If you would like to install and use DCB through PowerShell, you need to complete the following Steps;
- Click the Start button, then right-c lick the Windows PowerShell ➢ More ➢ Run as Administrator.
- In the Windows PowerShell console, enter the following command followed by the Enter Key:
Install- WindowsFeature “data- center- bridging”.
Installing DCB using Server Manager
If you would like to install and use DCB through Server Manager, you need to complete the following Steps:
- On the Windows Server 2022 system, open Server Manager.
- Click the Add Roles and Features link.
- At the Before You Begin screen, click Next.
- At the Select installation type screen, choose Role- based or feature- based installation and then click Next.
- The Select destination server screen will be next. Make sure the server that you want to install DCB on is selected and then click Next.
- On the Select server roles screen, just click Next.
- On the Select features screen, check the box for Data Center Bridging. If a dialog box appears asking to install additional features, click the Add Feature button. Then click Next.
- At the Confirmation screen, verify that everything is OK and then click the Install button.
Configuring Permissions
Before I dive into how permissions work, let’s first talk about how clients and servers talk to each other. In the Microsoft Windows world, clients and servers talk to each other using the Server Message Block (SMB) protocol. So we’ll start our discussion there.
Understanding SMB
The Server Message Block (SMB) is a network sharing protocol that allows Windows machines (either client- or server- based operating systems) that are running applications to read and write data to files. SMB also allows systems to request services or resources that are running on remote servers. The one advantage to SMB is that it doesn’t matter what network protocol you are using (TCP/IP, etc.); SMB runs on top of the network protocol that is being used on your corporate infrastructure.
It’s important to understand what protocols work with client- and server-b ased systems because it can affect your network’s performance. For example, when Microsoft released Windows Server 2012, it released SMB 3.0. The issue that many users had was that SMB 3.0 was not compatible with Apple-b ased systems. So if you were running macOS on your network and upgraded to Windows Server 2012, your Apple-b ased systems would not communicate properly. This issue was eventually resolved, but this is why it’s important to understand that SMB file sharing is used between Windows client and server systems.
I will show you how to use PowerShell for configuring SMB shares in the section “Windows PowerShell.” For a complete list of SMB PowerShell commands, visit Microsoft’s website at https://technet.microsoft .com/en- us/library/jj635726(v=wps.630).aspx.
Now that you understand how Windows clients and servers communicate with each other, let’s now look at how we can protect the files and folders that clients access. You can add security to a folder in two ways: NTFS Security or Shared Permissions. But when it comes to securing files, you can secure files in only one way: NTFS Security. So let’s investigate these methods and see how they work independently and then together.
Understanding NTFS
NTFS is an option that you have when you are formatting a hard drive. You can format a hard drive for a Microsoft operating system in three ways:
■ File Allocation Table (FAT) is supported in older operating systems only (Server 2003, Server 2000, XP, and so on).
■ FAT32 is supported in Windows Server 2022.
■ NTFS is supported in Windows Server 2022.
NTFS has many advantages over FAT and FAT32. They include the following:
Compression Compression helps compact files or folders to allow for more efficient use of hard drive space. For example, a file that usually takes up 20 MB of space might use only 13 MB after compression. To enable compression, just open the Advanced Attributes dialog box for a folder and select Compress Contents To Save Disk Space (see Figure 11.9).
FIGURE 11.9 Setting up compression on a folder
Quotas Quotas allow you to limit how much hard drive space users can have on a server. Quotas are discussed in greater detail in the section “Configuring Disk Quotas.”
Encryption Encrypting File System (EFS) allows a user or administrator to secure files or folders by using encryption. Encryption employs the user’s security identification (SID) number to secure the file or folder. To implement encryption, open the Advanced Attributes dialog box for a folder and check Encrypt Contents To Secure Data (see Figure 11.10).
If files are encrypted using EFS and you have to unencrypt the files, there are two ways to do this. First, you can log in using the user’s account (the account that encrypted the files) and unencrypt the files. Second, you can become a recovery agent and manually unencrypt the files.
If you use EFS, it’s best not to delete users immediately when they leave a company. Administrators have the ability to recover encrypted files, but it is much easier to gain access to the user’s encrypted files by logging in as the user who left the company and deselecting the encryption option.
FIGURE 11.10 Setting up encryption on a folder
Security One of the biggest advantages of NTFS is security. Security is one of the most important aspects of an IT administrator’s job. An advantage of NTFS security is that the security can be placed on individual files and folders. It does not matter whether you are local to the share (in front of the machine where the data is stored) or remote to the share (coming across the network to access the data); the security is always in place with NTFS.
The default security permission is Users = Read on new folders or shares.
NTFS security is additive. In other words, if you are a member of three groups
(Marketing, Sales, and R&D) and these three groups have different security settings, you get the highest level of permissions. For example, let’s say you have a user by the name of wpanek who belongs to all three groups (Marketing, Sales, and R&D). Figure 11.11 shows this user’s permissions. The Marketing group has Read and Execute permissions to the StormWind Documents folder. The Sales group has Read and Write, and the R&D group has Full Control. Since wpanek is a member of all three groups, wpanek would get Full Control (the highest level).
FIGURE 11.11 Security settings on the StormWind Documents folder
The only time this does not apply is with the Deny permission. Deny overrides any other group setting. Taking the same example, if Sales has Deny permission for the StormWind Documents folder, the user wpanek would be denied access to that folder. The only way around this Deny is if you added wpanek directly to the folder and gave him individual permissions (see Figure 11.12). Individual permissions override a group Deny. In this example, the individual right of wpanek would override the Sales group’s Deny. The user’s security permission for the StormWind Documents folder would be Full Control.
FIGURE 11.12 Individual permissions
Understanding Shared Permissions
When you set up a folder to be shared, you have the ability to assign that folder’s permissions. Shared permissions can be placed only on the folder and not on individual files. Files have the ability to inherit their permissions from the parent folder.
Shared folder permissions are in effect only when users are remote to the shared data. In other words, if computer A shares a folder called Test Share and assigns that folder shared permissions, those permissions would apply only if you connected to that share from a machine other than computer A. If you were sitting in front of computer A, the shared permissions would not apply.
Like NTFS permissions (discussed in the previous section), shared permissions are additive, so users receive the highest level of permissions granted by the groups of which they are members.
Also, as with NTFS permissions, the Deny permission (see Figure 11.13) overrides any group permission, and an individual permission overrides a group Deny.
The default shared permission is Administrators = Full Control. The shared permissions going from lowest to highest are Read, Change, Full Control, and Deny. Table 11.2 compares the two different types of permissions and security.
FIGURE 11.13 Setting up permissions on a shared folder
TABLE 11.2 NTFS security vs. shared permissions
Description | NTFS | Shared |
Folder- level security. | Yes | Yes |
File- level security. | Yes | No |
In effect when local to the data. | Yes | No |
In effect when remote to the data. | Yes | Yes |
Permissions are additive. | Yes | Yes |
Group Deny overrides all other group settings. | Yes | Yes |
Individual settings override group settings. | Yes | Yes |