Setting up a secure file server with Server2003

  
There is a function in Windows Server 2003 management tool called "Manage your server". After starting the tool, you can see all the services enabled on the current server and manage these services. Clicking on the "Add or Remove Roles" link on this screen will launch a wizard to configure the server. Click "Next" to enter the "Server Role" step, select the file server in the Windows Server 2003 supported role list and click "Next" to start the process of enabling and configuring the file service.

According to the system prompts to set quotas, the disk quota function can limit the user's use of disk space, and facilitate disk space management. Set the disk space limit to 300MB, set the warning to 260MB, and check the option "Deny disk space to users who exceed the quota limit." In this case, the user will not be able to use more than 300MB of hard disk space, and record a system event when the user's space reaches the set 260MB warning line, as shown in Figure 1.

After completing the quota setting, click “Next” to enter the index service setting interface. The default option is to not enable the indexing service. Although the indexing service can speed up the retrieval of files, since it consumes a lot of server resources, it is recommended to keep the default settings if you do not need to retrieve files frequently.

After confirming the above settings, the installation wizard will pop up a wizard for creating a shared folder. First you need to choose the path to the shared folder, such as C:Inetpubhome. Then enter the maintenance share name and the interface about the share description, usually keep the default settings. Click Next to begin setting permissions for the share. Basic permissions include full access and read and write permissions.

Select "Use custom sharing and folder permissions", click the custom button and pop up the custom permission settings interface. Here you can set different permissions for different users as needed. For example, you can set full control over the Administrators user group to give all administrators full management rights to the shared folder, and set read permissions for the Guest user so that anonymous users can download. Files in this folder, while deleting the original Everyone this, block all other user permissions.

At this point, the basic sharing settings are completed. If there are other folders that need to be set to share, you can continue the next sharing by checking the option "Run the wizard again after closing" before closing the wizard. Settings. After finishing all the wizards, you can see the contents of one file server in the “Manage Your Server” interface. Click the “Manage this file server” link to open the file server management interface, where you can perform various file services. management.

In addition, when entering the property item of the right-click menu, you can also manage the sharing and permissions, but the quota function can be applied only when the object that is clicked is a disk partition, because the quota function is for the disk volume. Executed, and the volume must be in NTFS format.

file backup and restore

Because data security and availability is also very important for file servers, so after you set up a file server permissions and quotas and other parameters, the need for Files are backed up and restored. The backup feature of Windows Server 2003 uses a technique called Volume Shadow Copy. You can find the "Backup File Server" link on the file server management interface. You can get the same effect as clicking the link by executing the ntbackup command from the command line, that is, executing the backup wizard.

Tick off the option "Always start in wizard mode", you can go directly to the "Backup Tool" interface the next time you execute the command. As you can see in this interface, in addition to the backup and restore functions, Windows Server 2003 includes a function called Automatic System Recovery Wizard (AMR), which is mainly used to back up the system partition. The standard backup function based on the shadow copy technology allows the user to operate according to the system instructions.

The Shadow Copy feature creates a backup of files stored in a shared folder at pre-planned intervals and restores the file to the version at any time. The recovery behavior of the shadow copy can be performed on the client, effectively improving the efficiency of data restoration, without having to trouble the administrator every time, and the user can perform the restoration operation related to his own data at any time.

To perform these operations, you need to install the shadow copy client program on the client machine. After browsing the share on the file server through this client machine, right click on the share or the file in the share. There is a "Previous Version" tab in the Properties dialog. All versions previously saved by the file are shown here and can be restored to any version. Only shadow member copies can be set up by members of the Administrators group, and shadow copies must be implemented on NTFS formatted disk volumes. Shadow copies default to 10% of the space on the volume with this feature enabled to hold backup data (minimum 100MB), and will overwrite the previously created copy once the space limit is exceeded.

enable shadow copy feature is very simple, to find "configure volume shadow copy" link in the file server management interface, you can also find shadow copies tab in the Properties menu NTFS volume of the right, through two This way you can enter the same management interface to enable the setting, disable, and capacity and time planning of shadow copies.

In the "Backup Tool" management interface, users can specify which files (including system registry data and boot files, etc.) need to participate in the backup plan, or specify the time schedule for performing these backup operations. These backup operations are based on the shadow copy technology, and the backup result file is slightly larger than the backup content.

It is recommended that users maintain a weekly backup operation, back up all data once, and the backed up files will be marked as “backed up”; at the same time maintain a daily differential backup plan , back up those files that have been modified every day. Applying this combination plan for data backup is more manageable and can effectively guarantee data recoverability.

Note that: shadow copy backup of the number of space depends not only on the size of the backup file, but decided to document the frequency of changes for the system partition so that there are a lot of swap partition for file operations, Do not perform a backup of the entire disk volume, as shown in Figure 2.

Distributed File System

Distributed file system is one of the core technologies of Windows system network storage architecture, which can connect files located in different locations on the network under the unified namespace. . To start the Distributed File System tool in the Administrative Tools, first create a root directory. Right-click on "Distributed File System" on the left side of the management interface, select "New Root Directory", and follow the wizard to fill in the required information to complete the operation. Continue to right-click on the root directory you just created and select "New Link" to link the shared directory located on other computers on the network to the root directory you just created. After linking all the shared directories to be aggregated to this root directory, you can access these files by browsing the directory tree in the root directory, instead of having to access these files by accessing multiple actual network locations.

Postscript: In this article the author describes the configuration on a Windows Server 2003 server file services, and focus on explaining the establishment of sharing, quota management, permissions and backup aspects of the operation. Most of the content in this article also applies to Windows 2000 servers. Windows Server 2003 also has some more advanced file features that can be applied to file servers such as file encryption, virtual disks, and more.



Copyright © Windows knowledge All Rights Reserved