Microsoft Azure AZ-800 — Section 18: Configure and manage Windows Server file shares
137. Configure Windows Server file share access
It’s now time to talk about the concept of dealing with file shares when it comes to a Windows server now. This a feature that’s been around for decades now. In fact, it’s really one of the very first things anybody ever wanted to do when they had a server, which was share files, right? Have a central place where folders and files can be stored and then have a way to share those out with your end users, right? So you really don’t need much at all on a server to get this to work. Ultimately, all the different file systems can support it in windows. There are some benefits, ups and downs that you can utilize depending upon what file systems you have, but I’m not going to talk about that just yet. Ultimately, though, I write out of the gates with a server. I can create file shares just through the file system directly, or you can actually go into server manager. And if you got the certain got the file server role, then you can essentially do some fancy things later.
So let’s look at some of the basic ways of dealing with file shares first. And then I’ll look at doing this to server manager.
OK, so, I’m just going to open up my file explorer here. Go to my C drive. And one thing I can do is I could just create a folder.
OK, so, for example, maybe I’ve got a folder called sales data.
OK? Perhaps this for salespeople. And I’ve got some data in there, we’ll just call this stats. Maybe, there’s some kind of sales, you know, numbers that we’re trying to share out with our salespeople. I’m just throwing in random numbers there to say I’ve got some information. But from there right now, if somebody was to connect to the server, they wouldn’t see that folder, right? Like if you were to if you were to add another, if you were at a client computer or something and you typed Backslash Backslash NYC server one, or if you browsed across the network, you wouldn’t see that folder OK. There is some folders that I’ve created I’ve had in some earlier videos, but you don’t see the sales data file, right? So one way I can share the folder out as I can right click it and I can say, give access to now. This really sort of Microsoft’s end user a way of sharing a folder. This not what I would call the I.T. way of doing it, but you can say specific users. And from there, you can say everyone or find a specific person that you’re wanting to or agree that you’re wanting to give access to, right? And then from there, you could add that you could add that group like inside sales, for example. And then you could say, give me the read write, OK, so that is the basic way to do it. All right. Another way you can do it is right click and go to properties and go to sharing and you can click share and it’s going to take you to the same thing. The basic way? Now what I would say the is the it way to do it would be to do it through advanced settings.
So through advanced settings, I can share the folder. I could actually change the name of the folder, at least how it’s seen when somebody connects to it. You can even put a dollar sign there, which makes it what we call a hidden share, which means in order for somebody to get to it, they’d have to type that exact name in in order to get to it.
So, backslash, backslash, you know, NYC server one slash sales data dollar sign, they have to type that in to get there. They will just browse across the network here and see it.
OK. The other thing is you can limit the number of simultaneous users if you want, which is kind of nice. You can do what’s called offline caching, which I’m not going to explain right now, but you also can set permissions.
OK? And so from there, I could go here and I could add, you know, sales, the sales support or inside sales or whatever. Actually, I guess I said inside sales earlier, right? So there we go inside sales and I could remove the everyone group, which would make it work. Not everybody gets access right. Maybe, I’m going to give inside sales change and maybe I’ve got a domain admins and all that. I’m going to give domain admins full control so, they can do what they want. I’m not really explaining permissions here right now, so, I want to make that very clear. This not the video. This not a video on permissions per se. This just sharing the folder.
So, I’m going to click OK there and I’m going to click their click close.
Now, if somebody was to connect to the server across the network and want to see server one, I want you to notice that the folder is now officially shared out, right? So their sales data.
So that’s a very basic way you can do it. Very common way you can do it. You can. In four years, there’s been ways to see shares like, for example, I can right click start, I can open up computer management. Microsoft has a little tool in computer management, and it’ll give you a quick glimpse of your shared folders.
OK. And this has been around for a long time. I can see that I can see anybody who’s connected to the shares. I could see if there’s any files open. You can even disconnect people from shares, which is nice. If you ever had to remember being an admin back in the late 90s, early 2000s before shadow copies came out and having to disconnect users from a file server because our backup tool would have to go and backup and it couldn’t backup if people were connected.
So, I used to use that to do that. But we don’t necessarily have to do that anymore because we have volume shadow servers. We can backup things while they’re being used, but you can disconnect people that way.
So, you know, these methods have been around for a very long time.
OK? Very, very long time.
Now, more recently, Microsoft has implemented the server manager way of dealing with this.
So let’s take a look at how we can do this to server manager.
OK, so, we can get into server managers by clicking start and then going the server manager.
OK.
So server manager is will pop up on your screen here, and you’re going to notice that I’ve already got file and storage services installed.
OK. But if you were to need to add anything there, you can go to manage. You can go to ADM’s and features. You can click Next, Next, next and then from file and storage services. This where you can add any additional features that you want.
OK, which I’m not getting in all these features right this very minute, but this where you can add additional. The main thing we want is the file server support, which we’ve got.
OK, but if you didn’t. Have that you could go ahead and add it? So now that we have that, we can go over to file and storage services. We can see all file servers here that that we’ve linked into this screen. We can see what volumes we have on the machine.
OK.
So this will get into not even the local volumes, all. Also, if you have a storage area network, then these would show up here. Tiny volumes that you’ve got, you’ve got what is known as your disks, right? Tells you how many disk you can see. I’ve only got one disk currently in this machine. Right? But if I had multiple, you’d uses zero and you’d see one and so on and so forth.
OK. And then from there, I can look at what’s called storage pools, which I’m not explaining storage pools right now. This a way of dealing with the virtual storage, which is really cool. Main thing we’re talking about is shared shares, so, I want to focus on that. And as you can see, there’s the shared folders that I’ve got available, including the one I just created.
OK.
So from there I can now. If I wanted to, I could share a folder through this tool, right? All I got to do is go up here to task.
So go to task. New share brings up a wizard.
OK, so the other thing to realize about when it comes to sharing in Windows is Windows uses a protocol that is used since the 1980s, back before when Windows really came out. When Microsoft was first dipping their toe in to the networking world in the 80s late 80s, mostly they came out with a protocol called SMB Server Message Block Server Message Block uses port for four or five, and that is what you generally use in the Windows world when communicating, and you can actually support this with Linux and the Macintosh. There’s a Linux and Macintosh support something called Samba, which is kind of a play on words with SMB to allow them to actually communicate with Windows machines as well. Although you can also use in NFS now, which was a newer feature a few years ago, which is really cool because that’s a native Unix Linux Macintosh based share.
So, if you want to create one that’s native to those operating systems, you can do it that way.
So here you’ll see that you have SMB share if you want to create a quick share, and it tells you that this a suiTable for just general file sharing. You can enable some advanced options later if you need to, or you can go to advance and it’s going to go ahead and try to get you to configure some of the advanced options from within the share. And then you can also create a share that’s built for applications, which I tell you this good if you are setting something up in Hyper-V for Hyper-V databases and application related services and then you’ve got the NFS NFS options, which I’m not really getting into, but that’s involving the Linux world mostly. All right, so just clicking to create a quick share. If I click next on that, I select my server us like the volume the share is going to be on. If you wanted to set a custom path and not the specific drive letter you could, you can put a custom path in there from there and give it a name.
OK, maybe I’m going to call this some. Let’s call it finance data. All right. And then we’ll click next, and then from there, we can say enable access based enumeration.
OK, so what are these feature? These are these are some neat features that we can turn on number one, access based enumeration. This going to make it where when users connect to the share, they can only see data that they have at least read access to.
So, it’s going to hide everything else from your users.
So, it’s a really nifty little feature that we can do. We’ve also got a large cache of caching of the share. This means that users can cache the folder off-line, and even if they’re not connected to the network, they can save it offline and it’ll synchronize when they come back. This not a great idea if you’ve got to share with multiple users or sharing, because you could have a situation where multiple users have cash to share, they’re using it offline. And then when they connect back in, they end up synchronizing and then you end up having a conflict. And usually it’s the last person wins is the one that ends up getting synchronized.
So, it’ll have people’s day to get over it and it becomes a problem. Although it will ask the user if they want to overwrite the data, which is good, and then you’ve got to encrypt dataccess.
So this going to go ahead and encrypt the datas well, if you want. All right.
So those are some of the things you can do. Click next and then you can set your permissions here.
So just like you can set permissions through the other screen, you can actually set it through here. All right. Specific groups or whatever you want to, you want to get permission to do, then you would click next and you would click to create. And at that point, you’ve now got a financial year and you’ll notice that it creates a little folder called shares and it stores it inside there.
So, if I actually go to my C drive here and let’s go here and then back, you’ll see there’s a shared vault shares folder in the finance data. Nothing in it at the moment, but there we go. Xn the share.
OK. All right.
So that’s how we can essentially create a basic share through the server manager.
OK, so, I’m going back up to task. Click New Share. This time we’ll go with advanced and you’re going to notice if we try to go with advance, we get a problem. We have a problem. And the problem is, is that it’s not going to let us click next. Let me tell you why. It’s not because we don’t have something called file. Several resource manager in files of a resource manager is going to let you create these things called file screens and quotas and all of that, which is really cool. But I can’t obviously create a share if I don’t have that install, so not actually installing it in this video, but I just wanted to throw that out there.
OK. I can also click on applications. Click Next on that. Same thing here. I can call this like Web app data. Perhaps this for some kind of Web application. Click next and you’ll notice you can’t use an access base enumeration for that because it’s a web related thing. The web server is the one that should deal with, you know, hiding stuff. And so you could actually have some problems. Are you using like a web application or something trying to use access based enumeration, which is why it’s best to use this option and I could encrypt the data if I want.
So there’s that and then I can set whatever permissions that I want to customize and configure here.
OK.
So, if there’s like a certain web server, something that needed access to this, you could specify that. Just remember, though, when you whenever you do that, you’re going here, you’re selecting a security principle. If you are going to give a web server like the actual server access, you need to always click on object types and then click computers, OK and then go from there. All right. That’s how you’re going to be able to add a server to that.
OK. Again, not getting into permissions. This video is not not about permissions, so, I want to make that clear. We’re not really talking about permissions here, but just learning how to share.
OK, then we’re going to click next and then we click to create. We created this.
So really, there’s not a big difference between doing it the basic way or the application way. The most the most important thing is that there’s a couple of features that don’t need to be enabled if you’re doing that sort of like a web server or something like that. All right. All right.
So that is how we can create a share for an application.
OK. The advanced we’ve got to have a fossil resource manager installed for Oriente, but for the application, we could do that now. The other thing, of course, is we’ve got good old PowerShell, right? PowerShell is another one that we can use.
OK.
So actually, if we go to Google, there is a command again. My goal in teaching you guys is to also show you that it’s not about memorizing thousands of commands. The key here is to be able to understand commands and also know to look, help look up, help for commands.
So, if we wanted to create a share, there’s a command called New -SMB share. If we do a quick Google search on that, you’ll see that there’s a help article, and I’m a big advocate for always pulling up the Help article on a command. If you’re getting ready, use a command if you’re not real sure how to use it.
So here’s an example they have some examples on this new SMB share named VM files the path where you want that to be if you want to set, you know, full access permissions. That’s how you’re going to do that.
OK.
So, you know, if you want to create a if you want to actually create a share with a with with this PowerShell command, you can do that. Another option here. This encrypting it by one or two new -SMB share share sharing data path, you know, encrypt, encrypt it on the copy that one and here’s one create it in with multiple permissions.
So always check out these you know, these help articles because they’re really, really helpful. And then I’ll just right click and paste. And I didn’t actually mean to hit Enron that that was an accident.
So let’s try that again. Pull this up real quick. Because it’s got to apparently it’s it’s auto. Yeah, that was the problem, I copy too much of it.
So, we’ll just copy that. Go right here. It’s pasted in and it will just alter this, so, instead of J. Colon slash data will say see colon slash datand hit Enter system cannot find the file specified. And so why is it doing that? Well, it’s doing that because there’s actually not a folder called data, right? So, if I want, I can simply go here and I can say in CD-R, this create a folder called data. There’s political data.
Now we’ll just hit the up arrow, hit Enter. And there you go. We’ve now officially created the share.
So, if we go right here to File Explorer, let’s just see if it’s there. All right.
So there it is. Good properties of it, click sharing. There it is. As you can see, it is sheered out and permissions within setting permissions, so, it just gave everybody access and that’s the default for that. All right.
So that is another way that we can see shares as well. All right. There’s also get SMB share. If you want to see all the shares that are available, you can see the shares are available, including the hidden shares like Seed Our Sun, which is great for admins if they want to, if they want to connect into a server and see the C drive or drive or whatever they can write. But ultimately, that those are the different ways that we can work with shares on a Windows server.
138. Installing File Server Resource Manager (FSRM)
It’s no time to play around with a really cool feature that Windows servers have called file server resource manager, also known as FS Aughrim. This service is going to allow us to create these things called file screens and set disk quotas. File folders on our environment and control have a little bit more control over what users cando, how much data they can store and what kinds of files they can store, and all that fun stuff.
So. To do that, though, we need to install FSR in first.
So, we’re going to go into server manager here. Go to the Manage ADM’s and features. Click Next, Next, next. And we’re going to expand file and storage services. And from there, file in I scuzzy services and you’ll see the file server resource manager option right there.
So, I’m going to select that would add features. Click Next. Next in install, we’re going to let the snow install and all pulse recording, all that’s happening. All right.
So once that’s done, I’m just going to hit close and to get into followsr resource manager, I can click tools and open it up right here. And that was the point of this video. I just wanted to show you how to get that installed.