Monday, March 28, 2011

Windows Server 2008 File Classification Management

Server 2008 R2 FSRM includes a new feature called file classification, based on the new File Classification Infrastructure or FCI. File classification allows an organization to define properties and rules that will add specific file properties to better define the characteristics of the classified files. File classification properties are supported on a Windows Server 2008 R2 NTFS partition and the file classification properties will follow Microsoft Office 2007 files and SharePoint files when moved around. All other files that are classified will have their properties stored within the NTFS volume they are hosted on, but if the files are moved to other Windows Server 2008 R2 NTFS volumes, these properties will follow the files.

File classification in Windows Server 2008 R2 is the first release of this feature and is sure to be more and more valuable as third-party Microsoft partners and independent software vendors extend the functionality included with the default framework provided. Currently, out of the box, Microsoft Windows Server 2008 R2 allows administrators to create file properties and automatically classify files with these properties based on the file location and, in some cases, based on the content stored within the file. The steps to file classification include, first, enabling and defining file properties that can be used for classification and, second, creating classification rules that will actually classify files according to the criteria defined within the rule, and properties and values that are applied to this rule. Once files are classified, file management tasks can be created to perform tasks upon classified files, such as moving files to designated folders or performing custom tasks such as running automated scripts to perform any number of tasks related to the particular file classifications.

The best way to understand file classification is to start defining file classification properties, file classification rules, and file management tasks on data that has been copied from a server share to an isolated lab server running Windows Server 2008 R2. Once a file is classified and has properties defined, these properties cannot be removed—they can only be overwritten or merged with other properties, so performing any sort of learning or testing on production data can result in undesired changes that would require heavy manual work to reverse. To begin using the file classification features of Windows Server 2008 R2, install the File Server Resource Manager service and tool, then perform the steps outlined in the proceeding sections.

Source of Information : Sams - Windows Server 2008 R2 Unleashed (2010)  

Saturday, March 26, 2011

Windows Server 2008 - Generating Storage Reports with FSRM

The File Server Resource Manager provides the ability to create or automatically generate reports for quota and file screen activity. The various reports that can be generated include the following:

. Duplicate Files
. File Screening Audit
. Files by File Group
. Files by Owner
. Files by Property
. Large Files
. Least Recently Accessed Files
. Most Recently Accessed Files
. Quota Usage


Generating Reports in Real Time
Reports can be generated on a real-time basis to view the file storage information on demand. To generate a report, right-click the Storage Reports Management node of the FSRM utility, and choose Generate Reports Now. Then do the following:

1. Click on the Add button to define the scope of the volumes or folders that the report will be based on (for example E:\UserShares) and click OK to return to the Storage Report Task Properties window.

2. Choose which report or reports will be generated by checking the check box for the particular report type.

3. Choose the report format for the new report (for example, the default option of DHTML) by checking the appropriate check box in the Report Formats section of the window.

4. Click OK when the report options are configured.

5. A new window opens, prompting you to decide to wait for the report to generate and automatically display the report or to generate the report in the background and store it in the default report location. Select the Wait for Reports to be Generated and Then Display Them option and click OK.

6. Each report will be displayed in a separate browser window or tab; close or save the reports as desired.


Scheduling Reports to Be Generated on a Regular Basis
Reports can be generated on a regular basis (such as weekly or monthly), typically for the purpose of reporting file storage information to management. To schedule a report, rightclick the Storage Reports Management node of the FSRM utility, and choose Schedule a New Report Task. Then do the following:

1. Click on the Add button to choose the volume or file share that you want to generate a report, such as R:\UserShares.

2. Choose which report or reports will be generated; by default, all reports will be selected except the Files by Property report.

3. Choose the report format you want to use—for example, the default option of DHTML.

4. Select the Delivery tab if the report should be emailed as well as stored in the global StorageReports folder.

5. Select the Schedule tab, and click the Create Schedule button to create a schedule for the automated report generation. Click OK when the desired schedule or schedules are defined.

6. Click OK when you are finished.

The report or reports specified will be generated at the scheduled intervals and any email addresses specified on the Delivery tab will have the reports emailed to them when the reports are generated. The scheduled report will be listed in the tasks pane when the Storage Reports Management node is selected. The scheduled report can be generated at will by right-clicking on the scheduled report and selecting Run Report Task Now.

Source of Information :  Sams - Windows Server 2008 R2 Unleashed

Wednesday, March 23, 2011

Windows Server 2008 - Creating File Screens

Another function of the File Server Resource Manager is the ability to create file screens. A file screen applied to a folder inspects the file to be stored and either allows or disallows a user from saving the file based on the file screen. A file screen blocks files from being stored within folder and all subfolders. As an example, an organization can allow the storage of all undefined documents and deny the storage of *.mp3 audio files and *.mpg video files by applying a file screen that contains these two file types to a particular folder or set of folders.

To create a file screen, perform the following steps:

1. Open the File Server Resource Manager and expand it.

2. Double-click File Screening Management.

3. Select the File Screens node. In the Actions pane, click Create File Screen.

4. In the Create File Screen window, specify the path for the file screen, such as
E:\UserShares.

5. In the File Screen Properties section of the window, select the Derive Properties from This File Screen Template option button, or choose Define Custom File Screen Properties depending on whether you want to apply a template or create a custom screen. For this example, choose the Derive Properties from This File Screen Template option button, and select Block Audio and Video Files from the drop-down menu. Click Create to create the new file screen.


Creating a File Screen Template
Windows Server 2008 R2 provides several functional file screen templates, but when customized file screens are required, administrators can create new file screen templates. A file screen template includes file groups, screening policies, and notification settings:

» File groups—The administrator can define the file types into groups, such as Office 2007 file groups containing *.docx Microsoft Word files and *.xlsx Microsoft Excel files.

» Active screening and passive screening—An active screen does not enable a user to save file types by design, whereas a passive screen allows the file type, but it is logged for monitoring and reporting functionality.

» Notifications—When a user attempts to save a file that matches the file screen designation, a notification can be generated. The notification can be the automatic generation of an email warning or event log, a script can be executed, and a report can be generated and sent out immediately.

To create a new file screen template, perform the following steps:
1. Open the File Server Resource Manager and expand it.

2. Double-click File Screening Management.

3. Select File Screen Templates. In the Actions pane, click Create File Screen Template.

4. In the Create File Screen Template window, enter a name for the template—for example, Company Standard File Screen Template.

5. Select the Active Screening option button.

6. In the File Group section, check the boxes next to the following file groups:
. Audio and Video Files
. Backup Files
. Executable Files
. System Files

7. Configure the notification settings on the E-mail, Event Log, Command, and Report tabs, as required.

8. On the Settings tab, review the configuration, and click OK to create the new file screen.

It is important to note that file screens are based on the filename or filename extensions defined within the file groups applied to the file screen. A savvy end user can simply rename a screened file to bypass the file screen, but Windows Server 2008 R2 has the ability to detect some files by their characteristics and not necessarily by the file extension name, so extended testing should be performed when very strict file screening enforcement is required to ensure the highest level of reliability.

File Screen Exceptions
In many cases, as with quotas, file screen standards can be created and applied to server storage, but certain file types might be required or certain users might require storage of blocked file types. In these cases, file screen exceptions can be created and applied to subfolders of a file-screened parent folder. For example, in the previous example, a template was created to block executables but a file screen exception could be created to allow executable files in a subfolder. Of course, the subfolder should be secured by NTFS permissions to limit who can save these types of files to the folder.

Source of Information : Sams - Windows Server 2008 R2 Unleashed (2010) 

Sunday, March 20, 2011

Windows Server 2008 - Adjusting Quotas

When an auto apply quota is created on a folder, all new subfolders of that parent folder will inherit the quota. In some cases, it might be necessary to exclude a particular subfolder from the parent folder quota or to modify the quota of that particular subfolder. When this is necessary, an administrator simply needs to right-click the quota of the particular folder and select Edit Quota Properties. In the Quota Properties window, the quota can be disabled by checking the Disable Quota check box or the quota space limit can be adjusted.


Creating a Quota Template
When working with quotas, rather than defining the storage limits on each and every folder being issued a quota, an administrator can create a quota template and apply the template to the folder, simplifying the quota policy creation process. Within the quota template, the administrator can define the following:

» Amount of disk space of the quota—The administrator can define in KB, MB, GB, or TB the amount of space to be set as the quota for the template.

» Hard limit or soft limit—A hard limit does not allow a user to extend beyond the hard limit for storage, whereas a soft limit gives the user a warning they have exceeded the policy limit; however, it allows the user to continue to save files beyond the limit.

» Notification thresholds—When the storage limit nears or reaches the quota limit, a series of events can occur, such as the automatic generation of an email warning, event log entry, or a script can be executed.


To create a new quota template, click on the Quota Templates node beneath the FSRM console within the Server Manager File Services Role node, and perform the following steps:

1. Click on Create Quota Template in the Actions pane to open the Create Quota Template window.

2. Type in a name of the template—for example, 500mb Hard Limit for Sales—and enter a label of Quota Template for Sale Staff Users.

3. Specify the storage limit for the quota; for this example, enter 500 and choose MB from the list.

4. Pick whether you want a hard limit or soft limit for the quota; for this example, select Hard Quota: Do Not Allow Users to Exceed Limit.

5. Create notification thresholds by clicking the Add button and defining limits. A common threshold is an 85% limit that notifies users via email that they have achieved 85% of their limit and to consider deleting files so they do not exceed their limit.

6. Click OK when you are satisfied with your settings.

The administrator can now create quotas and apply this template or other templates to the quota settings.

Source of Information : Sams - Windows Server 2008 R2 Unleashed (2010) 

Tuesday, March 15, 2011

Configuring Quotas with File Server Resource Manager

After the File Server Resource Manager service and tool has been installed, an administrator can launch the tool and begin creating FSRM quota and file screening policies. To open the FSRM console, perform the following steps:

1. Log on to the Windows Server 2008 R2 system with an account with administrator privileges.

2. Click Start, click All Programs, click Administrative Tools, and select Server Manager.

3. Double-click on Roles.

4. Double-click on File Services.

5. Double-click on Share and Storage Management.

6. Double-click on the File Server Resource Manager console.


To create a new quota using the File Server Resource Manager console, continuing from the preceding set of steps, perform the following steps:

1. Double-click the Quota Management node under the FSRM console.

2. Select the Quotas node in the tree pane.

3. In the Actions pane, click the Create Quota link to begin the process.

4. When the Create Quota window opens, specify the path for the quota, such as E:\UserShares.

5. Select the Auto Apply Template and Create Quotas on Existing and New Subfolders option button.

6. In the Quota Properties section of the window, select the Derive Properties from This Quota Template option button and from the drop-down menu, select the 200 MB Limit Reports to User template, and click Create.

7. After the quota is created, click the Refresh link in the Actions pane.

8. In the tasks pane, the new quota will be listed, along with the quotas applied to all existing subfolders and the current status of each quota.

9. Review the quotas as desired and close the Server Manager console.

Source of Information : Sams - Windows Server 2008 R2 Unleashed (2010) 

Friday, March 11, 2011

Installing the File Server Resource Manager Tools

The File Server Resource Manager tools can be installed separately or it can be installed during the installation of the File Services role. If the FSRM tools needs to be installed on a system that is not a file server or just installed separately, perform the following steps:

1. Log on to the Windows Server 2008 R2 system with an account with administrator privileges.

2. Click Start, click All Programs, click Administrative Tools, and select Server Manager.

3. Click on the Features node in the tree pane, and then click on Add Features in the tasks pane.

4. The Add Features Wizard opens. On the Select Feature page, click the plus symbol next to Remote Server Administration Tools.

5. Click the plus symbol next to Role Administration Tools.

6. Click the plus symbol next to File Services tools, check the File Server Resource
Manager Tools check box, as shown in Figure 28.10, and click Next to continue.

7. On the Confirm Installation Selections page, review the selections made and click
Install to continue.

8. On the Installation Results page, review the result summary, and click Close to complete the installation.

On a system with the FSRM tools installed but not the File Server role and File Server Resource Manager services, FSRM will only be available from the Administrative Tools menu to manage remote servers. On systems with the File Server role and File Server
Resource Manager services installed, FSRM will be available in the Server Manager console in the File Services group under Roles.


If the File Services role is installed but the File Server Resource Manager tool cannot connect to the system, chances are that during the File Services role installation, File Server Resource Manager was not selected. To add this functionality, the File Service Resource Manager service will need to be added using the Add Role Services from the tasks pane in the Server Manager Role node.

FSRM Global Options
To enable the full functionality of the FSRM service, FSRM notifications, and FSRM auditing and reporting, FSRM global options need to be configured. FSRM settings such as the SMTP server to use for email notifications, notification limits, the location of reports, and enabling file screen auditing can be configured by right-clicking the File Server Resource Manager node in Server Manager, and selecting Configure Options. FSRM settings apply to only the single server they are configured on. These settings can be configured on remote servers using the FSRM console, but settings cannot be created and applied to multiple servers using the FSRM interface.

Source of Information : Sams - Windows Server 2008 R2 Unleashed (2010) 

Tuesday, March 8, 2011

Uses of File Server Resource Manager

FRSM allows administrators to set quotas on volumes and folders as well as implementing file screening functionality or file classification by location or content. Even though in today’s market disk storage is much more affordable than in previous years, the amount of time required to back up and restore the data still needs to be managed. Furthermore, many more organizations need to ensure that their file systems meet certain security and regulatory compliance policies and FSRM can assist with these tasks. Some of the most common uses of FSRM are as follows:

» Setting limits on storage—An administrator can set the limit on how much disk space a user or group of users can store within a system volume or folder. This is the traditional quota limit item that can limit users to store, for example, 100MB of files on the network.

» Providing storage limit flexibility of group data—When a user or group of users need to have different storage limits, rather than allowing these users unlimited access, FSRM can be configured to allow the extension of storage usage beyond the default within specific, designated folders. This can be achieved by applying a strict quota policy on a parent folder and either disabling the quota on a subfolder or applying a less-restrictive quota policy on the necessary folder or folders.

» Enforcing storage policies—FSRM does more than just define storage policies, but can also help administrators enforce the policies by creating reports and generating notifications of policy violations and predefined storage threshold limits, on a realtime or scheduled basis, that can be sent via email, stored in event logs, or stored in designated report folders.

» File screen policies—Administrators can block the storing of a particular type of file or sets of files. In previous years, many organizations were surprised to discover that a significant source of increased data storage requirements had to do with end users downloading and storing music files on the server. File screen exceptions can be created and applied to subfolders as necessary.

» File classification—Administrators can define file classification properties and rules that can be manually run or scheduled to check files and define file classification property values based on the administratively defined rules. This can be useful in identifying data based on usage characteristics or identifying data based on content to ensure higher security and management of sensitive data.

Source of Information : Sams - Windows Server 2008 R2 Unleashed (2010) 

Friday, March 4, 2011

File Server Resource Manager (FSRM)

Windows Server 2008 R2 includes a file system management and reporting configuration tool named the File Server Resource Manager (FSRM). This service and tool was first introduced in Windows Server 2003 R2 and provides administrators with the ability to configure quota management at the volume and folder level, create and apply file screening policies, generate alert notifications and reports on a schedule and in real time, and classify files and folders based on administratively defined criteria.

With the volume-level quota management, previously included with Windows Server versions, administrators were very limited on how quotas could be applied and several issues were encountered. Many organizations that required tighter control of their storage were forced to utilize third-party quota management software to get the functionality they required. With the quota management functionality included with the FSRM service in Windows Server 2008 R2, administrators can now create quotas at a volume or folder level and create exceptions or tighter restrictions as required in subfolders. With this sort of functionality, a standard quota size can be established and specific managers, executives, or administrators or specific departments or collaborative groups could have different quota policies applied on the folders that require different storage settings.

With the file screening functionality of FSRM, organizations can restrict all users from storing certain types of files on server storage; for example, music, video, or executables are common files that are screened for end users. Of course, this can be overridden using file screen exceptions to allow these file types in a specific folder or set of folders beneath the parent folder or volume to which the file screen policy is applied.

The new feature included with Windows Server 2008 R2 FSRM is the File Classification Infrastructure. This new functionality can be used to run scheduled tasks that identify and tag or classify files based on their storage location and/or the content stored within the file. Of course, FCI can only search through the content of certain file types, which does not include encrypted files. As this is the first implementation or release of the FCI on the Windows platform, expect that future releases will detail the types of files that can be classified by content and the built-in actions that can be performed after classification is performed on a set of files.

Source of Information : Sams - Windows Server 2008 R2 Unleashed (2010)