Chapter3 - Resource Access
Chapter3 - Resource Access
COURSE
NETWORK TECHONOLOGY
3/68
/50 4/68
/50
File system File system
exFAT (Extensible FAT) (2006) NTFS (New Technology File System) (1993)
In 2019, no longer proprietary (Microsoft). Default used by Windows. Default for OS partition.
Sizes of the clusters: 4 KB to 2 MB.
Sizes of the clusters: 64 bits No practical limitations on file sizes or partition sizes.
o Maximum volume size: 256 TB.
No practical limitations on file sizes or partition sizes. o Maximum file size: 256 TB.
o File size limit is just under 16 EB (Exbibyte) or 1.845e+7 TB
Supports permissions and encryption (Encrypting File System - EFS).
Faster at writing and reading data than FAT32 drives. Compress files, folders, or the whole drive.
Allows to recover when computer crashes.
Can restore deleted or formatted files. Disk quotas format volumes up to 2TB (limiting the number of space
users can consume).
Shadow copies of your backup (a snapshot of a volume)
5/68
/50 6/68
/50
ReFS for use with the following configurations and scenarios: ReFS for use with the following configurations and scenarios:
o Storage Spaces Direct: a software-defined storage solution that o Storage Spaces: a technology in Windows and Windows Server
allows you to share storage resources in your converged and that can help protect your data from drive failures.
hyperconverged IT infrastructure. Similar to RAID, implemented in software
o Backup target.
9/68
/50 10/68
/50
11/68
/50 12/68
/50
File system
https://learn.microsoft.com/en-us/windows-
ReFS (Resilient File System) (2012) server/storage/refs/refs-overview
2 File Attributes
13/68
/50 14
15/68
/50 16/68
/50
File Attributes File Attributes
Basic Attributes (cont.) Basic Attributes (cont.)
17/68
/50 18/68
/50
19/68
/50 20/68
/50
File Attributes File Attributes
Advanced Attributes Advanced Attributes
Index Attribute Compress Attribute
o Legacy Windows Indexing Service is used to obtain a list of o In order to conserve space, the contents of a file can be stored
files whose name or content matches your search based on a pre- on the filesystem in compressed format.
created list called an index.
o The Windows Search Service is a faster and available on o If you enable the compress attribute on a file the system
Windows Server. compresses the file on the filesystem, and automatically
Windows 10, 11 clients can directly access the Windows decompresses it when you access it.
Search Service on a Windows Server file server when
searching for shared files. o Any changes you make to the file are then compressed before
being written to the filesystem.
o By default, all new files have the index attribute.
o Apply changes to this folder, subfolders and files when prompted.
21/68
/50 22/68
/50
o The system symmetrically encrypts the data within the file using o In Active Directory domain, these keys are stored within your
a randomly generated symmetric key that is stored in the domain user account such that you can access them from any
metadata. computer within the forest.
o Next, the public key within your user account is used to EFS private key is integrated into the password attribute of
asymmetrically encrypt the symmetric key stored within the your user account.
metadata. If clear or reset your password, the private key is lost.
If your user account does not have public and private keys, Will not be able to access any EFS-encrypted files.
they will be generated and stored within your user account.
23/68
/50 24/68
/50
File Attributes File Attributes
Advanced Attributes Advanced Attributes
Encrypt Attribute Encrypt Attribute
o Each time you encrypt a file using a domain user account, a o Optionally allow other users
second copy of the symmetric key is added to the metadata to decrypt its contents.
and encrypted with a recovery public key.
Default is the Domain Admins group in your domain. Work on a sensitive file
Any member of the Domain Admins group will be able to with other people in your
decrypt your EFS-encrypted files organization.
You can then encrypt them again to secure their contents.
o In Active Directory domain, the same holds true for copying or o If you attempt to enable the encrypt attribute on a compressed
moving the file to a different NTFS, FAT32, or exFAT filesystem on file, the compress attribute will be deselected automatically.
another system.
27/68
/50 28/68
/50
File Attributes
Extended attributes
File system features associated files with metadata not interpreted
by the filesystem.
Discretionary Access Control List (DACL) System Access Control List (SACL)
o Lists the permissions given to user and group accounts and is o Contains information used to audit the access to
used to grant or deny access to the resource. the resource.
Can monitor who has successfully viewed the
Security contents and who has tried to view the
Identifiers (SID) contents but failed because of DACL
restrictions.
If no SACL is configured, auditing is disabled
for the resource.
Access Control
Entries (ACE)
31/68
/50 32
Access Control Lists (ACLs) NTFS/ReFS Folder and File Basic Permissions
Two types of ACLs:
33/68
/50 34/68
/50
35 36/68
/50
Effects of Copying and Moving Files and Folders Inherited permissions
Effects of moving files and folders Permissions are best managed for containers of objects.
Within an NTFS partition: the folder or file retains its original
permissions.
Objects within the container inherit
To a different NTFS partition: the folder or file inherits the all the access permissions in that
permissions of the destination folder. container.
To stop subfolders from
To a non-NTFS partition: the folder or file loses its NTFS permissions. inheriting access permissions,
you must explicitly clear a
setting that causes the
inheritance. (Disable inheritance)
37/68
/50 38/68
/50
Ex: If the Deny box is checked, this overrides any other access.
o If your user account is granted Read permission to a file and a Ex:
group that your user account belongs to is granted Full control to o If your user account is granted Read permission to a file, and a
the same file group that your user account belongs to is denied Read
Receive Full control when accessing the file. permission to the same file.
Denied Read access to the file.
39/68
/50 40/68
/50
Folder and File Ownership
Each folder and file on a system must have an owner, which, by default,
is the user that created the file.
The owner of a folder or file can change the ownership to another user.
If granted the Take ownership advanced permission or Full control
permission
Can change the owner of it to yourself.
After that, can change the permissions on it.
4 Shared Folders
The Administrators group always has the right to take ownership of any
folder or file, regardless of the permissions set.
If you create a folder or file as the Administrator user, the
Administrators group automatically becomes the owner of it.
41/68
/50 42
Server Message Block (SMB) Also called Common Internet File System (CIFS)
Network File System (NFS) Native protocol for computers running on Microsoft Windows.
Enabled by default.
43/68
/50 44/68
/50
Sharing Folders Using SMB Sharing Folders Using SMB
Sharing a Folder using Folder Properties. Sharing a Folder using Folder Properties.
47/68
/50 48/68
/50
Sharing Folders Using SMB Sharing Folders Using SMB
Offline file caching feature Sharing a Folder using Server Manager
A copy is downloaded to a cache
folder on their local computer.
o To prevents a network disruption
from impacting the editing of files
or execution of a program within
the shared folder.
When the user disconnects from the shared folder, any modified files
within the cache folder are then uploaded to the shared folder.
If two or more users attempt to cache the same file, they have the
option of choosing whose version to use or of saving both versions.
49/68
/50 50/68
/50
SMB Share Advanced: to additionally configure file Server-client architecture to provide multiple computers access to
classifications and folder quotas files over a local network.
SMB Share Applications: to automatically configure NTFS/ReFS It allows a computer on which the NFS server is running to export its
permissions on the folder that are compatible with most applications. file systems to other clients, which means it is made available to
clients on different OS platforms.
Designed for UNIX systems and thus, includes support for UNIX
filesystem features, such as ownership and UNIX-style permissions.
51/68
/50 52/68
/50
Sharing Folders Using NFS Sharing Folders Using NFS
On Windows Server, must first install the Server for NFS server role. NFS was designed for UNIX systems that shared the same user
database, either by coordinating the user ID (UID) and group ID (GID)
numbers assigned to each UNIX user in the UNIX user database stored
Sharing a Folder using Folder Properties. on each system, or by providing centralized authentication for users on
the network using Kerberos.
53 54/68
/50
55/68
/50 56/68
/50
Sharing Folders Using NFS Sharing Folders Using NFS
Sharing a Folder using Server Manager Sharing a Folder using Server Manager
57/68
/50 58/68
/50
Publishing a Shared Folder in Active Directory Publishing a Shared Folder in Active Directory
Active Directory allows you to create objects that represent network
resources, such as shared folders. (publishing)
59/68
/50 60/68
/50
Distributed File System (DFS)
Distributed File System (DFS) provide the
ability to logically group shares on multiple
servers and to transparently link shares into a
single hierarchical namespace.
5
DFS organizes shared resources on a network
Distributed File System (DFS) in a treelike structure.
61 62/68
/50
63/68
/50 64/68
/50
DFS Namespaces DFS Replication
DFS namespace folder provides a visual Allow folders on two or more file servers to synchronize contents.
representation of multiple shared folders
on the network. DFS replication topology:
Full mesh allows each server within
After accessing the DFS namespace the replication group to replicate
folder, users will see subfolders that directly to all other members,
represent the shared folders on the file consuming additional network
servers within the organization. bandwidth as a result.
65/68
/50 66/68
/50
DFS Replication
THANK YOU FOR YOUR ATTENTION
Remote differential compression (RDC)