Using Windows Server 2003 to build a secure file server

Source: Internet
Author: User
Tags command line backup

Enabling and configuring File Services

A feature in Windows Server 2003 's administrative tools is called "Manage Your server," and after you start the tool, you can see and manage all the services that are enabled on the current server. Click the "Add or Remove Roles" link on the interface to start a wizard to configure the server. Click Next to go to the server role step, select the file server in the list of supported roles for Windows Server 2003 and click Next to start the process of enabling and configuring the file service.

Quotas are set according to the system prompts, and disk quotas can limit the user's use of disk space and facilitate disk space management. Set the disk space limit to 300MB, set the warning to 260MB, and check the option "Deny disk space to users exceeding quota limit." In this case, the user will not be able to use more than 300MB of hard disk space, and when the user uses the space to reach the set of the 260MB cordon to record a system event, as shown in Figure 1.

When you have completed the quota settings and clicked "Next" to enter the Indexing Service Setup interface, the default option is to not enable Indexing Service. Although Indexing Service can speed up file retrieval, it is recommended that you keep the default settings if you do not need to retrieve files very frequently, because it consumes a lot of server resources.

After you confirm the above settings, the setup Wizard pops up a wizard to establish the shared folder. First you need to select the path to the shared folder, such as C:\Inetpub\home. You then enter the interface for maintaining the share name and the description of the share, typically maintaining the default settings. Click Next to set permissions for the share, and the basic permissions include full access and read and write permissions.

Select Use custom share and folder permissions, and click the Custom button to play the Customize permission settings interface. Here you can set different permissions for different users depending on your needs, for example, you can set full control on the Administrators user group to give all administrators full administrative rights on the shared folder, set Read permissions for the guest user, and allow anonymous users to download the files in that folder. At the same time delete the original everyone this, shielding all other user rights.

This completes the basic sharing settings, and if there are other folders that need to be shared, you can continue to the next shared setting by checking the "Run this wizard again after shutdown" option before closing the wizard. After you end all wizards, you can see the contents of a file server in the Manage Your server interface, and you can open the File Server management interface by clicking the "Manage this file server" link, where you can manage various file services.

In addition, when you go to the property entry of the right-click menu, you can manage sharing and permissions, but the quota function is only applied when the clicked object is a disk partition, because the quota function is performed on disk volumes and the volume must be in NTFS format.

Backup and restore of files

Because the security and availability of data is also important for file servers, you need to back up and restore files after you set up parameters such as permissions and quotas for file servers. The backup feature of Windows Server 2003 uses a technology called a shadow copy (Volume Shadow copy). The "Backup file Server" link can be found in the File server management interface, and the ntbackup command at the command line can get the same effect as clicking the link, which is to perform the Backup wizard.

Check the "Always Start in Wizard Mode" option and go directly to the Backup utility interface the next time you execute the command. As you can see in this interface, Windows Server 2003 includes a feature called Automated System Recovery Wizard (AMR), in addition to backup and restore functionality, which is primarily used to back up the system partition, which focuses on standard backup capabilities based on shadow copy technology, The user can operate according to the system instructions.

The shadow copy feature creates a backup of the files stored in the shared folder at a predetermined interval, and can revert the files to the version of any one backup. Shadow copy recovery behavior can be done on the client, effectively improve the efficiency of data restore, do not have to trouble the administrator every time to operate, users can also at any time with their own data-related restore operations.

These operations require a shadow copy client to be installed on the client machine, and after browsing to a share on the file server, right-click on the share or the file in the share, and the Properties dialog box has a previous version option page. This shows all versions of the file that were previously saved and can be restored to any version. Only members of the Administrators group can set the shadow copy feature, and shadow copies must be on NTFS-formatted disk volumes to be implemented. Shadow copies by default reserve 10% of the space on the volume on which the feature is enabled to hold the backup data (at least 100MB), and once the space limit is exceeded, the previously created copy is overwritten.

Enabling the shadow copy feature is very simple, and the "Configure Shadow Copies" link is found in the File server management interface. You can also find the option page for a shadow copy in the right-click Properties menu of an NTFS volume, which allows you to enter the same management interface for enabling, disabling, and capacity and schedule settings for shadow copies.

In the Backup Tools management interface, users can specify which files (including system registry data and bootstrap files, and so on) need to be involved in the backup plan, or you can specify a time schedule to perform these backup operations. These backup operations are based on shadow copy technology, and the resulting files for backups are slightly larger than the contents of the backup.

It is recommended that users maintain a weekly backup operation, back up all data once, and that the backed-up files will be marked as "backed up", while maintaining a daily differential backup plan to back up the files that have been modified every day. The application of this combination plan for data backup is more convenient to manage, and can effectively guarantee the recoverability of data.

It is important to note that the amount of space occupied by shadow copy backups depends not only on the size of the backup file, but also on the frequency of file modifications, and not on the entire disk volume backup, as shown in Figure 2, for partitions that have many interchange file operations on the system partition.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.