Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 132 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
132
Dung lượng
0,95 MB
Nội dung
10-43 How to Determine the Status of Disk Quotas You can determine the status of disk quotas in the Properties dialog box for a disk by checking status message to the right of the traffic light icon (refer to Figure 10-18). The color shown on the traffic light icon indicates the status of disk quotas as follows: ■ A red traffic light indicates that disk quotas are disabled. ■ A yellow traffic light indicates that Windows XP Professional is rebuilding disk quota information. ■ A green traffic light indicates that the disk quota system is active. How to Monitor Disk Quotas You use the Quota Entries For dialog box (refer to Figure 10-19) to monitor usage for all users who have copied, saved, or taken ownership of files and folders on the vol- ume. Windows XP Professional scans the volume and monitors the amount of disk space in use by each user. Use the Quota Entries For dialog box to view the following: ■ The amount of hard disk space that each user uses ■ Users who are over their quota warning threshold, signified by a yellow triangle ■ Users who are over their quota limit, signified by a red circle ■ The warning threshold and the disk quota limit for each user Guidelines for Using Disk Quotas Use the following guidelines for using disk quotas: ■ If you enable disk quota settings on the volume where Windows XP Professional is installed, and your user account has a disk quota limit, log on as Administrator to install additional Windows XP Professional components and applications. In this way, Windows XP Professional will not charge the disk space that you use to install applications against the disk quota allowance for your user account. ■ You can monitor hard disk usage and generate hard disk usage information with- out preventing users from saving data. To do so, clear the Deny Disk Space To Users Exceeding Quota Limit check box when you enable disk quotas. ■ Set more-restrictive default limits for all user accounts, and then modify the limits to allow more disk space to users who work with large files. ■ If multiple users share computers running Windows XP Professional, set disk quota limits on computer volumes so that disk space is shared by all users who share the computer. Lesson 3 Managing Disk Quotas 10-44 Chapter 10 Managing Data Storage ■ Generally, you should set disk quotas on shared volumes to limit storage for users. Set disk quotas on public folders and network servers to ensure that users share hard disk space appropriately. When storage resources are scarce, you might want to set disk quotas on all shared hard disk space. ■ Delete disk quota entries for users who no longer store files on a volume. You can delete quota entries for a user account only after all files that the user owns have been removed from the volume or after another user has taken ownership of the files. Practice: Managing Disk Quotas In this practice, you configure default quota management settings to limit the amount of data users can store on drive C (their hard disk drive). Next, you configure a custom quota setting for a user account. You increase the amount of data the user can store on drive C to 10 MB with a warning level set to 6 MB. Finally, you turn off quota manage- ment for drive C. Note If you did not install Windows XP Professional on drive C, substitute the NTFS parti- tion on which you did install Windows XP Professional whenever drive C is referred to in the practice. Exercise 1: Configure Quota Management Settings In this exercise, you configure the quota management settings for drive C to limit the data that users can store on the volume. You then configure custom quota settings for a user account. To configure default quota management settings 1. Log on with an account that is a member of the Administrators group. 2. Use the User Accounts tool in Control Panel to create a user account named User5 and assign it a Limited account type. 3. In Windows Explorer, right-click the drive C icon, and then click Properties. Windows XP Professional displays the Local Disk (C:) Properties dialog box with the General tab active. 4. Click the Quota tab. Notice that disk quotas are disabled by default. 5. In the Quota tab, select the Enable Quota Management check box. Notice that by default, the Do Not Limit Disk Usage option is selected. ! 10-45 6. Click Limit Disk Usage To. 7. What is the default disk space limit for new users? 8. Click Do Not Limit Disk Usage. If you want to place the same quota limit on all users of this computer, you use the Limit Disk Usage To option. 9. Select the Deny Disk Space To Users Exceeding Quota Limit check box. 10. Select the Log Event When A User Exceeds Their Quota Limit and Log Event When A User Exceeds Their Warning Limit check boxes, and then click Apply. Windows XP Professional displays the Disk Quota dialog box, telling you that you should enable the quota system only if you will use quotas on this disk volume and warning you that the volume will be rescanned to update disk usage statistics if you enable quotas. 11. Click OK to enable disk quotas. 12. What happens to the quota status indicator? To configure quota management settings for a user 1. In the Quota tab of the Local Disk (C:) Properties dialog box, click Quota Entries. Windows XP Professional displays the Quota Entries For Local Disk (C:) dialog box. 2. Are any user accounts listed? Why or why not? 3. On the Quota menu, click New Quota Entry. Windows XP Professional displays the Select Users dialog box. 4. In the Name text box, type User5, and then click OK. Windows XP Professional displays the Add New Quota Entry dialog box. 5. Click Limit Disk Space To. What are the default settings for the user you just set a quota limit for? Lesson 3 Managing Disk Quotas 10-46 Chapter 10 Managing Data Storage 6. Increase the amount of data that the user can store on drive C by changing the Limit Disk Space To setting to 10 MB and the Set Warning Level To setting to 6 MB. 7. Click OK to return to the Quota Entries For Local Disk (C:) window. 8. Close the Quota Entries For Local Disk (C:) window. 9. Click OK to close the Local Disk (C:) Properties dialog box. 10. Log off. 11. Log on as User5. 12. Start Windows Explorer and create a User5 folder on drive C. 13. Insert the CD-ROM you used to install Windows XP Professional into your CD- ROM drive. 14. If a dialog box appears as a result of inserting the CD-ROM, close it. 15. Copy the i386 folder from your CD-ROM to the User5 folder. Windows XP Professional begins copying files from the i386 folder on the CD- ROM to a new i386 folder in the User5 folder on drive C. After copying some files, Windows XP Professional displays the Error Copying File Or Folder dialog box, indicating that there is not enough room on the disk. 16. Why did you get this error message? 17. Click OK to close the dialog box. 18. Right-click the User5 folder, and then click Properties. Notice that the Size On Disk value is slightly less than your quota limit of 10 MB. 19. Delete the User5 folder. 20. Close all open windows and log off. Exercise 2: Disable Quota Management 1. Log on with an account that is a member of the Administrators group. 2. Start Windows Explorer. 3. Right-click the drive C icon, and then click Properties. Windows XP Professional displays the Local Disk (C:) Properties dialog box with the General tab active. 4. Click the Quota tab. 10-47 5. In the Quota tab, clear the Enable Quota Management check box. All quota settings for drive C are no longer available. 6. Click Apply. Windows XP Professional displays the Disk Quota dialog box, warning you that if you disable quotas, the volume will be rescanned if you enable them later. 7. Click OK to close the Disk Quota dialog box. 8. Click OK to close the Local Disk (C:) Properties dialog box. 9. Close all windows and log off Windows XP Professional. Lesson Review Use the following questions to help determine whether you have learned enough to move on to the next lesson. If you have difficulty answering these questions, review the material in this lesson before beginning the next lesson. You can find answers to these questions in the “Questions and Answers” section at the end of this chapter. 1. What is the purpose of disk quotas? 2. Which of the following statements about disk quotas in Windows XP Professional is correct? (Choose the correct answer.) a. Disk quotas track and control disk usage on a per-user, per-disk basis. b. Disk quotas track and control disk usage on a per-group, per-volume basis. c. Disk quotas track and control disk usage on a per-user, per-volume basis. d. Disk quotas track and control disk usage on a per-group, per-disk basis. 3. Which of the following statements about disk quotas in Windows XP Professional is correct? (Choose all that apply.) a. Disk quotas can be applied only to Windows XP Professional NTFS volumes. b. Disk quotas can be applied to any Windows XP Professional volume. c. You must be logged on with the Administrator user account to configure default quota management settings. d. Members of the Administrators and Power Users groups can configure quota management settings. Lesson 3 Managing Disk Quotas 10-48 Chapter 10 Managing Data Storage 4. You get a call from an administrator who cannot delete a quota entry for a user account. What would you tell the administrator to check? Lesson Summary ■ Use Windows XP Professional disk quotas to allocate disk space usage to users. Windows XP Professional disk quotas track and control disk usage on a per-user, per-volume basis. You can set disk quotas, quota thresholds, and quota limits for all users and for individual users. You can apply disk quotas only to Windows XP Professional NTFS volumes. ■ You can set identical quotas for all users or you can configure different quotas for individual users. ■ You can determine the basic status of the quota management system by looking at the traffic light indicator and the status text display on the Quota tab of a volume’s Properties dialog box. ■ You can monitor disk quotas by using the Quota Entries For dialog box, which you access by clicking Quota Entries on the Quota tab of a volume’s Properties dialog box. ■ There are a number of guidelines you should follow when using disk quotas. The most important guideline is that installing applications can use up disk quotas rap- idly, so you should log on as an administrator without quota limits to install appli- cations. 10-49 Lesson 4: Increasing Security by Using EFS Encryption is the process of making information indecipherable to protect it from unau- thorized viewing or use. A key is required to decode the information. The Encrypting File System (EFS) provides encryption for data in NTFS files stored on disk. This encryp- tion is public key–based and runs as an integrated system service, making it easy to man- age, difficult to attack, and transparent to the file owner. If a user who attempts to access an encrypted NTFS file has the private key to that file (which is assigned when the user logs on), the file can be decrypted so that the user can open the file and work with it transparently as a normal document. A user without the private key is denied access. Windows XP Professional also includes the Cipher command, which provides the capability to encrypt and decrypt files and folders from a command prompt. Windows XP Professional also provides a recovery agent, a specially designated user account that can still recover encrypted files if the owner loses the private key. After this lesson, you will be able to ■ Describe EFS. ■ Encrypt folders and files. ■ Decrypt folders and files. ■ Control encryption from the command line by using the Cipher command. ■ Create an EFS recovery agent. Estimated lesson time: 40 minutes Overview of EFS EFS allows users to encrypt NTFS files by using a strong public key–based crypto- graphic scheme that encrypts all files in a folder. Users with roaming profiles can use the same key with trusted remote systems. No administrative effort is needed to begin, and most operations are transparent. Backups and copies of encrypted files are also encrypted if they are in NTFS volumes. Files remain encrypted if you move or rename them, and temporary files created during editing and left unencrypted in the paging file or in a temporary file do not defeat encryption. You can set policies to recover EFS-encrypted data when necessary. The recovery pol- icy is integrated with overall Windows XP Professional security policy (see Chapter 16, “Configuring Security Settings and Internet Options,” for more on security policy). Con- trol of this policy can be delegated to individuals with recovery authority, and different recovery policies can be configured for different parts of the enterprise. Data recovery discloses only the recovered data, not the key that was used to encrypt the file. Several protections ensure that data recovery is possible and that no data is lost in the case of total system failure. Lesson 4 Increasing Security by Using EFS 10-50 Chapter 10 Managing Data Storage EFS is configured either from Windows Explorer or from the command line. It can be enabled or disabled for a computer, domain, or organizational unit (OU) by resetting recovery policy in the Group Policy console in Microsoft Management Console (MMC). You can use EFS to encrypt and decrypt files on remote file servers but not to encrypt data that is transferred over the network. Windows XP Professional provides network protocols, such as Secure Sockets Layer (SSL) authentication, to encrypt data over the network. Table 10-4 lists the key features provided by Windows XP Professional EFS. Security Alert Even when you encrypt files, an intruder who accesses your computer can access those files if your user account is still logged on to the computer. Be sure to lock your console when you are not using the computer, or configure a screensaver to require a pass- word when the computer is activated. If the computer is configured to go to standby mode when it is idle, you should require a password to bring the computer out of standby. These precautions are particularly important on portable computers, which people are more likely to leave unattended while the user is logged on. Table 10-4 EFS Features Feature Description Transparent encryption In EFS, file encryption does not require the file owner to decrypt and re-encrypt the file on each use. Decryption and encryption happen transparently on file reads and writes to disk. Strong protection of encryption keys Public key encryption resists all but the most sophisticated methods of attack. Therefore, in EFS, the file encryption keys are encrypted by using a public key from the user’s certificate. (Note that Windows XP Professional and Windows 2000 use X.509 v3 certificates.) The list of encrypted file encryption keys is stored with the encrypted file and is unique to it. To decrypt the file encryption keys, the file owner sup- plies a private key, which only he or she has. Integral data-recovery system If the owner’s private key is unavailable, the recovery agent can open the file using his or her own private key. There can be more than one recovery agent, each with a different public key, but at least one pub- lic recovery key must be present on the system to encrypt a file. Secure temporary and paging files Many applications create temporary files while you edit a document, and these temporary files can be left unencrypted on the disk. On computers running Windows XP Professional, EFS can be imple- mented at the folder level, so any temporary copies of an encrypted file are also encrypted, provided that all files are on NTFS volumes. EFS resides in the Windows operating system kernel and uses the nonpaged pool to store file encryption keys, ensuring that they are never copied to the paging file. 10-51 How to Encrypt a Folder The recommended method to encrypt files is to create an encrypted folder and place files in that folder. To encrypt a folder, use these steps: 1. In Windows Explorer, right-click the folder and click Properties. 2. In the Properties dialog box for the folder, on the General tab, click Advanced. 3. In the Advanced Attributes dialog box (refer to Figure 10-14), select the Encrypt Contents To Secure Data check box, and then click OK. 4. Click OK to close the Properties dialog box for the folder. The folder is now marked for encryption, and all files placed in the folder are encrypted. Folders that are marked for encryption are not actually encrypted; only the files within the folder are encrypted. Exam Tip Compressed files cannot be encrypted, and encrypted files cannot be com- pressed with NTFS compression. After you encrypt the folder, when you save a file in that folder, the file is encrypted using file encryption keys, which are fast symmetric keys designed for bulk encryption. The file is encrypted in blocks, with a different file encryption key for each block. All the file encryption keys are stored and encrypted in the Data Decryption field (DDF) and the Data Recovery field (DRF) in the file header. Caution If an administrator removes the password on a user account, the user account will lose all EFS-encrypted files, personal certificates, and stored passwords for Web sites or net- work resources. Each user should make a password reset disk to avoid this situation. To cre- ate a password floppy disk, open User Accounts and, under Related Tasks, click Prevent A Forgotten Password. The Forgotten Password Wizard steps you through creating the password reset disk. How to Decrypt a Folder Decrypting a folder or file refers to clearing the Encrypt Contents To Secure Data check box in a folder’s or file’s Advanced Attributes dialog box, which you access from the folder’s or file’s Properties dialog box. Once decrypted, the file remains decrypted until you select the Encrypt Contents To Secure Data check box. The only reason you might want to decrypt a file is if other people need access to the folder or file—for example, if you want to share the folder or make the file available across the network. ! Lesson 4 Increasing Security by Using EFS 10-52 Chapter 10 Managing Data Storage How to Control Encryption From the Command Line by Using the Cipher Command The Cipher command provides the capability to encrypt and decrypt files and folders from a command prompt. The following example shows the available switches for the Cipher command, which are described in Table 10-5: cipher [/e | /d] [/s:folder_name] [/a] [/i] [/f] [/q] [/h] [/k] [file_name [ ]] If you run the Cipher command without parameters, it displays the encryption state of the current folder and any files that it contains. You can specify multiple file names and use wildcards. You must put spaces between multiple parameters. How to Create an EFS Recovery Agent If you lose your file encryption certificate and associated private key through disk fail- ure or for any other reason, a user account designated as the recovery agent can open the file using his or her own certificate and associated private key. If the recovery agent is on another computer in the network, send the file to the recovery agent. Table 10-5 Cipher Command Switches Switch Description /e Encrypts the specified folders. Folders are marked so any files that are added later are encrypted. /d Decrypts the specified folders. Folders are marked so any files that are added later are not encrypted. /s Performs the specified operation on files in the given folder and all subfolders. /a Performs the specified operation on files as well as folders. Encrypted files could be decrypted when modified if the parent folder is not encrypted. Encrypt the file and the parent folder to avoid problems. /i Continues performing the specified operation even after errors have occurred. By default, Cipher stops when an error is encountered. /f Forces the encryption operation on all specified files, even those that are already encrypted. Files that are already encrypted are skipped by default. /q Reports only the most essential information. /h Displays files with the hidden or system attributes, which are not shown by default. /k Creates a new file encryption key for the user running the Cipher command. Using this option causes the Cipher command to ignore all other options. file_name Specifies a pattern, file, or folder. [...]... the More Options tab in the Disk Cleanup For dialog box (see Figure 1 0-2 5) The available options are explained in Table 1 0-1 0 F10us 25 Figure 1 0-2 5 tures Use the More Options tab of the Disk Cleanup For dialog box to access additional fea- Lesson 5 Table 1 0-1 0 Maintaining Disks with Disk Defragmenter, Check Disk, and Disk Cleanup 1 0-6 5 Additional Features on the Disk Cleanup More Options Tab Option Description... File menu, click Properties, and in the General tab, click Disk Cleanup The Disk Cleanup dialog box is shown in Figure 1 0-2 4, and its options are explained in Table 1 0-9 Lesson 5 Maintaining Disks with Disk Defragmenter, Check Disk, and Disk Cleanup 1 0-6 3 F10us24 Figure 1 0-2 4 Table 1 0-9 Use Disk Cleanup to remove unnecessary files from a volume Disk Cleanup Deletion Options Check box Description Downloaded... click Check Now Select one of the options on the Check Disk dialog box shown in Figure 1 0-2 3 The options are explained in Table 1 0-7 F10us23 Figure 1 0-2 3 Use Check Disk to analyze and fix the file structure on a volume Lesson 5 Table 1 0-7 Maintaining Disks with Disk Defragmenter, Check Disk, and Disk Cleanup 1 0-6 1 Check Disk Options Check box Description Automatically Fix File System Errors Select... data verification, and free space verification You can also use the command-line version of Check Disk The command-line syntax for Chkdsk is as follows: Chkdsk [volume[[path]filename]]] [/f] [/v] [/r] [/x] [/i] [/c] [/l[:size]] The switches used by Chkdsk are explained in Table 1 0-8 1 0-6 2 Chapter 10 Managing Data Storage Table 1 0-8 Chkdsk Switches Switch Description filename Specifies the file or set... access to the file is denied 23 Click Cancel 24 Close all open windows and dialog boxes 25 Log off Lesson Review Use the following questions to help determine whether you have learned enough to move on to the next lesson If you have difficulty answering these questions, review Lesson 4 Increasing Security by Using EFS 1 0 -5 5 the material in this lesson before beginning the next lesson You can find answers... command ■ Windows XP Professional also provides a recovery agent If an owner loses the private key, the recovery agent can still recover the encrypted file Lesson 5 Maintaining Disks with Disk Defragmenter, Check Disk, and Disk Cleanup 1 0 -5 7 Lesson 5: Maintaining Disks with Disk Defragmenter, Check Disk, and Disk Cleanup Windows XP Professional saves files and folders in the first available space on a hard... Programs, pointing to Accessories, pointing to System Tools, and then clicking Disk Defragmenter The Disk Defragmenter dialog box is split into three areas, as shown in Figure 1 0-2 1 1 0 -5 8 Chapter 10 Managing Data Storage F10us21 Figure 1 0-2 1 Use Disk Defragmenter to defragment a volume The upper portion of the dialog box lists the volumes that you can analyze and defragment The middle portion provides a graphic... Display band provides a graphic representation of the defragmented volume Additionally, you can view a report showing files that could not be defragmented Lesson 5 Maintaining Disks with Disk Defragmenter, Check Disk, and Disk Cleanup 1 0 -5 9 Figure 1 0-2 2 shows the Disk Defragmenter dialog box after you have analyzed the C drive Windows XP Professional displays another Disk Defragmenter dialog box, indicating... tab of Folder Options, you must select the Enable Offline Files and the Synchronize All Offline Files Before Logging Off check boxes (see Figure 1 0-2 6) F10us26 Figure 1 0-2 6 Use the Offline Files tab in the Folder Options dialog box to enable offline files 10 -7 0 Chapter 10 Managing Data Storage On the Offline Files tab, you can click Delete Files to delete the locally cached copy of a network file Click... Folder Options, and then click the Offline Files tab Go to Step 5 5 Select the Enable Offline Files check box 6 Ensure that the Synchronize All Offline Files Before Logging Off check box is selected, and then click OK Your computer is now configured so that you can use offline folders and files Lesson 6 Configuring Offline Folders and Files 1 0-7 5 7 Close the My Computer window Exercise 2: Configure Offline . usage on a per-user, per-disk basis. b. Disk quotas track and control disk usage on a per-group, per-volume basis. c. Disk quotas track and control disk usage on a per-user, per-volume basis. d of inserting the CD-ROM, close it. 15. Copy the i386 folder from your CD-ROM to the User5 folder. Windows XP Professional begins copying files from the i386 folder on the CD- ROM to a new i386. only the files within the folder are encrypted. Exam Tip Compressed files cannot be encrypted, and encrypted files cannot be com- pressed with NTFS compression. After you encrypt the folder, when