Manager
As an administrator, when you need to control and manage the amount and type of data stored on your servers, Microsoft delivers the tools to help you do just that. The File Server Resource Manager (FSRM) is a suite of tools that allows you to place quotas on folders or volumes, filter file types, and create detailed storage reports. These tools allow you to properly plan and implement policies on data as needed.
FSRM Features
Many of the advantages of using FSRM come from all of the included features, which allow you to manage the data that is stored on your file servers. Some of the advantages included with FSRM are as follows:
Configure File Management Tasks FSRM allows you to apply a policy or action to data files. Some of the actions that can be performed include the ability to encrypt files or run a custom command.
Configure Quotas Quotas give you the ability to limit how much disk space a user can use on a file server. You can limit space to an entire volume or to specific folders.
File Classification Infrastructure You can set file classifications and then manage the data more effectively by using these classifications. Classifying files, and then setting policies to those classifications, allows you to set policies on those classifications. These policies include restricting file access, file encryption, and file expirations.
Configure File Screens You can set file screening on a server and limit the types of files that are being stored on that server. For example, you can set a file screen on a server so that any file ending in .bmp gets rejected.
Configure Reports You can create reports that show you how data is classified and accessed. You also have the ability to see which users are trying to save unauthorized file extensions.
Installing the FSRM Role Service
Installing FSRM is easy when using either Server Manager or PowerShell. To install using
Server Manager, you go into Add Roles And Features and choose File And Storage Services ➢ File Services ➢ File Server Resource Manager. To install FSRM using PowerShell, you use the following command:
Install- WindowsFeature – Name FS- Resource- Manager – IncludeManagementTools
Configuring FSRM using the Windows GUI version is straightforward, but setting up FSRM using PowerShell is a bit more challenging. Table 11.3 describes some of the PowerShell commands for FSRM.
TABLE 11.3 PowerShell commands for FSRM
Get- FsrmAutoQuota | Gets auto- apply quotas on a server |
Get- FsrmClassification | Gets the status of the running file classification |
Get- FsrmClassificationRule | Gets classification rules |
Get- FsrmFileGroup | Gets file groups |
Get- FsrmFileScreen | Gets file screens |
Get- FsrmFileScreenException | Gets file screen exceptions |
Get- FsrmQuota | Gets quotas on the server |
PowerShell Cmdlet | Description |
Get- FsrmSetting | Gets the current FSRM settings |
Get- FsrmStorageReport | Gets storage reports |
New- FsrmAutoQuota | Creates an auto- apply quota |
New- FsrmFileGroup | Creates a file group |
New- FsrmFileScreen | Creates a file screen |
New- FsrmQuota | Creates an FSRM quota |
New- FsrmQuotaTemplate | Creates a quota template |
Remove- FsrmClassificationRule | Removes classification rules |
Remove- FsrmFileScreen | Removes a file screen |
Remove- FsrmQuota | Removes an FSRM quota from the server |
Set- FsrmFileScreen | Changes the configuration settings of a file screen |
Set- FsrmQuota | Changes the configuration settings for an FSRM quota |
Configure File and Disk Encryption
Hardware and software encryption are some of the most important actions you can take as an administrator. You must make sure that if anyone steals hardware from your company or from your server rooms that the data they are stealing is secured and cannot be used. This is where BitLocker can help.
Using BitLocker Drive Encryption
To prevent individuals from stealing your computer and viewing personal and sensitive data found on your hard disk, some editions of Windows come with a new feature called BitLocker Drive Encryption. BitLocker encrypts the entire system drive. New files added to this drive are encrypted automatically, and files moved from this drive to another drive or computers are decrypted automatically.
Windows Server 2022 includes BitLocker Drive Encryption, and only the operating system drive (usually C:) or internal hard drives can be encrypted with BitLocker. Files on other types of drives must be encrypted using BitLocker To Go. BitLocker To Go allows you to put BitLocker on removable media such as external hard disks or USB drives.
BitLocker Recovery Password |
The BitLocker recovery password is important. Do not lose it, or you may not be able to unlock the drive. Even if you do not have a Trusted Platform Module (TPM), be sure to keep your recovery password in case your USB drive becomes lost or corrupted. |
BitLocker uses a Trusted Platform Module (TPM) version 1.2 or newer to store the security key. A TPM is a chip that is found in newer computers. If you do not have a computer with a TPM, you can store the key on a removable USB drive. The USB drive will be required each time you start the computer so that the system drive can be decrypted.
If the TPM discovers a potential security risk, such as a disk error or changes made to the BIOS, hardware, system files, or startup components, the system drive will not be unlocked until you enter the 48- digit BitLocker recovery password or use a USB drive with a recovery key as a recovery agent.
BitLocker must be set up either within the Local Group Policy editor or through the BitLocker icon in Control Panel. One advantage of using BitLocker is that you can prevent any unencrypted data from being copied onto a removable disk, thus protecting the computer.
BitLocker requires that you have a hard disk with at least two partitions, both formatted with NTFS. One partition will be the system partition that will be encrypted. The other partition will be the active partition that is used to start the computer. This partition will remain unencrypted.
Features of BitLocker
As with any version of Windows, Microsoft continues to improve on the technologies used in Windows Server 2022 and Windows 10/11. The following subsections cover some of the features of BitLocker.