NTFS and FAT file systemsA Windows administrator must understand the file systems that Windows supports: the versions of NTFS and FAT (FAT12, FAT16 and FAT32).
NTFS is the near-unanimous default choice, and for good reason. It's far more robust and dependable than the other DOS-derived file systems, better resists data corruption errors and allows more granular permissions control.
This article helps administrators working with NTFS by showing them how to recover encrypted files from an NTFS partition.
NTFS permissions and security functions are only relevant in the context of the Windows installation they're created in. Anyone can take an NTFS drive, read it on another computer and ignore permissions wholesale. In that sense, NTFS security permissions are not intended to serve as a substitute for, say, on-disk encryption; they're just metadata used by a given Windows installation to track which users own and can access what.
However, because NTFS isn't immune to fragmentation, a heavily trafficked file system such as a Web server or database server can benefit from being defragmented regularly. A workstation can also benefit from moderate defragging—once a week or so -- since workstations don't need to be defragged as aggressively as servers.
Another file management issue involves the speed differences between FAT and NTFS. FAT is slightly faster—but the performance increase isn't worth the lack of robustness and the other limitations that come with using FAT as a file system in a production environment.
FAT should only be used when there's no choice in the matter—for instance, on a removable drive that's being transported between operating systems that may not have NTFS support. There's a special procedure for recovering deleted files on FAT via Disk Editor.
Windows' file systems owe a great deal to the nomenclature and structure of DOS file systems, such as the way drives are lettered (typically starting from C:, since A: and B: are still reserved for floppies) and the enumeration of path names. Because of this, administrators must be aware of some of the quirks that can arise, such as the length of a path to a particular file. NTFS allows for much longer path names than FAT and its descendants.
But there may still be applications that fail when attempting to traverse a path of more than a certain length, so it's a good idea to keep paths as short as possible. This not only benefits application compatibility but also preserves your sanity, since trying to remember where something is nested in a directory tree is enough to drive any admin crazy.
CDs and DVDs are routinely used to back up files and folders from systems. But any administrator who does this with directory structures that have long file names or extremely deep paths that exceed 180 characters will often run into problems. The Joliet file system, the default used on most writeable-disk media, has a limit of 128 characters in length, but there are four ways to consistently get around this character limit.
On an NTFS volume, every object (file or folder) has an owner. By default, the owner is supposed to be the user account that created the object. However, if the account used to create the object is a member of the Administrators group or Domain Administrators group, the ownership field in that user's token contains the SID for the group, not the SID for the individual user account. As such, any object created by that admin account will have its ownership field filled in with the admin group name, not the user's accounts. Here's how to set your account as the object's owner.
Administrators also need to make decisions about how files are organized on desktop PCs, or if they're to be stored on PCs at all. Other options include storing user files locally in their user profile or remotely on a file share. This type of decision should be made hand-in-hand with whatever backup plans are being formulated—it's easier to back up one server than 20 workstations, although you may find that your local setup and work habits demand that things remain on workstations and be backed up from there.
File management in Windows Vista
Big changes are taking place in Windows file management. New features make it possible to organize files in ways that are independent of their physical location. Creating something like this in Windows has been ongoing for a long time -- as far back as the late 1990s, when the first theoretical concept of this incarnation, the "Object File System," appeared, but was never brought to fruition.
Windows Vista rolled out a systemwide indexed search system that allowed users to associate metadata with files—not just their names or contents, but tags or descriptors whose schemas can be extended by the user or a software developer. This makes it possible to present files in "stacks"—virtual folders that aggregate files for easy access without actually relocating them.
There are yet few applications that make use of these new features—Windows Vista's own Explorer is the most prominent one—but it's hard to imagine such advances remaining unexploited for too long.
One persistent complaint about Windows pertains to how difficult it can be to open up a folder for simple file sharing across a local network. One method for quick-and-dirty file sharing is HTTP File Server, a tool for those who need help sharing files and want to use something that doesn't rely on any particular version of Windows. This 500K server lets you share out a designated set of files via HTTP. It can be run from whatever directory it's sitting in, so it's a good addition to an admin's USB-drive toolbox. HTTP FIle Server can work on LANs, but can also make use of dynamic DNS services to allow file sharing across the public Internet (provided such a thing isn't a violation of anyone's terms of service).
HTTP File Server sets up a "virtual file system"—an internally maintained list of files that it shares out. This way, you can share out files that are not in any particular folder (although you can share out a whole folder automatically if you wish), so you're not exposing your system to any undue risk.
Once your file sharing program is up and running, Windows Server 2003 users can increase file-sharing security via the operating system's Access-based Enumeration feature.
Access-based Enumeration filters the visibility of shared folders based on the user's access rights. The feature prevents the display of folders or other shared resources which users do not have access to. By enabling this feature, administrators ensure that users can only see the files and folders they need for their work instead of spending time looking through a list of multiple files and folders they do not have access to.
Windows Vista shops may have an easier time sharing files across the network as Windows Vista has ameliorated much (but not all) of this. For instance, on every system there's a Public folder which can be automatically shared out as a read-only or read/write network directory.
Synchronizing folders and files
Synchronizing files and folders is a big headache for Windows administrators. If you need to synchronize files between two servers in different locations that both have Window 2003 Server SP1, and the servers are in the same forest but have different domains, you can use the synchronization tools in the File Server Migration Toolkit, a free download from Microsoft.
If you need to synch folders in Windows Server 2003 or Windows XP first, verify that Offline Files are enabled, as they are not enabled by default. To determine if they are enabled, go through My Computer>Tools>Folder Options>Offline Files.
File management tools
The Windows tool RoboCopy is a popular option for copying large numbers of files and folders, while preserving NTFS-extended attributes such as access control lists and alternate data streams. Although historically simply a command-line tool, RoboCopy has a new Windows GUI, written by a Microsoft systems engineer.
When you think of tools for file management, you probably think of applications like Windows' own Explorer. Depending on the type and volume of files you deal with on a daily basis, something other than the usual Explorer-type system might work better. Consider these Windows Explorer file management alternatives:
An automatic file organizer: A commonly wished-for application is one that automatically sorts and classifies files according to internal criteria -- such as naming convention, metadata and dates -- but there are few programs that seem to fit this particular bill. One such application is Series Sorter, written primarily for managing image directories, but it could be used to sort other varieties of files.
An indexing service: Indexing services crawl the contents of a drive and index the results for fast searching and reporting. If you want to deal with the file system as little as possible and just want to concentrate on pulling out files that match certain criteria, this is the best way to do it -- you don't have to worry about what's stored where. Google Desktop Search and MSN Search are two ways to do this on a computer.
Retrieving lost files and folders
The 'Redirect the My Documents folder' option via Group Policy in the Windows domain is a tool that can help administrators combat most of the file and folder disasters that befall users, including recovering lost files.
However, this option is only a partial solution, as it only redirects the My Docs folder and not the user's other folders, such as their favorites and temp directories. One way around this is to back up your users' computers to their own PC's local hard disk. If your environment utilizes a full version of Windows (not thin clients), you can use the backup utility built into Windows XP to schedule periodic backups of the users' local directories to the local disk. Hard disk space used to be at a premium, but since most newer systems have 40GB drives, that unused space can be used for other purposes without causing storage issues down the road.
Scheduling backups on all the PCs, along with the "Redirect the My Documents" option, the Volume Shadow Copy service and tape/disk nightly backups, can also help with the file recovery process. Local backups can be scheduled manually or via another deployment mechanism, such as logon scripts. This way, you're armed with multiple recovery options to retrieve lost files.
What should you do with those files that are invalid or are no longer needed and take up space? Delete them! But if files are locked, you'll need to unlock them before you can delete them.
A utility called Unlocker unlocks files. It creates a right-click context menu in Explorer that provides a list of which processes are holding a lock on a particular file. Select the processes, click Unlock and the locks are freed up. You're now free to move, delete or modify the file.
File sharing tools and techniques
Windows 2003 Server R2 contains a component, File Server Resource Manager (FSRM), which enables administrators to set storage quota limits and identify and enforce data storage policies.