You are the network administrator for a company that has decided to start using Windows containers. You download the wrong image from Docker. What command allows you to delete an image? A. docker del B. docker rm C. docker kill D. docker dl
You are the network administrator for a company that has decided to start using Windows containers. You want to create a new container. What command should you use? A. docker create B. docker build container C. docker new D. docker build
You are the network administrator for a company that has decided to start using Windows containers. You have built a number of containers. What PowerShell command allows you to view them? A. docker view B. docker see C. View- Container D. Get- Container
You are the network administrator for a company that has decided to start using Windows containers. You have created some images. What command allows you to see your images? A. docker images B. docker info C. docker view D. docker see
You are the administrator for an organization that has started using containers. You need to build and use a Dockerfile. You want to compile and create an image using the Dockerfile. What command do you use? A. Docker run B. Docker rm C. Docker build D. Docker compile
You are the administrator for an organization that has started using containers. You need to build and use a Dockerfile. You want to execute commands within the Dockerfile. What command should you use? A. Docker run B. Docker rm C. Docker build D. Docker compile
You are the network administrator for a company that has decided to start using Windows containers. You want to delete a container. What PowerShell command allows you to do that? A. docker delete B. docker kill container C. Remove- Container D. Delete- docker- Container
You are the administrator for an organization that has started using containers. You need to build a new image using Windows Server Core. What command would you use to get a Windows Server Core image? A. Docker run microsoft/windowsservercore B. docker pull microsoft/windowsservercore C. Docker build microsoft/windowsservercore D. Docker get microsoft/windowsservercore
You have a Windows Server 2022 server named Server1. Server1 has the Web Server (IIS) server role installed. Server1 hosts an ASP.NET Core web app named WebApp1 and the app’s source files. You install Docker on Server1. You want to ensure that you can deploy WebApp1 to an Azure App Service web app from the Azure Container Registry. Which three actions should you perform in sequence? (Choose three.) A. Run the docker push command. B. Run the docker run command. C. Run the docker build command. D. Create a Dockerfile. E. Run the docker pull command.
How do you add another virtual disk to an Azure virtual machine? A. Use the Virtual Hard Disk Wizard. B. Use the Edit Virtual Hard Disk Wizard. C. Choose Disks from the VM options. D. Use the New Virtual Machine Wizard.
Another nice advantage of using containers is that there are hundreds of images that you can use. Docker has a public database of images that you can access. The Docker Hub repository has images for Microsoft, Unix, Linux, and hundreds more. If you want to see what a vendor has out on the repository, just type docker search vendorname. To see what Microsoft has for you in the repository, type docker search Microsoft (see Figure 12.15).
FIGURE 12.15 docker search Microsoft command
You can set up a private repository so that coworkers can share and use the images that you create. After you create your images using the Docker daemon, you can push those images to your corporate Docker Hub repository. You can add users and accounts to the Docker Hub to verify that only your organization’s users are accessing the images.
If you are building images and placing those images on GitHub or Bitbucket, you can use the automatic build repository that is included with the Docker Hub service.
When you are ready to start uploading corporate images to the Docker Hub, create a Docker Hub user account (https://cloud.docker.com). After you have created your account, click the Create menu and choose Create Repository.
You will then be asked to enter a Docker ID namespace for your organization. The repository name must be unique, and it can be up to 255 characters. The namespace will only allow letters, numbers, or the dash (- ) and underscore (_). You are then asked to enter a short description (100 characters or less) and a dull description. Click Create and you are finished.
After your repository is created, you can push images to the repository by putting in the name of your image, your Docker Hub username, the repository name that you created earlier, and the image tag. The following is an example of the docker push command:
docker push <hub- user>/<repo-n ame>:<tag>
Using Microsoft Azure for Images
Azure containers allow you to easily create, configure, and manage your virtual machine containers. The Azure Container Service uses open source scheduling and management tools. By using open source tools, the Azure Container Service connects you with thousands of other users who are also designing, building, and maintaining container images.
Azure administrators have the ability to manage containers at scale with a managed Kubernetes container management and orchestration service that integrates with Azure Active Directory.
Azure includes the Azure Kubernetes Service (AKS). AKS allows you to quickly and easily start developing and deploying cloud- native apps in Azure, datacenters, or at the edge with built- in code- to- cloud pipelines and guardrails.
AKS gives you the ability to have a unified management and governance system for onsite, edge, and multicloud Kubernetes clusters. You can interoperate with Azure security, identity, cost management, and migration services.
The Azure Container Service uses the Docker format, but it is also compatible with Marathon, DC/OS, Kubernetes, or Docker Swarm. Because the Azure Container Service works with all of these different formats, you can work with thousands of applications and images. But since this is Microsoft Azure’s platform, you get all of the security benefits and features that Azure has to offer.
To set up the Azure Container Service, you must first set up an Azure Container Service cluster through the Azure portal. Once you have entered the portal, use the Azure Resource Manager template for Docker Swarm, DC/OS, and Kubernetes, or use the Azure CLI.
When I talk about setting up containers and you are getting ready to start using containers, there is one major requirement that we need to consider. The operating system on the host machine must be the same operating system that is used in the Windows container. . If you install a different operating system in the Windows container, the container may load but you will most likely start to see errors, and there is no guarantee that you’ll be able to use all the container’s functionalities.
So, it is very important to make sure that the version of Windows Server 2022 that you install onto the host system is the same version that you run in the Windows container. One nice advantage to using Windows is that you can check what version of Windows you are using. To do so, enter the system’s Registry (Regedit.exe) and search for the following Registry key (see Figure 12.1):
The host operating system that you are going to run will determine what operating systems you can run in the Windows Server container or Hyper-V container. Not all operating systems are available depending on the host OS image. Table 12.1 shows you all of the supported configurations for each host operating system.
TABLE 12.1 Supported base images
Host operating system
Windows Server container
Hyper- V container
Windows Server 2022 with Desktop
Server Core/Nano Server
Server Core/Nano Server
Windows Server 2022 Core
Server Core/Nano Server
Server Core/Nano Server
Nano Server
Nano Server
Server Core/Nano Server
Windows 10/11 (Pro/Enterprise)
Not Available
Server Core/Nano Server
Installing Docker
So the first step in setting up our Windows containers is to install Docker. Docker is the software package that allows you to create and manipulate containers and images.
Docker is the software package that you install and the Docker daemon is the application that you use to do your configuration and management. After you install Docker, the Docker daemon is automatically installed and configured with default settings.
Docker is a third- party application that Microsoft has started using for containers. The Docker application consists of a Docker engine and a Docker client (Docker daemon). So the first thing that we need to do is install Docker. To begin, download and install the Docker application. Another item that needs to be completed when installing and using Docker is making sure that all of the current Microsoft updates have been installed.
In Exercise 12.1, you’ll learn how to download and install Docker. I will also show you how to get your Windows updates. The steps in this exercise install Docker to a Windows Server 2022 (with GUI) Datacenter operating system, but this installation can be done on a Nano Server or a server with no GUI.
EXERCISE 12.1
Installing Docker
Open an elevated command prompt by clicking the Start button and right-c licking on Windows PowerShell ➢ More ➢ Run As Administrator.
At the PowerShell prompt, type Sconfig. This will bring up the Server Configuration menu (see Figure 12.2). Choose option 6 by entering 6 and pressing the Enter key to update Windows Server 2022.
FIGURE 12.2 Server Configuration screen
3. A screen should appear asking if you want to install All Updates or Recommended Updates only. Choose A for All Updates and press Enter. If there are any updates available, click A for installing all updates and press Enter. The updates will be downloaded and installed.
4. If there were no updates, go to step 6. After all updates have been installed, choose option 13 to restart the server. You’ll see a message asking if you are sure you want to reboot. Click Yes.
5. Log in and restart PowerShell with administrative rights.
6. At the PowerShell prompt, type the following command and press Enter to download the Docker software:
Install- Module – Name DockerMsftProvider -R epository PSGallery – Force
7. If you get a message that the NuGet provider needs to be installed (see Figure 12.3), choose Y and press Enter. If this message doesn’t appear, go to step 9.
FIGURE 12.3 Install NuGet
EXERCISE 12.1 (continued)
8. If you needed to install NuGet, then reenter the following command:
Install- Module – Name DockerMsftProvider – Repository PSGallery – Force
9. Now that we have downloaded Docker, it’s time to install it. At the PowerShell prompt, type the following command (see Figure 12.4) and press Enter.
Install- Package – Name docker – ProviderName DockerMsftProvider
10. A message will appear stating that the package is not trusted and asking if you want to install software from DockerDefault. Click Y and press Enter.
11. Now that Docker is installed, let’s check for updates again and then reboot. Type Sconfig and choose option 6. Click A for All Updates. If there are any updates, click A for installing All Updates.
12. After the updates complete, you will return to the Server Configuration screen. Choose option 13. Click Yes to reboot.
13. Log into the server.
Docker is now downloaded and installed onto the Windows Server 2022 machine. The next step is to work with Docker to install and configure containers.
When using Docker, there are some switches that you can use. Table 12.2 shows some of the Docker switches and what each switch does. You’ll use these commands to manage Windows or Linux containers using the Docker daemon. These commands can be run in PowerShell or at an elevated command prompt.
Table 12.2 is just a partial list of Docker commands. To see a more complete list, go to Microsoft’s website at https://docs.docker.com/ engine/reference/run. In the left- hand window, the entire list is under Engine (Docker) CLI.
Introduction to Containers627
TABLE 12.2
Docker PowerShell and command- line commands
Command
Description
docker attach
This command allows you to attach to a running container.
docker build
Using this command allows you to build an image from a Docker file.
docker checkpoint
You can use this command to manage a Docker checkpoint.
docker commit
This command allows you to debug and build a new image.
docker container
This command allows you to manage containers.
docker cp
Using this command allows you to copy files and folders between the container and the local computer system.
docker create
This command gives you the ability to create a new container.
docker deploy
You can use this command to create and modify a stack.
docker diff
This command allows you to view changes to files or directories in the container’s filesystem.
docker events
This command allows you to see a server’s events in real time.
docker exec
You can use this command to run a new command in an existing container.
docker image
This command (along with its options) allows you to manage your images.
docker info
Using this command allows you to view system information of the Docker installation.
docker kill
This command allows you to terminate running containers.
docker login
You can use this command to log into the Docker registry of a server.
docker pause
This command allows you to pause all processes within a container.
docker port
Use this command to view the port mappings for a container.
docker ps
This command allows you to view all the containers.
docker pull
You can use this command to pull an image from a registry.
Policy
Result
no
This setting will not automatically restart the container. This is the default setting for a container.
on- failure [:max- retries]
This setting will restart the container only if the container has a non- zero exit status. Also, you have the ability to limit the number of restart retries that the Docker daemon will attempt.
always
This setting will always restart the container. When the setting is set to always, Docker will try to restart the container indefinitely. The container will also always start on daemon startup.
unless- stopped
This setting will always restart the container unless the container was stopped before the restart.
TABLE 12.2 Docker PowerShell and command- line commands (Continued)
Command
Description
docker push
This command allows you to push an image to a registry.
docker rename
This command allows you to rename a container.
docker restart
Using this command allows you to restart a container.
docker rm
You can use this command to remove a container.
docker run
Using this command (along with the options), you can add to or override the image settings set by a developer.
docker save
This command allows you to save images to an archive.
docker search
This command allows you to search the Docker Hub for images.
docker start
This command allows you to start a stopped container.
docker stop
This command allows you to stop a running container.
docker update
You can use this command to update the configuration of a container.
docker version
This command allows you to view the Docker version information.
After Docker is installed, you may want to configure the Docker daemon to specify how Docker will start and stop after a system restart or when the system needs to reboot. If you want to set a restart policy, use the – restart flag with the Docker run command.
As stated throughout this book, PowerShell is a command- line shell and scripting tool. BranchCache has many different PowerShell cmdlets that allow you to configure and maintain the BranchCache feature. Table 11.5 shows just some of the different PowerShell cmdlets for BranchCache.
TABLE 11.5 PowerShell cmdlets for BranchCache
Add- BCDataCacheExtension
Increases the amount of cache storage space that is available on a hosted cache server by adding a new cache file
Clear- BCCache
Deletes all data in all data and hash files
Disable- BC
Disables the BranchCache service
Disable- BCDowngrading
Disables downgrading so that client computers that are running Windows 10 do not request Windows 7/8 specific versions of content information from content servers
Enable- BCDistributed
Enables BranchCache and configures a computer to operate in distributed cache mode
Enable- BCHostedClient
Configures BranchCache to operate in hosted cache client mode
Enable- BCHostedServer
Configures BranchCache to operate in hosted cache server mode
Enable- BCLocal
Enables the BranchCache service in local caching mode
Export- BCCachePackage
Exports a cache package
Export- BCSecretKey
Exports a secret key to a file
Get- BCClientConfiguration Gets the current BranchCache client computer settings Get- BCContentServer Gets the current BranchCache content server settings Configuration Get- BCDataCache Gets the BranchCache data cache Get- BCStatus Gets a set of objects that provide BranchCache status and configuration information Import- BCCachePackage Imports a cache package into BranchCache Import- BCSecretKey Imports the cryptographic key that BranchCache uses for generating segment secrets Set- BCAuthentication Specifies the BranchCache computer authentication mode
Cmdlet
Description
Set- BCCache
Modifies the cache file configuration
Set- BCSecretKey
Sets the cryptographic key used in the generation of segment secrets
Enhanced Features in Windows Server 2022 BranchCache
Microsoft continues to improve on many of the features of Windows Server, and BranchCache is no different. Microsoft has improved BranchCache in Windows Server 2022 and Windows 10/11. The following list includes some of the enhanced features:
Office sizes and the number of branch offices are not limited. Windows Server 2022 BranchCache allows any number of offices along with any number of users once you deploy hosted cache mode with multiple hosted cache servers.
There are no requirements for a Group Policy Object (GPO) for each office location, streamlining deployment. All that is required to deploy BranchCache is a single GPO that contains a small number of settings.
Client computer configuration is easy. You have the ability to configure their clients through the use of a GPO. If this is done, client configuration will automatically be configured through the GPO, and if a client can’t find a hosted cache server, the client will automatically self- configure as a hosted cache mode client.
BranchCache is deeply integrated with the Windows file server. BranchCache is automatically integrated with Windows file server technology. Because of this, the process of finding duplicate pieces in independent files is greatly improved.
Duplicate content is stored and downloaded only once. BranchCache stores only one instance of the content on a hosted cache server or content server, and because of this, you get greater disk storage savings. Since client computers at the remote offices download only one instance of any content, your network saves on additional WAN bandwidth.
Small changes to large files produce bandwidth savings. One advantage of BranchCache is the file server chunking system that helps divide files and web pages into smaller parts. Now when a file is changed, only the part of that file that has been changed gets replicated. This allows BranchCache to use lower bandwidth requirements.
Offline content creation improves performance. When BranchCache is deployed as content or file servers, the data is calculated offline before a client even has the chance to request it. Because of this, the systems get faster performance and bandwidth.
Cache encryption is enabled automatically. BranchCache stores its cached data as encrypted data. This guarantees data security without the need to encrypt the entire drive.
Summary
In this chapter, I discussed file servers and how they can be effective on your network. I also discussed sharing folders for users to access, and then I discussed how to publish those shared folders to Active Directory.
You learned about NTFS security versus shared folder permissions and how to limit users’ hard drive space by setting up disk quotas. The chapter also covered the Encrypting File System (EFS) and how users can encrypt and compress files.
I also discussed how configuring file and storage solutions can be highly effective within your organization. You now have a better understanding of how Windows Server 2022 can provide you with extended functionality for effectively controlling corporate data.
I talked about Data Deduplication and how it can help protect your corporate data and also provide a backup solution.
This chapter took you through the use of many server tools and utilities such as DFS and encryption. Distributed File System allows you to set up a tree structure of virtual directories that lets users connect to a shared folder anywhere throughout the entire network.
You also learned about EFS and how to use Cipher to modify or configure EFS in a command window. Cipher is the best way to change encrypted directories and files.
Exam Essentials
Know storage technologies. Understand how to use the Fibre Channel, iSCSI, and NAS storage technologies. Know how to configure an iSCSI initiator and how to establish a connection to a target. Practice configuring tiered storage and using thin provisioning and trim.
Know how to configure NTFS security. One of the major advantages of using NTFS over FAT32 is access to additional security features. NTFS allows you to put security at the file and folder layers. NTFS security is in effect whether the user is remote or local to the computer with the data.
Know how to configure shared permissions. Shared permissions allow you to determine the access a user will receive when connecting to a shared folder. Shared permissions are allowed only at the folder layer and are in effect only when the user is remote to the computer with the shared data.
Understand how NTFS and shared permissions work together. NTFS and shared permissions are individually additive— you get the highest level of security and permissions within each type. NTFS is always in effect, and it is the only security available locally. Shared permissions are in effect only when connecting remotely to access the shared data. When the two types of permissions meet, the most restrictive set of permissions applies.
Exam Essentials
Know how to configure disk quotas. Disk quotas allow an organization to determine the amount of disk space that users can have on a volume of a server. You can set up disk quotas based on volumes or by users. Each volume must have its own separate set of disk quotas.
Understand data deduplication. Know that data deduplication involves finding and removing duplicate data within the company network without compromising its integrity. Understand that the goal is to store more data in less space by segmenting files into small chunks, identifying duplicate chunks, and maintaining a single copy of each chunk.
Know how to configure DFS. Distributed File System in Windows Server 2022 offers a simplified way for users to access geographically dispersed files. The DFS Namespace service allows you to set up a tree structure of virtual directories that lets users connect to shared folders throughout the entire network.
Understand EFS and Cipher. Users can encrypt their directories and files by using EFS. Understand how Cipher can help you configure or modify an EFS object while in the command prompt.
Windows Server has come a long way in terms of its file and storage capabilities. I have talked quite a bit about the new features and functionality provided in Windows Server 2022. In this section, you will take a closer look at some of the advanced configuration options available in the Network File System (NFS), BranchCache, and the File Server Resource Manager (FSRM).
Configure the NFS Data Store
The NFS role service and feature set gives IT administrators the ability to integrate a Windows Server–based environment with Unix- based operating systems. Most corporate environments today consist of a mixed operating system infrastructure to some extent. Using a Windows NFS file server, you can configure file shares for use by multiple operating systems throughout the environment.
Windows Server 2022 takes those capabilities even further by enabling you to integrate with platforms such as ESXi. ESXi is vMware’s exclusive operating system–independent hypervisor. ESXi is referred to as a bare- metal operating system because once it is installed on server virtualization hardware, guest virtual machines can be installed without requiring the use of any other underlying operating system. With Windows Server 2022, you can use an NFS share efficiently as an ESXi data store to house all of your guest virtual machines.
Let’s take a look at configuring an NFS data store in Exercise 11.15.
For this exercise, you will need the following:
■A Windows Server 2022 server
■A vMware ESXi 5 server
EXERCISE 11.15
Configure the NFS Data Store
Open Server Manager on your Windows Server 2022 machine.
Launch the Add Roles And Features Wizard from the dashboard.
Install the Server for NFS role on the server. A reboot is not required.
Create a new folder on your server named NFS_Datastore, right- click and select Properties, and then navigate to the NFS Sharing tab.
Click the Manage NFS Sharing button to open the NFS Advanced Sharing page and then check the Share This Folder box. Notice how enabling the share also enables the share’s default settings. The share settings let you configure share authentication and user access further if the need arises. The default settings will work just fine for this exercise.
Click the Permissions tab to open the NFS Share Permissions page. This is where you will configure the type of access that will be allowed by machines accessing this NFS data store. By default, the NFS share permissions are set to Read- Only and do not include root access. For this exercise, you will need to change the type of access to Read- Write and check the box to allow root access.
Click OK to close the NFS Share Permissions page and then click Apply and OK on the NFS Advanced Sharing page. Your new NFS share is now built, ready to be presented as an NFS data store to a VMware ESXi host. Be sure to record the network path displayed on the NFS Sharing tab of the share’s Properties page. You will need that information to perform a proper mount on the ESXi host.
Switch to your ESXi host and launch the Add Storage Wizard from the Configuration tab.
On the Select Storage Type page of the wizard, select the Network File System storage type; click Next to continue to the Locate Network File System page.
On this page of the wizard, you will fill in the server and folder information for the NFS share that you will be using as a vSphere data store. Using the information recorded from step 7, properly fill out the server and folder fields and then name your new data store.
Click Next to continue to the Ready To Complete page of the wizard. Review the information and click Finish. Once the Create NAS data store task completes on the ESXi host, you are ready to use your Windows Server 2022 shared folder as a vSphere ESXi data store.
The previous exercise shows how versatile Windows Server 2022 shares can be. The same principles can be applied to making Windows Server shares available to other Unix- based operating systems such as ESXi. Now that you have configured an NFS data store, let’s take a look at what BranchCache has to offer.
Configure BranchCache
BranchCache is a technology that was introduced with Windows Server 2008 R2 and Windows 7. BranchCache allows an organization with slower links between offices to cache data so that downloads between offices do not have to occur each time a file is accessed.
For example, John comes into work and logs into the network. John accesses the corporate website and downloads a media file that takes four minutes to download. With BranchCache enabled, when Judy comes into work, connects to the corporate website, and tries to download the same media file, the file will be cached from the previous download and Judy will have immediate access to the file.
You can set up two types of BranchCache configurations:
Distributed Cache Mode In the distributed cache mode configuration, all Windows client machines cache the files locally on the client machines. Thus, in the previous example, after John downloaded the media file, Judy would receive the cached media file from John’s Windows 7 version or above (except for home versions).
Hosted Mode In the hosted mode configuration, the cache files are cached on a local
(within the site) Windows Server 2022 machine. So, in the previous example, after
John downloads the media file, the cached file would be placed on a Windows Server 2022 machine by default, and all other users (Judy) would download the media file from the Windows Server 2022 machine.
Distributed Cache Mode Requirements
If you decide to install BranchCache in the distributed cache mode configuration, a hosted cache server running Windows Server 2022 is not required at the branch office. To set up distributed cache mode, the client machines must be running Windows 7 or above (except for home versions).
The Windows client machines would download the data files from the content computer at the main branch office, and then these machines become the local cache servers. To set up distributed cache mode, you must install a content computer (the computer that will hold the original content) at the main office first. After the content server is installed, physical connections (WAN or VPN connections) between the sites and branch offices must be established.
Client computers running Windows 7 Enterprise or higher (from versions listed above) have BranchCache installed by default. However, you must enable and configure BranchCache and configure firewall exceptions. Complete Exercise 11.16 to configure BranchCache firewall rule exceptions.
One issue that can arise occurs when files are changed. There has to be some mechanism that helps files stay accurate. That’s where the Remote Differential Compression (RDC) feature comes into play. RDC is a group of APIs that programs can use to determine whether files have changed. Once RDC determines that there has been a change, RDC then helps to detect which portions of the files contain the changes. RDC has the ability to detect insertions, removals, and rearrangements of data in files. This feature becomes helpful with limited- bandwidth networks when they replicate changes.
To install the RDC feature, use Server Manager and then run the Add Features Wizard, or type the following command at an elevated command prompt: Servermanagercmd – Install Rdc
Now that I have shown you how to install DFS and how DFS works, let’s go ahead and set up DFS. In Exercise 11.14, I will show you how to configure a DFS Namespace and how to add a shared folder to DFS.
EXERCISE 11.14
Setting Up a DFS Namespace
Open DFS Management (Start ➢ Administrative Tools ➢ DFS Management).
Right- click Namespaces (see Figure 11.22) and choose New Namespace.
FIGURE 11.22 Adding a namespace
3. In the Server box, enter the name of the server that will host this namespace (I am using the DFS server). Click Next.
4. At the Namespace screen, enter the namespace you want (see Figure 11.23) to use and click Next.
EXERCISE 11.14 (continued)
5. On the Namespace Type screen, choose Stand- Alone or Domain Based and click Next. I am using a Stand- Alone DFS.
6. At the Review screen, click Create.
7. Click the Close button. Leave DFS open.
8. Go to Windows Explorer by pressing the Windows Key+E.
9. Create a new folder called Home and share the folder.
10. In DFS under the Actions section (right- hand side), choose New Folder (see Figure 11.24).
FIGURE 11.24 New Folder
11. When the New Folder screen appears, type the name for this folder and then click Add.
12. Add the shared Home folder and click OK.
13. After you have entered a name and put in the Home folder (see Figure 11.25), click OK.
FIGURE 11.25 Home folder
14. The namespace has been created and you have added a shared folder to the namespace. Add any of your other shared folders and then close DFS.
As an administrator, when you need to control and manage the amount and type of data stored on your servers, Microsoft delivers the tools to help you do just that. The File Server Resource Manager (FSRM) is a suite of tools that allows you to place quotas on folders or volumes, filter file types, and create detailed storage reports. These tools allow you to properly plan and implement policies on data as needed.
FSRM Features
Many of the advantages of using FSRM come from all of the included features, which allow you to manage the data that is stored on your file servers. Some of the advantages included with FSRM are as follows:
Configure File Management Tasks FSRM allows you to apply a policy or action to data files. Some of the actions that can be performed include the ability to encrypt files or run a custom command.
Configure Quotas Quotas give you the ability to limit how much disk space a user can use on a file server. You can limit space to an entire volume or to specific folders.
File Classification Infrastructure You can set file classifications and then manage the data more effectively by using these classifications. Classifying files, and then setting policies to those classifications, allows you to set policies on those classifications. These policies include restricting file access, file encryption, and file expirations.
Configure File Screens You can set file screening on a server and limit the types of files that are being stored on that server. For example, you can set a file screen on a server so that any file ending in .bmp gets rejected.
Configure Reports You can create reports that show you how data is classified and accessed. You also have the ability to see which users are trying to save unauthorized file extensions.
Installing the FSRM Role Service
Installing FSRM is easy when using either Server Manager or PowerShell. To install using
Server Manager, you go into Add Roles And Features and choose File And Storage Services ➢ File Services ➢ File Server Resource Manager. To install FSRM using PowerShell, you use the following command:
Install- WindowsFeature – Name FS- Resource- Manager – IncludeManagementTools
Configuring FSRM using the Windows GUI version is straightforward, but setting up FSRM using PowerShell is a bit more challenging. Table 11.3 describes some of the PowerShell commands for FSRM.
TABLE 11.3 PowerShell commands for FSRM
Get- FsrmAutoQuota
Gets auto- apply quotas on a server
Get- FsrmClassification
Gets the status of the running file classification
Get- FsrmClassificationRule
Gets classification rules
Get- FsrmFileGroup
Gets file groups
Get- FsrmFileScreen
Gets file screens
Get- FsrmFileScreenException
Gets file screen exceptions
Get- FsrmQuota
Gets quotas on the server
PowerShell Cmdlet
Description
Get- FsrmSetting
Gets the current FSRM settings
Get- FsrmStorageReport
Gets storage reports
New- FsrmAutoQuota
Creates an auto- apply quota
New- FsrmFileGroup
Creates a file group
New- FsrmFileScreen
Creates a file screen
New- FsrmQuota
Creates an FSRM quota
New- FsrmQuotaTemplate
Creates a quota template
Remove- FsrmClassificationRule
Removes classification rules
Remove- FsrmFileScreen
Removes a file screen
Remove- FsrmQuota
Removes an FSRM quota from the server
Set- FsrmFileScreen
Changes the configuration settings of a file screen
Set- FsrmQuota
Changes the configuration settings for an FSRM quota
Configure File and Disk Encryption
Hardware and software encryption are some of the most important actions you can take as an administrator. You must make sure that if anyone steals hardware from your company or from your server rooms that the data they are stealing is secured and cannot be used. This is where BitLocker can help.
Using BitLocker Drive Encryption
To prevent individuals from stealing your computer and viewing personal and sensitive data found on your hard disk, some editions of Windows come with a new feature called BitLocker Drive Encryption. BitLocker encrypts the entire system drive. New files added to this drive are encrypted automatically, and files moved from this drive to another drive or computers are decrypted automatically.
Windows Server 2022 includes BitLocker Drive Encryption, and only the operating system drive (usually C:) or internal hard drives can be encrypted with BitLocker. Files on other types of drives must be encrypted using BitLocker To Go. BitLocker To Go allows you to put BitLocker on removable media such as external hard disks or USB drives.
BitLocker Recovery Password
The BitLocker recovery password is important. Do not lose it, or you may not be able to unlock the drive. Even if you do not have a Trusted Platform Module (TPM), be sure to keep your recovery password in case your USB drive becomes lost or corrupted.
BitLocker uses a Trusted Platform Module (TPM) version 1.2 or newer to store the security key. A TPM is a chip that is found in newer computers. If you do not have a computer with a TPM, you can store the key on a removable USB drive. The USB drive will be required each time you start the computer so that the system drive can be decrypted.
If the TPM discovers a potential security risk, such as a disk error or changes made to the BIOS, hardware, system files, or startup components, the system drive will not be unlocked until you enter the 48- digit BitLocker recovery password or use a USB drive with a recovery key as a recovery agent.
BitLocker must be set up either within the Local Group Policy editor or through the BitLocker icon in Control Panel. One advantage of using BitLocker is that you can prevent any unencrypted data from being copied onto a removable disk, thus protecting the computer.
BitLocker requires that you have a hard disk with at least two partitions, both formatted with NTFS. One partition will be the system partition that will be encrypted. The other partition will be the active partition that is used to start the computer. This partition will remain unencrypted.
Features of BitLocker
As with any version of Windows, Microsoft continues to improve on the technologies used in Windows Server 2022 and Windows 10/11. The following subsections cover some of the features of BitLocker.