|
|
| 70-210
Windows 2000 TechNote: |
| Implementing
and Conducting Administration of Resources |
FILE SYSTEMS
Back to top
Windows 2000 support the following file systems:
FAT
Back to top
Disks formatted with the FAT file system can be accessed by
MS-DOS, all versions of Windows and OS/2. Maximum supported
volume size is 4 GB, the maximum file size is 2 GB. This file
system should only be used on removable media such as floppy
disks and disks smaller than 512 MB.
FAT32
Back to top****
The faster file system FAT32 is often used in multi-boot situations
with operating systems that do not support NTFS. Disks formatted
with the FAT32 file system are supported by Windows 95 OSR2,
Windows 98 and ME, Windows 2000, and Windows XP. Windows NT
4 and earlier cannot access FAT32 volumes. The maximum supported
volume size for FAT32 is 2 TB, but Windows 2000 can format up
to 32 GB only. The maximum file size is 4 GB. The minimum size
for a FAT32 volume is 512 MB. You cannot format removable media
such as floppy disks with FAT32.
NTFS
Back to top
Disks formatted with NTFS version 5 can only be accessed by
Windows NT 4.0 with Service Pack 4 and higher, Windows 2000
and Windows XP. NTFS supports a volume size over 2 TB and the
maximum file size is limited only by the available free space.
You cannot format removable media such as floppy disks with
NTFS. Besides being able to handle large disks, NTFS is the
preferred file system for Windows 2000 and XP because of the
extra features it offers, including:
- File and folder permissions - (discussed later in this TechNote)
- File and folder compression - (discussed later in this TechNote)
- Encrypted File System (EFS) - (will be covered in another
TechNote)
- Disk Quotas - Allows quotas to be assigned to users for disk
space usages per volumes. Quotas are only available on NTFS
volumes and can be enabled and configured on the Quota tab on
a volume's Properties sheet.
CDFS
Back to top
This is the file system used on compact discs. You cannot format
regular disks with this file system.
Converting File Systems
Back to top
You can convert FAT file systems to NTFS using the following
command: convert c: /fs:ntfs
The convert utility cannot be used to convert from NTFS to another
file system. For example if you converted a FAT32 partition
to NTFS and you want to revert it back to FAT32, you will have
to create a full backup, reformat the drive with FAT32, and
restore the backup.
FILE AND FOLDER COMPRESSION
Back to top
NTFS Compression
Back to top
NTFS Compression allows compression of individual files, folders,
as well as entire NTFS drives. The process of compression and
uncompression is transparent to the user. For example, when
a user opens a document from a NTFS compressed disk, the document
is uncompressed automatically, when the user saves the document
it is compressed again. This process might decrease your computer’s
performance, it's best to compress static data and only if it
really saves space, you don't want to waste CPU cycles compressing
a ZIP or .MP3 file for example. An NTFS-compressed file cannot
be encrypted, and an encrypted file cannot be compressed.
You can enable compression for a volume when you format it.
To enable compression on an existing volume, right-click it
and choose Properties from the context menu, on the General
tab enable the option Compress drive to save disk space.
To compress a file or folder, right-click it and choose Properties
from the context menu, click the Advanced button and below Compress
and Encrypt attributes enable the option Compress contents
to save disk space. When you enable compression on a folder
or volume, Windows will ask if you want to enable compression
for all the files and subfolders in the folder or volume as
well. Besides the GUI youcan also use the command compact
to compress or uncompress a file or folder.
When you copy a compressed file to a folder on the same or a
different volume, it inherits the compression state of the target
folder. This works also vice versa; when you copy an uncompressed
file to a folder with compression enabled, the file will inherit
the the target's compression state and thus it will be compressed.
When you move a compressed file to a folder without compression
on the same volume, the file retains its compression attribute.
When data is moved within the same volume, the data is not actually
relocated, just the pointer to it, this is why it retains the
compression attribute.
When you move a compressed file to a folder without compression
on a different NTFS volume, the file inherits the compression
state of the target folder, if the target is not compressed,
or is a FAT or floppy disk, the file will be uncompressed. A
move between volumes is considered a copy, after the source
file is copied to the target volume the source file is deleted.
By default, compressed files and folders are displayed in a
different color, you can change
this by choosing Folder Options in the Tools menu of My Computer,
click on the View tab and enable the option: Show encrypted
or compressed NTFS files in color.
NTFS FILE PERMISSIONS
Back to top
One of the main reasons to use NTFS is the possibility to assign
permissions for individual files and folders. Each file and
folder on an NTFS volume contains an Access Control List (ACL),
this list is filled with entries for groups and individual user
accounts and their permissions. When a user tries to access
a resource, Windows 2000 checks the ACL if the user it listed
and what type of permission is assigned.
The following permissions can be assigned for files and folders:
| Read |
Allows user to see and
read files and list the contents of folders, subfolders
and volumes, including the attributes, permissions and
ownership of the files. |
| Write |
Allows the same as Read
and additionally allows the user to modify and create
files and (sub-)folders as well as changing attributes. |
| Read and Execute |
Allows the same as Read
and additionally allows users to run applications. |
| Modify |
Same as Read plus Write
and and additionally allows executing applications as
well. |
| Full Control |
Allows everything permitted
by the other permissions and and additionally a user with
Full Control can change permissions and take ownership
of file. |
For folders only, the following additional
permission can be assigned:
| List Contents
|
Allows user to read files
and list the contents of folders and volumes, user with
this permissions can only see the files and folders, not
read or change them. |
To assign NTFS permissions in Windows Explorer/My Computer right-click
a file, folder or drive, and then click Properties and then
the Security tab. Under Group or user names: on the
Security tab, select or add a group or user, and allow
or deny one of the permissions listed in the table
above. Denying permissions is usually only done to make an exception,
for example, you could allow Modify permission for
the Sales group and deny the same permission for certain
people in the Sales department.
Allow permissions are cumulative, for example, John
is a member of the Sales group and the Management group. Sales
has been allowed Modify Permissions for the folder SalesReports
and its files, Management has been allowed Read permissions
for the same folder and the files in it. John's effective permissions
in this case is Modify.
File permissions override folder permissions, for example, if
user David has been allowed Read permissions for the folder
and Full Control permissions for a file work.doc, his effective
permissions for the work.doc file is Full Control.
Besides the permissions listed in the tables above, you can
also assign special permissions by clicking the Advanced
button on the Security tab.
When a user creates a file or folder Windows 2000 automatically
assigns Full Control permissions to the creator/owner. You can
take ownership of a file by replacing the owner with
your own account or with one of the groups you are a member
of. You must have Full Control or the special permissions Take
Ownership to be able to take ownership of a file or folder.
SHARED FOLDERS & PERMISSIONS
Back to top
A shared folder (typically called share) is a folder
or complete drive that is published on the network and can be
remotely accessed by other users. The shared folder can be used
as if it were a local folder; to store data, as well as some
applications that can be run from the share over the network.
Members of the built-in group Administrators, Server Operators
and Power Users can share folders. If the folder that needs
to be shared is located on an NTFS volume, you also need at
least the NTFS permission Read for the folder.
Here are a couple of common ways to create a shared folder:
1. Using the Shared Folders snap-in, which is included by default
in the Computer Management console. In the console tree, click
Shares (below Computer Management|System Tools|Shared Folders).
On the Action menu, click New File Share. You will be prompted
to select the folder or drive, enter the share name and description,
and set permissions.
2. Using the following command at the command prompt: net
share sharename=drive:path
3. In Windows Explorer/My Computer right-click the folder or
drive, click Properties and then the Sharing tab. Enable the
option Share this folder, enter a name for the share, an optional
description and configure other settings.
When you share a folder, you can also set a User limit to allow
a maximum amount of users to be connected to the share simultaneously,
in Windows 2000 Professional, the maximum user limit is 10 regardless
of the number you type in.
You can assign three different share permissions to groups and
individual user accounts, these permissions only apply when
connecting to the share over the network. The share permissions
do not apply to users who logon interactively, if you
want local security use NTFS file and folder permissions.
Share permissions:
| Read |
Allows user to read files and list the
contents of folders and volumes. This allows executing
applications as well. |
| Change |
Allows the same as Read and allows the
user to modify and create files and folders. |
Full Control
|
Allows the same as Change and allows
the user to modify Share permissions as well. |
When you set permissions you can either Allow or Deny them to
a user or group. Typically you would allow a group share permissions
and deny the same permissions to certain members of that group.
The default permissions for new shares is Read to Everyone.
When you combine NTFS permissions and share permissions the
most restrictive permission counts. For example if you create
a folder with files and assign them Full Control NTFS permissions
to Everyone and share the same folder and assign the share permission
Read to Everyone, users connecting through the network will
have Read permissions.
To assign share permissions in Windows Explorer/My Computer
right-click the folder or drive, and then click Properties and
then the Permissions button on the Sharing tab. Under Group
or user names: select or add a group or user, and allow
or deny one of the permissions listed in the table
above. Denying permissions is usually only done to make an exception,
for example, you could allow Change permission for
the Sales group and deny the same permission for certain
people in the Sales department.
By default, Windows 2000 creates several hidden administrative
shares:
| Share |
Purpose |
| Admin$ |
This is the system root, usually C:\Windows,
Administrators are assigned Full Control share permissions. |
| Print$ |
This is the %systemroot%\System32\Spool\Drivers
folder, this folder is created when printers are shared
to allow clients to automatically download the printer
drivers. Administrators and Power users are assigned Full
Control share permissions, Everyone is assigned Read permission. |
C$, D$, E$, etc.
|
Each volume on a hard disk is shared.
to provide easy access of the entire volume to Administrators.
Administrators are assigned Full Control share permissions. |
You can also create hidden shares yourself by adding a $ sign
to the end of the share's name.
Users can connect to a share in several ways, for example:
1. My Network Places/Windows Explorer you can browse to the
share as you would browse through any folder.
2. Using a direct UNC path, for example: //FileServer12/ShareX
3. Using My Network Places/Windows Explorer or the net
use command to map a drive letter to a share (to the
UNC path. Once a drive is mapped to the share you can open the
share using the drive letter. Supports the option of automatically
reconnecting at logon.
Additonal Resources
- Limitations
of FAT32 File System
- HOW
TO: Set Up a File System for Secure Access in Windows 2000
- File
compression overview
|
| |
Current related
exam objectives for the 70-210 exam:
Implementing and Conducting Administration of Resources:
Monitor, manage, and troubleshoot access to files and folders.
- Configure, manage, and troubleshoot file compression.
- Control access to files and folders by using permissions.
- Optimize access to files and folders.
Manage and troubleshoot access to shared folders.
- Create and remove shared folders.
- Control access to shared folders by using permissions.
- Manage and troubleshoot Web server resources.
Connect to local and network print devices.
- Manage printers and
print jobs.
- Control access to printers by using permissions.
- Connect to an Internet printer.
- Connect to a local print device.
Configure and manage file systems.
- Convert from one file system to another file system.
- Configure NTFS, FAT32, or FAT file systems. |
Click
here for the complete list of exam objectives.
|
Discuss this TechNote here |
Author:
Johan Hiemstra |
|
|
|
Members-only
Printer-friendly version
