and 1.75 on random writes
Last of the Readyboost
• Easiest way to know if a thumb drive will work:
try it. Ready boost will let you know

• Some newer thumb drives now will state

"Compatible with Readyboost"

• The biggest gain from Readyboost comes

when a hard drives with a WEI rating of 3.7 or
below is used.
 Bit locker

• What is bit locker?

• Why should we use it?

What bit locker requires

• At least vista (vista sp1 to do more than one

hard drive)

• A tpm chip of 1.2 or higher

• At least two volumes

 What can't bit locker
encrypt?

• Nothing!

• Bit locker encrypts entire volumes

 How bit locker
encrypts?
• The contents of the volume are only
decrypted by the full volume encryption keys

• The FLEK is encrypted by the volume master

key

• Both are encrypted with AES 256 bit

 FVE Filter Driver

• Data is encrypted and decrypted on the fly

using the FVE filter driver
How bit locker protects
data
• Tpm only

• Tpm with external key

• Tpm with pin

• Tpm with key and pin

 TPM only

• Bit locker uses tpm to unlock the vmk

• Windows startup uses to tpm to verify the

hard drive and important files have not been
tampered with

• Once validated, tpm unlocks the vmk

TPM Only
 TPM with external key

• Requires USB drive with a user encryption

key

• Key should be stored separately from

computer

• Protects against standby attacks

TPM with external key
 TPM with pin
• Requires a user to manually enter a pin before
booting

• Non-resettable delay used between invalid

attempts

• With a delay, four digit pin would take over a year

to crack

• Without delay, four digit pin would be cracked in

less than a day
TPM with pin
 Bit locker phases
• System integrity verification: tpm checks core boot
components

• User authentication: windows boot manager gathers

optional key from USB key or user entered pin

• Vmk retrieval: windows boot manager has the tpm

decrypt the vmk. If any previous measurements do not
match record measurements, tpm requestsma recovery
key

• OS startup
Bit locker without TPM?

• Computer Configuration\policies\admin
templates\windows components\bit locker
drive encryption\operating system drives
\require additional authentication at startup

• Set to: allow bit locker without a compatible

tpm
 Managing Bitlocker
locally

• Open control panel and click system/security.

Under bit locker drive encryption, click
manage bit locker
 Managing Bitlocker
from the command line
• Use the manage-bde tool

• Examples

• Manage-bde -status

• Manage-bde -on c: -recovery key y: -

recoverypassword

• Manage-bde -off c: