Storage – Practical Exercises
Overview
This course comes with a virtual lab environment where you can practice what you learn. Launch the lab environment from the Welcome > Getting Started > Practice Lab Environment page. • You will only have four hours in the practical environment.
• The time is cumulative, so you can work a little bit at a time until it adds up the total time allowed. • You may not have enough time to complete all the practical exercises. So, choose wisely. You may want to consider all the hand-on exercises
and decide which ones you want to make sure you work on first.
In most cases, the userid is Adatum\Administrator and the password is Pa55w.rd, but read the instructions carefully. If you are having difficulties with the lab environment check out the Student Lab Guide. This document is available from the Course Handouts page and includes basic troubleshooting and the support desk link.
Recommendation: Bookmark the edX Practice Lab Environment page as you will return to it frequently to perform your hands-on labs!
Notice in the lab environment you can copy information to the virtual machines by using the Actions > Paste Content window. Before you paste the content, be sure your cursor is where you want the copied data.
Module 1 – Disks and Volumes
Disk Structure
In this exercise, you will bring disks online, initialize, format and partition.
Disk Structure (Server Manager) 1. Login to LON-SVR1 as Administrator with the password Pa55w.rd. 2. In Server Manager, select Tools, and select Computer Management. 3. Access Disk Management. 4. Review the volume information such as: Type, File System, Status, Capacity, Free Space, and %Free. 5. Notice Disk2 and Disk3 have red x icons which indicates the disk if offline. 6. Right-click Disk2 (left side) and bring the disk Online. Notice the disk now says, Not Initialized. 7. Right-click Disk2 and select Initialize disk. 8. Notice your choices GPT and MBR. Select GPT (GUID Partition Table) which is not recognized by all previous versions of Windows. 9. Notice Disk2 is now a Basic Disk and that the space is unallocated.
10. Right-click the unallocated space and create a New Simple Volume with the following characteristics. When you are done, Finish creating the volume. • Volume size: 4000 MB • Drive Letter: F: • File system: NTFS (notice the other choices) • Volume label: NTFS 11. Notice there is still unallocated space in Disk2. 12. Open File Explorer, and format the drive. Notice the warning that all data will be erased. 13. Verify the NTFS (F:) is ready to use. Keep Computer Management open as you will use it in the next exercise.
Disk Structure (PowerShell) 1. Open an Administrator Windows PowerShell prompt. 2. View information on all disks in the system. Take a minute to review what is presented. Notice the Number parameter. Get-Disk | Format-List 3. View information just about Disk 2. Verify this is your new 32 GB GPT formatted disk. Get-Disk –Number 2 | Format-List 4. View information about the partitions on Disk 2. Your new F: drive should be shown. Get-Disk –Number 2 | Get-Partition 5. View the help on the New-Partition command. Scroll through the parameters and review the associated syntax. If prompted, do not update the help files. Get-Help New-Partition –Showwindow 6. Use New-Partition to create a new partition on Disk 2. Use drive letter G, and use the maximum size available. New-Partition –DiskNumber 2 –UseMaximumSize –DriveLetter G 7. View the help on the Format-Volume command. Review the parameters and the syntax. Get-Help Format-Volume –Full
8. Use Format-Volume to format the G drive. If prompted, answer Yes to confirm you want to format the drive. Format-Volume –DriveLetter G 9. Return to Disk Management and verify the G drive is shown. If the drive is not shown, right-click Disk Management and then Rescan Disks. 10. Format the new volume, and assign a Volume label of HR to the drive. 11. Verify that Disk 2 now has two healthy partitions.
Managing Volumes
In this exercise, you will extend and shrink a volume.
Extend a volume
1. Login to LON-SVR1 as Administrator with the password Pa55w.rd.
2. Access the Computer Management tool, and then select Disk Management.
3. In Disk 2, you assigned the G: drive to HR and they now need an additional 4 GB of space. Notice there is no more space on Disk 2.
4. Bring Disk 3 online and initialize the disk. Select GPT (GUID Partition Table).
5. Right-click the G: drive and notice your choices. Select Extend Volume.
6. Add Disk 3 with 4000 MB of space.
7. Read and accept the warning that the basic disks will be converted to dynamic disks and that dynamic disks cannot be boot disks.
8. Review the Disk Management information (you may need to Rescan the disks). Notice G: is now Spanned (Layout column) and Dynamic (Type column).
9. Open File Explorer and notice that even though G: spans two physical disks it still is accessed as a single entity G:.
Shrink a volume
1. Right-click the G: volume on Disk2 and Shrink the volume.
2. Enter the amount to shrink in MB (2000).
3. Read the information that says you cannot shrink a volume beyond the point where any unmovable files are located.
4. After shrinking the volume notice both disks are still used.
Redundant Array of Inexpensive Disks (RAID)
In this exercise, you will create and test a disk mirror.
Create a disk mirror
1. Login to LON-SVR1 as Administrator with the password Pa55w.rd.
2. Open Disk Management.
3. Right-click on the Disk 2 F: and Add Mirror. The Add Mirror... option will be greyed out if there isn’t enough another disk online with available space. Make sure Disk 3 is online and there is available space.
4. Read that adding a mirror to an existing volume provides data redundancy by maintaining multiple copies of the data on different disks.
5. Select Disk3 as the mirror.
6. Watch the resynchronization operation as the mirror partition is created. This may take a couple of minutes depending on the size of the volume.
7. While you wait right-click one of the volumes and notice the options to: Remove Mirror... and Break Mirrored Volume... (one or both will be greyed out until the mirror is fully created and synchronized).
8. Notice in the Disk Management information (top pane), the F: drive layout is Mirror.
Test the mirror
1. Switch to File Explorer.
2. If prompted format your disks.
3. Create a couple of test files on the F: drive.
4. In the Disk Management tool, right-click Disk 2 and take the disk Offline. Notice the change in icon and the Disk 2 information changing to Offline.
5. You will start to see Failed Redundancy errors on the disks.
6. Return to File Explorer and verify even with Disk 2 offline you can still access the test files on the F: drive.
7. Bring Disk 2 back online.
Monitoring Disks
In this exercise, you will use Performance Monitor, Task Manager, and Resource Monitor to view disk statistics.
Performance Manager 1. Login to LON-SVR1 as Administrator with the password Pa55w.rd 2. From a command prompt type: perfmon. You can also get to the Performance Monitor from Server Manager Tools. 3. Expand Data Collector Sets, right-click on User Defined, select New, and then Data Collector Set. • Name: Disk Stats • Create from Template (Recommended) • Select each of the different templates and read about how they are used. • In the Template Data Collector Set list, select System Performance • Click Finish. 4. Right-click the Disk Stats data collector set and select Start. This will start a 60 second capture of what is happening on the machine.
5. Expand Reports, User Defined, and Disks Stats. 6. Double click your report starting with the
Task Manager 1. From a command prompt, type: taskmgr Notice on Windows Server systems only the CPU and Memory columns are present. If you run Task Manager on your Windows client you will also see Disk and Network information. 2. Select the Performance tab and then click on Open Resource Monitor. 3. Expand the Disk section and notice the column information for Process ID (PID), File, read (B/sec), Write (B/sec), Total (B/sec), I/O Priority, Response Time (ms). 4. Select an item and then click on the Monitor menu. Notice you can start and stop monitoring processes. 5. Click on the Disk tab and expand the Disk Activity and Storage sections. 6. In the Processes with Disk Activity section notice you can select individual processes. Right-click and notice the available options at the process level. Use Analyze Wait Chain to view processes waiting on another resource. 7. As you have time, explore other areas of Resource Monitor. 8. If you are really into monitoring and troubleshooting, be sure to check out the Sysinternal Suite of tools. There are tools for disks, networking, and processes. 9. Sign out of LON-SV1. Click the End Lab button in the top right.
Module 2 – File Systems
Resilient File System
In this exercise, you will configure ReFS volumes.
1. Login to LON-SVR1 as Administrator with the password Pa55w.rd. 2. In Server Manager, open Computer Management, and then access Disk Management. 3. Bring Disk 2 online. 4. Create a New Simple Volume on the disk. • Size in MB: 4000 • Drive letter: G: • File System: NTFS 5. Label: ReFS 6. Bring Disk 3 online. 7. Initialize the disk as MBR. 8. Create a New Simple Volume on the disk. • Size in MB: 4000 • Drive letter: F: • File System: ReFS • Label: ReFS 9. Open an Administrator Windows PowerShell window. 10. Use Get-Disk to obtain detailed disk information. Get-Disk | Sort-Object Number 11. Use Get-Volume to obtain a list of volumes, their labels, the file systems in use, the drive types, the health status, the space remaining, and the total size of each volume. Get-Volume | Sort-Object DriveLetter 12. Review the results and confirm that the F drive is a ReFS Volume.
13. Use Get-Partition to list all the disks and their associated partition numbers. Get-Partition 14. View the Help on Format-Volume. If prompted, don’t update the help files. Get-Help Format-Volume -Full 15. Use Format-Volume to change the G drive from NTFS to ReFS. Format-Volume –DriveLetter G –FileSystem ReFS 16. You may see a warning that all data on the volume will be lost.
NTFS Permissions
In this exercise, you will configure file and folder permissions. Specifically, you will create a new folder and restrict the permissions to the Research group.
Create folder and restrict access 1. Login to LON-SVR1 as Administrator with the password Pa55w.rd. 2. On the Local Disk (C:) create a new folder called Research. 3. Right-click the Research folder, and click Properties. 4. On the Security tab, click Advanced, and then Disable Inheritance. 5. Click Convert inherited permissions into explicit permissions on this object. 6. Select LON-SVR1\Users and click Remove. Do this for both instances of LON-SVR1\Users. You are removing all Users so you can set your own permissions. 7. Click Add, click Select a Principal, then enter Adatum\Research, and use Check Names to validate your entry. 8. Give the ADATUM\Research users Full Control. You are giving only members of the Research group control of this folder. Apply all your changes.
9. In File Explorer, right-click the Research folder, on the Sharing tab, share the folder. 10. By default, Everyone can see the shared folder. You want to change that. Click Advanced Sharing, and then Permissions. • Remove Everyone • Add Adatum\Research and give them Full Control. • Apply your changes.
Test folder access 1. Log out of LON-SVR1 and this time login again as ADATUM\Rosetta with password Pa55w.rd. 2. Open File Explorer and navigate to \\LON-SVR1\Research. 3. Rosetta is not a member of the Research group and should not be able to access the folder. 4. Sign out Rosetta and login to LON-SVR1 as ADATUM\Cai with password Pa55w.rd. 5. Cai is part of the Research group and should be able to access the folder.
File Server Resource Manager
In this exercise, you will install the FSRM role, create and test a quota, create and test a file screen, and generate a storage report.
Install the FSRM Role
1. Sign in to LON-SVR1 as Adatum\Administrator with the password Pa55w.rd. 2. In Server Manager, use the Add roles and features wizard to install the File Server Resource Manager. 3. This role is located under File and Storage Services, and then File and iSCSI Services. 4. After the role installs, use the Tools menu to open the File Server Resource Manager.
Create a Quota
1. In the File Server Resource Manager window, notice the five components that are part of this service. 2. Expand the Quota Management node, and then click Quota Templates. 3. Take a minute to review the preconfigured templates. Notice some are hard quotas and some are soft quotas. 4. Right-click the 100 MB Limit template, and then click Create Quota from Template. 5. Click Browse, select the C: drive, and the create a New Folder called Research. Click Yes to replace the existing Research folder when prompted. 6. In the Summary of quota properties window, notice the notifications that will be sent. 7. When you are ready, click Create. 8. Select the Quotas folder to view the newly created quota.
Test a quota
1. Open an elevated Windows PowerShell prompt. 2. Change directory to the C:\Resource folder. 3. Type fsutil to get the help for the command. Notice it can be used for quota management. 4. Try to create a file that is larger than 100MB.
Fsutil file createnew largefile.txt 123456789
3. Notice that the following message displays: "Error: There is not enough space on the disk.”
Create a file screen
1. In the File Server Resource Manager window, expand the File Screening Management node, and then click File Screen Templates. 2. Take a minute to review the different templates that are available. 3. Double-click the Block Image Files template. 4. Notice this template is configured for Active screening. Users will not be allowed to save unauthorized files. 5. Select Block image files is selected, and then click Edit. 6. Notice the different types of files that will not be allowed. Notice you can add and exclude file extensions. Specifically, notice bitmap (bmp) files are excluded. 7. Cancel your changes.
8. Right-click the Block Image Files template, and then Create file screen from template. 9. Browse to the C:\Research folder and Create your file screen. 10. Open the File Screens node and verify your new file screen was created. 11. Right-click the File Server Resource Manager (local) node, and then select Configure Options. 12. On the File Screen Audit tab, check the box for Record file screening activity in the auditing database. 13. Note: If you do not do this last step, your file screens will not appear in the storage reports. 14. While you are in the Configure Options page, browse to the other tabs to view the default FSRM settings. For example, on the Report Locations tab notice you can change where the storage reports are stored.
Test a file screen
1. Return to your PowerShell window. 2. Ensure you are in C:\Research. 3. Use the fsutil tool to create a bitmap file.
Fsutil file createnew test.bmp 123
4. Notice the Error: Access Denied. 5. If you have time, try creating a bitmap image in another folder. The file will be created without error.
Generate a storage report
1. Click Storage Reports Management, and then click Schedule a new report (action on the right side). 2. Give your report a name: Quotas and File Screens. 3. In the Select report to generate window select only File Screen Audit and Quota Usage. Notice the other reports that are available. 4. At the bottom of the window notice the different Report formats that are available. Leave DHTML selected. 5. On the Delivery tab, notice you can send email reports and notice where the reports will be saved. 6. On the Schedule tab, make a selection based on your organization and save your changes.
7. Select your Quotas and File Screens report, and then click Run report task now (action on the right side). 8. Read your choices and select Wait for reports to be displayed and then display them. 9. Open your reports in Internet Explorer and verify the file screen and quota events were recorded. 10. Note: If you do not see the file screen activity go back to steps 11 and 12 in the Create a file screen section. 11. Use File Explorer to access the saved reports. Notice the reports are organized by Interactive and Scheduled. 12. Sign out of LON-SV1. Click the End Lab button in the top right.
Module 3 – Securing Storage
Encrypting Files with EFS
In this exercise, you will use EFS to encrypt the contents of a file, and verify the file cannot be accessed by other users.
Note: The next exercise continues from this one so try to make sure you have time to complete both.
Review Certificates 1. Login to LON-SVR1 as Adatum\Administrator and password Pa55w.rd. 2. In the taskbar, click the Start icon, type certmgr.msc, and then press Enter. 3. Click Personal in the Certificates - Current User console, and verify that there are no items currently showing. 4. Minimize the Certificate Manager console.
Configure file permissions 1. Open File Explorer and create a folder C:\Research. 2. Right-click the Research folder, and click Properties. 3. On the Security tab, click Advanced, and then Disable Inheritance. 4. Click Convert inherited permissions into explicit permissions on this object. 5. Select LON-SVR1\Users and click Remove. Do this for both instances of LON-SVR1\Users. You are removing all Users so you can set your own permissions. 6. Click Add, click Select a Principal, then enter Adatum\Research, and use Check Names to validate your entry.
7. Give the ADATUM\Research users Full Control. You are giving only members of the Research group control of this folder. Apply all your changes. 8. Share the Research folder with the Research group, giving Read/Write permissions. 9. Log out of LON-SVR1.
Use EFS to encrypt a folder 1. Login to LON-SVR1 as Adatum\Cai with the password Pa55w.rd. Cai Chu is part of the Research group. 2. In File Explorer create a Cai folder in c:\Research. 3. In the folder create a text document and add some secret text. 4. Right-click the text document and select Properties. 5. In the Advanced settings select the Encrypt contents to secure data. Apply changes to the folder, subfolders, and files. 6. Notice Cai’s text document has an encrypted key icon. 7. View the Properties on the file and then click Details next to the encryption checkbox. 8. Notice Cai can access the folder and the Administrator has a recovery certificate. 9. Select the Windows icon and access the Certificate Manager by typing: certmgr.msc. 10. In certmgr, expand \Personal\Certificates and notice Cai has an EFS certificate. 11. Log out from LON-SVR1.
Test the encryption 1. Login to LON-SVR1 as Adatum\Connie with password Pa55w.rd. 2. Open File Explorer and try to open Cai’s encrypted file. Verify you receive an access denied message. 3. Create a new file in the \Research folder for Connie and encrypt the file. 4. Access the file Properties, view the Details, and click Add.
5. Notice that Cai has an EFS certificate. Add Cai to the file. This demonstrates how you can give access to an encrypted file. Notice only users with EFS certificates can be added. 6. Sign out Connie, and sign in as Cai. Verify Cai can access Connie’s encrypted file.
Enabling BitLocker (GUI)
In this exercise, you will enable BitLocker Drive Encryption, password protect a volume, store the recovery key in a file, and encrypt the drive.
Enable the BitLocker feature 1. Login to LON-SVR1 as Administrator with the password Pa55w.rd. 2. Open a Windows PowerShell window. 3. Install BitLocker Drive Encryption and include the management tools. Also, include a restart in the command as a restart is required after installation. Install-WindowsFeature BitLocker –IncludeManagementTools -Restart 4. While you wait, open Server Manager and the Add Roles and Features wizard. Locate where you would enable BitLocker through the wizard. 5. After the reboot login, again to LON-SVR1.
Encrypt a drive 1. On the Windows Desktop, select Control Panel, and then type BitLocker in the search box. 2. In the search results, click BitLocker Drive Encryption, Manage BitLocker. 3. If you do not see Manage BitLocker, then restart LON-SVR1. You can do so using the below command in Windows PowerShell. Restart-Computer 4. Open the BitLocker Drive Encryption Control Panel applet, notice the things you can encrypt: Operating system drive, Fixed data drives, and Removable data drives – BitLocker To Go. 5. Turn on BitLocker on the AllFiles (D:) drive. 6. What are the two ways you are offered to unlock the fixed data drive? Use a password and use my smart card. 7. Select Use a password to unlock the drive, use Pa55w.rd as the password, and click Next.
8. On this page, you will back up your recovery key. The recovery key is used if you forget your password or the smart card is not available. 9. What are the options for backing up the recovery key? Save to a USB flash drive, Save to a file, and Print the recovery key. 10. Save to a file on the Desktop. Use the filename provided. 11. Click Next, and Start encrypting.
Verify encryption and disable BitLocker 1. Notice your encrypted drive now has choices like Change password, Remove password, Add smart card, and Turn off BitLocker. 2. Turn off BitLocker. 3. Take a minute to open the recovery key file and read about how it is used.
Enabling BitLocker (PowerShell)
In this exercise, you will use Windows PowerShell commands to manage BitLocker.
1. Login to LON-SVR1 as Administrator with the password Pa55w.rd. 2. Open a Windows PowerShell prompt. 3. To see what BitLocker PowerShell commands are available type: Get-Command –Module BitLocker 4. Use the PowerShell Help to work through the following scenarios. For example, Get-Help Get-BitLockerVolume 5. Use Get-BitLockerVolume to get information about the status of BitLocker on the D: volume. Get-BitLockerVolume –MountPoint d: 6. Make sure the D: drive shows FullyDecrypted. 7. Use Enable-BitLocker to enable encryption on the D: drive. Use a recovery key protector with a recovery path of c:\. Encrypt only the used space.
Enable-BitLocker –Mountpoint d: -RecoveryKeyPath "c:\” – RecoveryKeyProtector -UsedSpaceOnly 7. Use Disable-BitLocker to turn off BitLocker on the d: drive. Disable-BitLocker "d:" 8. Use Enable-BitLocker to enable BitLocker on the d: drive. Use an Active Directory or Group Protector key. Specify the account of Adatum\Administrator. Note: Sometimes the UsedSpaceOnly parameter is required at the end of the command. Enable-BitLocker -MountPoint "d:" -EncryptionMethod Aes128 - AdAccountOrGroup "Adatum\Administrator" - AdAccountOrGroupProtector
After you decrypt a drive you may receive the following warning or error. The KeyProtector value is still present. You can remove the KeyProtector value by using the Remove-BitLockerKeyProtector cmdlet.
BitLocker Group Policy
In this exercise, you will explore the BitLocker Group Policy settings.
Note: To complete this exercise, make sure that LON-SVR1 has BitLocker installed.
1. Login to LON-DC1 as Administrator with the password Pa55w.rd. 2. Click Tools, and then select Group Policy Management. 3. Under Group Policy Objects, right-click the Default Domain Policy, and then click Edit. 4. Under Computer Configuration, expand Policies\Administrative Templates\Windows Components\BitLocker Drive Encryption.
5. Notice there are settings for Fixed Data Drives, Operating System Drives and Removable Data Drives. 6. Notice there are other settings outside the folders. All of these settings are domain wide settings. 7. Right-click Store BitLocker Recovery Information in Active Directory and Edit the settings. • Select the Enabled radio button. • Ensure Require BitLocker backup to AD DS is selected. • When you make this selection BitLocker recovery information is automatically and silently backed up to AD DS. • Apply your changes. 8. Open the Fixed Data Drives folder. Click the Configure use of password for fixed data drives setting. • Select the Enabled radio button. • Check the box for Require password for fixed data drive • Require password complexity with a minimum password length of 10. • Apply your changes and read about any other policies that are interesting to you. 9. Login to LON-SVR1 as Administrator with the password Pa55w.rd. 10. Use Windows PowerShell to update the group policy settings: gpupdate /force 11. Open File Manager, right-click the Allfiles (D:) drive, and Turn on BitLocker. 12. Set the password to unlock the drive to Pa55w.rd. 13. Note the message: The password provided does not meet the minimum length requirements. 14. This is because of the group policy settings you put in place.
BitLocker Recovery Mode
In this exercise, you will create a volume, use BitLocker to secure it, take the disk containing the volume offline, bring it back online, initiate BitLocker recovery, and use the password recovery file to unlock the volume.
Note: To complete this exercise, make sure that LON-SVR1 has BitLocker installed.
1. Login to LON-SVR1 as Administrator with the password Pa55w.rd. 2. In the Server Manager tools menu, select Computer Management, and then access Disk Management. 3. Right-click Disk2, select Initialize disk, and select GPT (GUID Partition Table). 4. Create a new Simple Volume of 100MB in size on one of the disks with unallocated space 5. Assign the next available drive letter to it and format it with NTFS. 6. In File Explorer, select your new volume, and Turn on BitLocker. • For the password use Pa55w.rd • Create the C:\Temp folder and back up the recovery key to that folder. • Encrypt the drive. • Verify your new volume has a lock icon on it. 6. From the Disk Management console, take the disk containing the encrypted volume offline. 7. Bring the disk back online. 8. Try accessing the volume from File Explorer. You should see the message box stating that the Location is not available and Access is denied. 9. In File Explorer, right-click on the drive icon representing the new volume and Select Unlock Drive. 10. Notice you could enter the password, but instead click More Options, and then Enter Recovery Key. 11. Obtain the recovery key from the recovery key file and unlock the drive.
The recovery key file was not encrypted and in plain sight on the shared drive. This is not a good practice.
Module 4 – Sharing Storage
NFS Shares (Server Manager and PowerShell)
In this exercise, you will configure and test a NFS file share.
Create a NFS share (Server Manager)
1. Login to LON-SVR1 as Administrator with the password Pa55w.rd.
2. In Server Manager, click File and Storage Services, and then click Shares. If you do not see this link, Refresh (circle containing two circular arrows) Server Manager.
3. Click Tasks, and then click New Share.
4. Select and read the description for NFS Share – Advanced.
5. Select NFS Share – Quick and read the description. Do you understand the different usage scenarios for Quick and Advanced?
• For the share location use a custom path: c:\users
• Name of the share is users
• Make a note of the remote path: LON-SVR1:/users
• Use Kerberos v5 authentication (krb5)
• On the Share Permissions page add host LON-DC1 with Read Only access.
• Notice the Permissions (Everyone has access), but do not make any changes.
• Create the share.
Create a NFS share (PowerShell)
1. Open PowerShell and view the available NFS commands.
Get-Command –Module NFS
2. View the Help on the New-NFSShare command. If prompted do not update the help files.
Get-Help New-NFSShare -showwindow
3. Use New_NFSShare to create a NFS Share for the c:\windows directory. Use Kerberos (krb5) authentication. Call the share windows.
New-NFSShare –Name windows –Path “c:\windows” –Authentication krb5
4. Notice the warning which means you need to set permissions.
5. Use Grant-NFSharePermission to give client LON-DC1, readonly permissions. LON-DC1 has a client type of host and you are setting permissions on the windows share.
Grant-NFSSharePermission –Name windows –ClientName “LON-DC1” –ClientType host –Permission readonly
6. Note that NFS permissions are granted to computers (rather than users). You can also use the NFSAdmin.exe utility.
7. Use Get-NFSShare to view information about your shares. You could also verify this with Server Manager.
Get-NFSShare
8. Confirm you have created two NFS shares (users and windows). One was created in Server Manager and the other was created with PowerShell.
Test the NFS shares
1. Open File Explorer and right-click c:\windows and view Properties.
2. Notice there is an NFS Sharing tab and that there is a Network path LON- SVR1:/windows. You will need this information to mount the drive.
3. Click Manage NFS Sharing. This is where you could modify your settings. Do not make any changes at this time.
4. Now that you've set everything up, it's time to test on a client.
5. Login to LON-DC1 as Administrator with the password Pa55w.rd.
6. Open a PowerShell prompt and install the Client for NFS feature.
Install-WindowsFeature NFS-Client
7. Open a Command Prompt and mount the new shared drives.
mount lon-svr1:/users u:
mount lon-svr1:/windows w:
8. Open File Explorer and verify both volumes are available. You could also at the command prompt change to the new directories and ensure there are no errors.
9. As you have time in File Explorer, right-click This PC, and then Map Network Drive. Configure you either of the NFS Shares so that the drive will Reconnect at sign-in. If you like, restart the machine and verify the drive persists.
SMB Shares (Server Manager and PowerShell)
In this exercise, you will create and test a SMB share using Server Manager and PowerShell.
Create an SMB share (Server Manager)
1. Login to LON-SVR1 as Administrator with the password Pa55w.rd.
2. In Server Manager, click File and Storage Services, and then Shares.
3. Click Tasks, and then click New Share.
4. Take a moment to read about each of the SMB Profiles (Quick, Advanced, and Application).
5. Select the SMB Share - Quick file share profile, and then click Next.
• Type a custom path: c:\perflogs
• Share name: Perflogs
• Notice the remote path to share: \\lon-svr1\perflogs
• Read about: Enable access-based enumeration, Allow caching of share, and Encrypt data access. None of these options are needed at this time.
• Customize permissions and note that Everyone has Full Control share-level permissions.
• Make sure that you click on the Share tab in the Advanced Security Settings for perflogs dialog box. Keep in mind that the folder has also NTFS level permissions and more restrictive permissions will take precedence.
• Create the share.
6. Open File Explorer and verify access to the share: \\lon-svr1\perflogs
Create an SMB share (PowerShell)
1. Open a PowerShell prompt.
2. View the SMB commands that are available.
Get-Command *-smb*
3. View the Help on New-SMBShare.
Help New-SMBShare –full
4. Use New-SMBShare to share the c:\util folder. Give read access to Everyone. Set the folder enumeration mode to access based. Call the share util. Note that this cmdlet sets permissions on the share level only.
New-SMBShare –Name util –Path “c:\util” –Readaccess Everyone – FolderEnumerationMode accessbased
5. Verify your SMB shares.
Get-SMBShare
6. Login to LON-DC1 as Administrator with the password Pa55w.rd.
7. Open File Explorer and enable network discovery.
8. Verify access to the share \\lon-svr1\util.
Folder Redirection
In this exercise, you will use Group Policy to configure folder redirection.
Create a shared folder 1. Sign in to LON-SVR1 as Adatum\Administrator with the password Pa55w.rd. 2. Open File Explorer, navigate to the C: drive, create a New Folder, and name the folder Redirect. 3. Right-click the Redirect folder, click Share with, and then click Specific people. 4. In the drop-down select Everyone, click Add, and give Everyone Read/Write permissions. 5. Share the folder.
Create a GPO to redirect the Documents folder 1. Sign in to LON-DC1 as Adatum\Administrator with the password Pa55w.rd. 2. In Server Manager, Tools menu, select Group Policy Management. 3. Expand Forest: Adatum.com, expand Domains, right-click Adatum.com, and then click Create a GPO in this domain, and Link it here. 4. Name the GPO Folder Redirection. 5. Right-click Folder Redirection, and then click Edit. 6. Navigate to User Configuration\Policies\Windows Settings, and then expand Folder Redirection. 7. Notice all the different items that can be redirected such as Desktop and Downloads. 8. Right-click Documents, and then click Properties. • Change the drop-down to Basic-Redirect everyone’s folder to the same location. Notice the other choices.
• Ensure that the Target folder location box is set to Create a folder for each user under the root path. Notice the other choices. • In the Root Path box, type \\LON-SVR1\Redirect • Notice that Clair’s folder would be redirected to \\LON- SVR1\Redirect\Clair\Documents. 9. Take minute to review the Setting tab and the options that are available. 10. Apply your changes. 11. Click OK, read the warning, and then click Yes.
Verify Folder Redirection 1. Sign in to LON-SVR1 as Adatum\Administrator with password Pa55w.rd. 2. Click the Windows icon (bottom left) and type: gpupdate /force 4. Confirm that the user will be logged off. 5. Sign in to LON-SVR1 as Adatum\Administrator with password Pa55w.rd. 6. Open File Explorer, right-click Documents, and then click Properties. 7. Notice the location of the folder is now the Redirect network share in a subfolder named for the user (administrator). 8. Note: You may need to sign out and sign in a second time. This will help to clear the cache. When the documents folder has a green icon, then the folder will be redirected.
9. As you have time, switch to LON-SVR1 and verify an Administrator folder was created in the Redirect share.