|
When planning your Active Directory
deployment, the filesystem the operating system uses is an important
concern for many reasons. First, the filesystem can provide the
ultimate level of security for all of the information stored on the
server itself. Second, it is responsible for managing and tracking all
of this data. Furthermore, certain features are available only on
certain filesystems. These features include encryption support, remote
file access, remote storage, disk redundancy, and disk quotas.
The Windows Server 2008 platform supports two filesystems:
The fundamental difference between FAT32 and NTFS
partitions is that NTFS allows for filesystem-level security. Support
for FAT32 is mainly included in Windows Server 2008 for backward
compatibility and machines that need to dual-boot.
For example, if you want to configure a single computer to boot into
Windows 98 and Windows Server 2003, you need to have at least one FAT
or FAT32 partition.
Windows Server 2008 uses Version 5 of NTFS. There are many other benefits to using NTFS, including support for the following:
Disk quotas In order to restrict the amount of disk space
used by users on the network, systems administrators can establish disk
quotas. By default, Windows Server 2008 supports disk quota
restrictions at the volume level. That is, you can restrict the amount
of storage space a specific user uses on a single disk volume.
Third-party solutions that allow more granular quota settings are also
available.
Filesystem encryption One of the fundamental problems with network
operating systems (NOSs) is that systems administrators are often given
full permission to view all files and data stored on hard disks, which
can be a security and privacy concern. In some cases, this is
necessary. For example, in order to perform backup, recovery, and disk
management functions, at least one user must have all permissions.
Windows Server 2008 and NTFS address these issues by allowing for
filesystem encryption. Encryption essentially scrambles all of the data
stored within files before they are written to the disk. When an
authorized user requests the files, they are transparently decrypted
and provided. By using encryption, you can prevent the data from being
used in the case where it is stolen or intercepted by an unauthorized
user, even a system administrator.
Dynamic volumes Protecting against disk failures is an important
concern for production servers. Although earlier versions of Windows NT
supported various levels of Redundant Array of Independent Disks (RAID)
technology, software-based solutions had some shortcomings. Perhaps the
most significant was that administrators needed to perform server
reboots to change RAID configurations. Also, you could not make some
configuration changes without completely reinstalling the operating
system. With Windows Server 2008's support for dynamic volumes, systems
administrators can change RAID and other disk configuration settings
without needing to reboot or reinstall the server. The end result is
greater data protection, increased scalability, and increased uptime.
Mounted drives By using mounted drives, systems administrators
can map a local disk drive to an NTFS directory name. This helps them
organize disk space on servers and increase manageability. By using
mounted drives, you can mount the C:\Users directory to an
actual physical disk. If that disk becomes full, you can copy all of
the files to another, larger drive without changing the directory
pathname or reconfiguring applications.
Remote storage Systems administrators often notice that as soon
as they add more space, they must plan the next upgrade. One way to
recover disk space is to move infrequently used files to tape. However,
backing up and restoring these files can be quite difficult and time
consuming. Systems administrators can use the remote storage features
supported by NTFS to automatically off-load seldom-used data to tape or
other devices, but the files remain available to users. If a user
requests an archived file, Windows Server 2008 can automatically
restore the file from a remote storage device and make it available.
Using remote storage like this frees up systems administrators' time
and allows them to focus on tasks other than micromanaging disk space.
Self-Healing NTFS In previous versions of the Windows Server operating system, if you had to fix a corrupted NTFS volume, you used a tool called Chkdsk.exe.
The disadvantage of this tool is that the Windows Server's availability
was disrupted. If this server was your domain controller, that could
stop domain logon authentication.
To help protect the Windows Server 2008 NTFS
filesystem, Microsoft now uses a feature called self-healing NTFS.
Self-healing NTFS attempts to fix corrupted NTFS filesystems without
taking them offline. Self-healing NTFS allows an NTFS filesystem to be
corrected without running the Chkdsk.exe utility. New features added to the NTFS kernel code allow disk inconsistencies to be corrected without system downtime.
1. Setting Up the NTFS Partition
Although the features mentioned in the previous
section probably compel most systems administrators to use NTFS, more
reasons make using it mandatory. The most important reason is that the
Active Directory data store must reside on an NTFS partition.
Therefore, before you begin installing Active Directory, make sure you
have at least one NTFS partition available. Also, be sure you have a
reasonable amount of disk space available (at least 4GB). Because the
size of the Active Directory data store will grow as you add objects to
it, also be sure you have adequate space for the future.
Exercise 1 shows you how to use the administrative tools to view and modify disk configuration.
|
Before you make any disk configuration changes, be
sure you completely understand their potential effects; then, perform
the test in a lab environment and make sure you have good, verifiable
backups handy. Changing partition sizes and adding and removing
partitions can result in a total loss of all information on one or more
partitions.
|
|
If you want to convert an existing partition from FAT or FAT32 to NTFS, you need to use the CONVERT command-line utility. For example, the following command converts the C: partition from FAT to NTFS:
CONVERT c: /fs:ntfs
Click Start => Administrative Tools => Computer Management. Under the Storage branch, click Disk Management.
The Disk Management program shows you
the logical and physical disks that are currently configured on your
system. Note that information about the size of each partition is also
displayed (in the Capacity column). Use the View menu to choose various depictions of the physical and logical drives in your system. To
see the available options for modifying partition settings, right-click
any of the disks or partitions. This step is optional. If
the partition you are trying to convert contains any system files or
the Windows Server 2008 virtual memory page file, a message informs you
that the conversion will take place during the next machine reboot.
After the partition is converted to NTFS, the computer automatically
reboots again, and you will be able to continue using the system.
|
|
Windows Server 2008 allows you to convert existing
FAT or FAT32 partitions to NTFS. However, this is a one-way process.
You cannot convert an NTFS partition to any other filesystem without
losing data. If you need to make such a conversion, the recommended
process involves backing up all existing data, deleting and
reformatting the partition, and then restoring the data.
|
|
|
Only the Windows NT, 2000, XP, Vista, 2003,
and 2008 operating systems (all based on the original NT architecture)
can read and write to and from NTFS partitions. Therefore, if you are
using other operating systems on the same computer, be sure you fully
understand the effects of converting the filesystem. |
|
