Windows 2022 Archives | FolderSecurityViewer Blog

Windows Server 2022: How to set up disk quota

August 16, 2022/0 Comments/in HowTo, Storage, Windows 2022 /by Carsten

Following our disk quota overview article, we will now look at how to set up and configure a simple use case for quota management in Windows Server 2022.

At the most basic level, quotas can be applied to an entire disk volume for specified users or everybody.
Note: The best practice is to refrain from enabling disk quotas on the drive where the operating system is installed. In our examples below, an additional drive has been connected where the permissions will be applied.

Disk quotas for all users

In our first example, we will enable disk quotas for all users accessing the server.

To enable this, open Windows Explorer.
Select This PC.

Right-click on the drive where the quota will be enabled and select Properties.

Under Properties, select the Quota tab.
Tick the box next to Enable the quota management.
Tick the box next to Deny disk space to users exceeding the quota limit.

Select the radio button Limit disk space to (This will allow setting a disk limit and warning level.)
Select a value and select KB, MB, or GB from the dropdown as per requirements.
Click Apply and restart the computer.

All users accessing this disk will now be limited to the storage limit applied.

Disk quotas for specific users

In our second example, we will enable disk quotas for specific users accessing the server.

To enable this, open Windows Explorer.
Select This PC.

Right-click on the drive where the quota will be enabled and select Properties.

Under Properties, select the Quota tab.
Tick the box next to Enable the quota management.
Tick the box next to Deny disk space to users exceeding the quota limit.
Select the radio button Limit disk space to (This will allow setting a disk limit and warning level. )
Select a value and select KB, MB, or GB from the dropdown as per requirements.
Click Apply.
Click on the Quota Entries button.
When the Quota Entries open, select Quota on the top left and click New Quota Entry.
Enter a username to search for and click Check Names.
In our example, we have created a local user on the server with the name “Quota.”
When the name is found, click OK.
A pop-up will appear to apply a quota.
Select the radio button next to Limit disk space to (This will allow setting a disk limit and warning level. )
Select a value and select KB, MB, or GB from the dropdown as per requirements.
Select the desired values and click OK.
A new quota has been applied for the specified user.

Conclusion

Now that quotas are in place, limits can easily be increased or decreased in both scenarios.
Should you no longer wish to limit space, untick the two tick boxes in reverse order.
First, untick Deny disk space to users exceeding quota limit, and then untick Enable quota management.

Windows Server 2022: Disk Quota Overview

July 20, 2022/0 Comments/in Storage, Windows 2022 /by Carsten

What is disk quota management?

Disk quota management is a feature in Windows Server 2022 to impose limits on how much storage a user account is allowed to utilize.

Why is disk quota management critical?

Managing the amount of space that a user may use, as well as enforcing a policy of the type of files they may save, assists the IT administration team in ensuring that the available storage space is not used disproportionately by a small number of users.

What file systems support disk quotas?

Disk quotas can be managed in both Windows and Linux systems.
For Windows systems, Windows Server 2000 or newer is required and only supports the NTFS file system.
For Linux systems, ext2, ext3, ext4, and XFS filesystems are supported.

Who can enable disk quotas?

Any member of the administrator group can enable this feature for the organization.

What types of limits are available?

There are two types of limits. Soft and hard.
Soft limits can be exceeded with warnings.
Hard limits cannot be exceeded.

Practical example

In this scenario, we have three user accounts allocated an equal amount of storage space on our server.
Each user account has been given a soft limit of 8 GB.
Each user account has been given a hard limit of 10 GB.

User 1 is on 7.9 GB and saves one file of 200 MB.
This now takes the current disk usage to 8.1 GB.
User 1 will receive a warning that they have exceeded the soft limit but can continue to save information.

User 1 ignores the soft limit and attempts to save a 3 GB file.
As User 1 is currently on 8.1 GB, this would require up to 11.1 GB.
User 1 will receive an error message due to insufficient space.
User 1 has three options:

Delete enough files to free up the required space.
Move ownership to User 2 or User 3.
Request additional space from the IT administrator.

Conclusion

Control of shared storage space is invaluable to the IT administration team.
Please refer to our step-by-step guide on how to implement disk quotas on Windows Server 2022 next.

WINDOWS SERVER 2022: ACTIVE DIRECTORY BACKUP AND RESTORE

July 2, 2022/0 Comments/in Active Directory, HowTo, Windows 2022 /by Carsten

Microsoft’s Active Directory is one of the most widely used directory services. This service is an excellent way to manage small to enterprise-scale organizations.
Ensuring that you have a working backup is vital to business continuity.

Let’s discuss a basic example of backing up and restoring.

To be able to follow along with this, you will need to have a Windows server with Active Directory already set up. Please refer to our guide here.
A second hard drive attached to the machine is also required.

Windows Server Backup

Windows Server Backup is free with Windows Server and will be used for this example. The general ideas of the solution would be the same even if other backup software were used.

Installing Windows Server Backup

Open the Server Manager, select Manage and then Add Roles and Features.

When the wizard opens, click Next.

Select the radio button for Role-based or feature-based installation and click Next.

If only one server exists, the correct one will already be selected.
If there is more than one server, ensure the correct one is selected.
Click Next.

No changes need to be made to the server roles page; click Next.

On the features page, scroll down and select Windows Server Backup.

Once the tick mark shows in the box, click Next.

As this is a test environment, the option to restart automatically was selected.
Note: Use automatic restart with caution in a production environment.

If the automatic restart was selected, select Yes and then click Next.

The Windows Server Backup feature will now install.

Windows Server Backup: Once-off

Once the installation has been completed, there are multiple ways to open Windows Server Backup.
The application can be found on the start menu, in the Tools list in Server Manager, and via the command line.

Once open, select Local Backup on the left.

Once loaded, select Backup Once on the right.

In the backup wizard, ensure Different options are selected and click Next.

Select the Custom radio button and click Next.

Click Add Items

Tick the box next to System state and click Ok.

For the destination, select Local drives and click Next.

The wizard should automatically select the second hard drive.
Should this not occur, select the correct drive from the drop-down list and click Next.

The wizard will confirm that only the system state is to be backed up. Click Backup.

The backup will run. Once completed, click Close.

The one-off backup is now complete.

Windows Server Backup: Scheduled

In the Windows Server Backup client, select Backup Schedule on the right-hand side.

When the wizard opens, click Next.

In this example, we will select a Full server backup and click Next.

For our lab, one daily backup is sufficient.
Select a suitable time for the backup to run and click Next.

To back up to the second hard drive, select Back up to a hard disk and click Next.

Click the option to Show All Available Disks.

Tick the box next to the disk where the backup will run and click Ok.

Once back at the disk selection, ensure the box is ticked next to the disk and click Next.

As this is a complete system backup, Windows will need confirmation to remove the drive so backups can be added.

Note that Windows will prompt you to format the disk. Click Yes.

Click Finish to create the scheduled backup.

Note: Once-off backups and scheduled backups cannot reside on the same drive.

Active Directory Restore

In our example, we’ve created a user account. This user account was then erroneously deleted.
Note: For this example, we will restore from the system state backup above.

As visible in the below screenshot, the user is no longer visible.

To restore our missing user, we must restart our Domain Controller in safe mode.
Open the run command, type MSConfig, and click Ok.

When the System Configuration opens, select the Boot tab.
On the boot page, tick the box next to Safe boot and ensure the Active Directory repair radio button is ticked, then click Ok.

Click Restart

After restarting into safe mode, only some of the domain services are running.
If you try to log in with a domain account, it will fail with the below error.
Click Ok.

Select Other user on the lower left of the login screen.

Log in to the server with the local administrator account from server installation.
Login requires the format of .\admin_account_name (the .\ changes log-in from the domain to the local computer).

To confirm that the server has started in Safe mode, note the text in the four corners.

To restore the deleted user account, open Windows Server Backup.

Once open, select Local Backup on the left-hand side and choose Recover on the right-hand side.

When the wizard opens, select This server and click Next.

Select an appropriate backup to restore from and click Next.

Select System state and click Next.

Select the radio button to restore to the Original location, tick the box to perform an authoritative restore, and click Next.

Click Ok on the warning.

Confirm that the wizard will restore the system state and click Recover.

The wizard will warn against canceling or pausing the recovery; confirm by clicking Yes.

The recovery process will take some time to complete.

Once complete, the wizard will offer a restart option.
Do not select this.
Open the run command again, enter MSConfig and click Ok.

Navigate to the Boot tab again.
Untick the box next to Safe boot and click Ok.

Select Restart.

After restarting, log in again with a domain administrator account, not the local administrator account used during the previous restore steps.

After login, a message will prompt that the recovery has been completed successfully.
Hit Enter to continue.

To confirm that the restore was successful, navigate to the Active Directory Users and Computers.

When opening the Users, we can see that the user account has been restored.

Conclusion

The ability to back up and restore Active Directory is crucial to any disaster recovery plan. Ensure that backups are created regularly. Restores should also be tested regularly to ensure no corruption.
Wherever possible, have multiple domain controllers running to minimize downtime in the event of failure.

WINDOWS SERVER 2022: INSTALLING ACTIVE DIRECTORY

June 12, 2022/0 Comments/in Active Directory, HowTo, Windows 2022 /by Carsten

Microsoft’s Active Directory (AD) offers many global corporations an enterprise-grade Single Sign-On environment.
Knowing how to configure this on the latest version of Windows Server will always benefit any IT professional.
In this article, we will discuss the initial setup of Active Directory.

Note 1: This was set up in a test environment; please always be cautious while working in a production environment.
Note 2: IP addresses listed are from the test environment; please ensure to match your environment.

Prerequisites

Processor

A 1.4 GHz 64-bit processor compatible with the x64 instruction set.
Support NX (no execution) and DEP (Data Execution Prevention).
Supports second-level address translation such as EPT and NPT.

RAM

At least 512MB (if a server with a desktop environment is installed, a minimum of 2GB is needed).
RAM with error-correcting code (ECC).

Storage

PCI Express storage adapter.
Hard disks can have a minimum partition requirement of 32GB.

Network

Any adapter that can use gigabit throughput.
PCI Express compliant adapter.
A card that supports a Pre-Boot Execution Environment (PXE).
A network debugging-enabled card is desirable but not a requirement.

Installation

To install Active Directory, Server 2022 must be installed and fully updated.

After the updates are installed, open the Server Manager application.
Once open, select the Ethernet connection so a static IP address relevant to the environment can be set.

Select the Ethernet adapter and open the Properties.
Under properties, select the TCP/IPv4 and click Properties.

Select the radio button to Use the following IP address.
Specify a free IP address in the network, as well as the subnet mask and correct default gateway, and click OK

Next, select the computer name under the Server Manager to change it.
The server will need a valid name before installing Active Directory.

On the System Properties window that opens, select Change.

Create a meaningful name for the server in our example DC1 and click OK.

Click Ok to acknowledge that the computer needs to be restarted.

Click Restart Now

After restart, the new IP address and computer name are visible when checking the Server Manager.

In the Server Manager, select Manage, and then Add Roles and Features

The wizard will give basic information; click Next.

Select Role-based or feature-based installation and click Next.

Should there be multiple servers in the environment, ensure the correct server is selected and click Next.
Should there only be one server, the above can be ignored. Just click Next.

On the server roles list, select Active Directory Domain Services.

Leave the tick box ticked to Include management tools, and click Add Features.

Active Directory Domain Services will now be ticked. Click Next.

For the Features, click Next with no changes.

The Active Directory Domain Services will make some suggestions that are very important for production environments, namely:
Install a minimum of two domain controllers so users can log in even if there is a server outage.
A Microsoft DNS server must be set up in the network.
Click Next.

Ticking the option to restart automatically for test environments will speed up the installation process. This should be used with caution for production environments.
Click Install.
If the option to restart was selected, click Yes to allow the automatic restart.

Installation of the Active Directory Domain Services will now run.

Once completed, select the option to Promote this server to a domain controller.

As this is a new domain, we will create a new forest.
For the root domain name, it is best to use a subdomain of an existing public FQDN (Fully Qualified Domain Name).
For example, adtest.foldersecurityviewer.com.
Should you not have a public domain, replacing the .com on the end with .local will work for test domains.

When setting up the domain controller for the first time, certain decisions will need to be made.
Forest Functional Level is the minimum Operating System version for all servers in all sub-domains.
Domain Functional Level could be set higher than the Forest level, but not lower.

Conclusion

We hope that this guide will help you on your journey to Active Directory setup and administration.

How to close open files on Windows Server 2022

May 15, 2022/0 Comments/in HowTo, Windows 2022 /by Carsten

Every Microsoft Windows Server system administrator will, at least once, encounter a situation where a file is open on a server and need to check which process or user opened it.

These open files can cause problems such as upgrade errors, maintenance errors, reboot hold up, etc.

A typical example is an end-user opening a shared file, and no other users can access it.

Below we will discuss different options to close open files and processes.

These steps work with Microsoft Windows Server 2008, 2012, 2016, 2019, 2022, Windows 10, and Windows 11.

VIEW OPEN FILES ON A SHARED FOLDER

Right-click on the start menu and select Computer Management.

Alternatively, search for:

compmgmt.msc

Click on Shared Folders, and then Open Files.

This menu displays open shared files, the user who opened it, possible locks, and the mode opened in.

Right-click on a file and select Close open File.

USE WINDOWS TASK MANAGER

Task Manager cannot close opened shared files, but it can end running processes on the system.

Task Manager can be accessed via Control + Alt + Delete and select Task Manager, or right-click the taskbar and select Task Manager.

Under the Processes tab, you will see all running processes. To terminate a running process, right-click it and select End Process.

RESOURCE MONITOR

Resource Monitor is accessed by typing “resource monitor” in a start menu search box or opening the task manager, clicking the performance tab, and clicking Open Resource Monitor.

When Resource Monitor opens, it will show tabs, and one, needed for this operation is Disk.

The Resource Monitor shows disk activity and processes, files that are open, process ID number, read and write bytes per second, etc. This information is helpful to identify open files and running processes.

POWERSHELL CMDLET

In most cases, PowerShell is better than GUI-based applications. Multiple commands can be used to close open files and processes.

There is more than one solution with PowerShell scripts, and administrators without experience in scripting are recommended to use GUI options instead.

Below are some possible solutions with PowerShell.

The following examples are for Server Message Block (SMB) supported systems.

This cmdlet can be used when a small number of known open files should be closed. It is, as usual, used from elevated PowerShell and applies to a single file ( note that all unsaved data on open files will not be saved).

 Close-SmbOpenFile -FileId ( id of file )

Confirm

Are you sure you want to perform this action?

Performing operation ‘Close-File’ on Target ‘( id of file)’.

[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is “Y”): N

Closing files for a specific session can be achieved with the below-edited script.

 Close-SmbOpenFile -SessionId ( session id )

This command closes all open files under the ID of the specific session.

The other variation of the same cmdlet applies to a file name extension ( for example, DOCX).

The command will check all opened files with DOCX extension on all system clients and force close it. Unsaved changes on open files will not be saved.

 Get-SmbOpenFile | Where-Object -Property ShareRelativePath -Match ".DOCX" | Close-SmbOpenFile -Force

POWERSHELL SCRIPT

PowerShell scripts can automate closing open files and stopping running processes.

The below example script enables closing a file specified by path. This path needs to be provided in the script.

There is more than one solution with PowerShell scripts, and administrators without experience in scripting are recommended to use GUI options instead.

$blok = {$adsi = [adsi]"WinNT://./LanmanServer"

$resources = $adsi.psbase.Invoke("resources") | Foreach-Object {

  New-Object PSObject -Property @{

  ID = $_.gettype().invokeMember("Name","GetProperty",$null,$_,$null)

  Path = $_.gettype().invokeMember("Path","GetProperty",$null,$_,$null)

  OpenedBy = $_.gettype().invokeMember("User","GetProperty",$null,$_,$null)

  LockCount = $_.gettype().invokeMember("LockCount","GetProperty",$null,$_,$null)

}

}

$resources | Where-Object { $_.Path -like '*smbfile*'} |ft -AutoSize

$resources | Where-Object { $_.Path -like '*smbfile*'} | Foreach-Object { net files $_.ID /close }

}

Invoke-Command -ComputerName pc1 -ScriptBlock $blok

COMMAND LINE

From a standard Command Prompt, the Net File command can be used to close open files. To run this remotely, Psexec.exe is required

Net File command can list all open shared files and the number of file locks per file. This command can be used to close files and remove file locks ( similar to the previous SMB example).

 C:>net file [id [/close]]

RELEASE A LOCKED FILE

Should users encounter an error that a file is locked, an administrator will be able to resolve this by opening the Microsoft Management Console

Search for:

mmc

Select File, then Add/Remove Snap-in and add the Shared Folders snap-in.

This snap-in can be run on a local computer or a remote computer.

Select locked/open file, right-click and select Close open file.

THIRD-PARTY TOOLS

Below is a list of some of the most commonly used third-party applications for managing open files.

PSFILE

PsFile is part of the PSTools package from Microsoft Sysinternals. This tool is similar to the Net File mentioned earlier.
This tool gives the ability to connect to a remote server and see open files.
Note: Unlike Net File, this tool cannot truncate file names.

 psfile [\\RemoteComputer [-u Username [-p Password]]] [[Id | path] [-c]]

Sysinternals website: https://docs.microsoft.com/en-us/sysinternals/

Process Explorer

Another featured application from Microsoft Sysinternals. This advanced Task Manager can close open files, amongst many other features.
Sysinternals website: https://docs.microsoft.com/en-us/sysinternals/

OpenedFilesView

This single-executable application shows all open files and gives the ability to close open files and end processes. Though not explicitly listed on the website, this has been successfully tested on Windows Server 2022.
OpenedFilesView website: https://www.nirsoft.net/utils/opened_files_view.html

Lockhunter

Primarily used for deleting blocked files, it is also possible to use Lockhunter as a workaround to unlock files. Though not explicitly listed on the website, this has been successfully tested on Windows Server 2022.
Lockhunter website: https://lockhunter.com/

UnLock IT

Another popular tool designed to close open and locked files is UnLockIT. Though not explicitly listed on the website, this has been successfully tested on Windows Server 2022.

UnLock IT website: https://emcosoftware.com/unlock-it

Long Path Tool

Unlike the other utilities listed here, Long Path Tool is a shareware program. As the name suggests, it helps fix issues when a file path is too long. Those issues include not being able to copy, cut, or delete the files in question because their path is too long. This application does require the Dot Net 3.5 feature to be installed in order to run on Microsoft Windows Server 2022.
With so many features, the functionality in this tool could be overkill for this specific purpose, but worth mentioning as it is a quality tool for all system administrators.

Long Path Tool website: https://longpathtool.com/

What is Hotpatch on Windows Server 2022

April 5, 2022/0 Comments/in Windows 2022 /by Carsten

Microsoft has released a new feature for Windows Server 2022 called Hotpatch. Let’s look at what this feature is, why you want to use it, and how easy it is to set up.

What is Hotpatch?

Hotpatching is the ability of an operating system to update without ending running applications or rebooting. The process is designed to be invisible so guest virtual machines can be updated without downtime to the system’s end-users. Microsoft has used this feature on the underlying infrastructure that runs the Azure service, but it is now available for customer use. This feature is only available on Windows Server 2022 Datacenter: Azure Edition (Server Core).

How does Hotpatching work?

Hotpatching relies on regularly updated Cumulative Updates referred to as baselines. Baselines come in two flavors, planned and unplanned.

Planned baselines: These Cumulative Updates are released at regular intervals. They contain updates that require rebooting. In between these releases, hotpatches that do not require reboots are deployed.
Unplanned baselines: These updates are released for urgent patching, for example, zero-day fixes. These require reboots as they would include all the Cumulative Updates for the current month.

All eligible virtual machines will be automatically patched outside of peak hours. The virtual machine health service will monitor platforms to detect the success or failure of the hotpatch installation.

How to set up a Hotpatch eligible VM

To create a virtual machine that can use the new hotpatch method:

Sign in to the Azure portal: https://portal.azure.com/

Either use the search field or click on the Virtual Machines icon

Click the dropdown and create an Azure virtual machine.

Under the VM creation, fill out the required information on the Basics page, but most importantly, select an image for Windows Server 2022 Azure Edition Core.

Follow the prompts in the wizard and select the desired configuration for Disks and Networking.

On the Management tab, scroll down to the Guest OS Updates.
Ensure Azure-orchestrated is selected.

Complete the Advanced page and Tags page in the wizard and complete the creation.

Conclusion

Hotpatching is an excellent new feature that allows security updates to be installed far quicker and with fewer business interruptions. It is, however, important to note that reboots are still required for non-security updates.

File Server Resource Manager on Windows Server 2022

March 4, 2022/0 Comments/in Windows 2022 /by Carsten

In Windows Server 2022, File Server Resource Manager is the feature available to system administrators that gives the ability to set quotas and limit the types of files that can be saved to a file server.

File Server Resource Manager was initially released by Microsoft in 2005 for Windows Server 2003 to offer administrators greater control than the default Windows Explorer.

File Server Resource Manager’s Five Main Features

Quota Management

Limit the allowed space on folders and volumes.
Define quota templates on folders and volumes.

File Classification Infrastructure

Manage data effectively with automated classification.
Automatically or manually update selected folder or file properties.
Some policy examples would be file expirations, file encryption, and restricting access with dynamic access control.

File Management Tasks

Application of actions or conditional policies depending on file classification.
- Conditions can include: Location
- Classification properties
- Creation date
- Date last modified
- Date last accessed
- File management tasks can: Run custom commands
- Run file encryption
- File expiration

File Screening Management

Controls types of files that can be stored on the file server.
Limit file extensions, for example, block MP3 files from being saved to the server.

Storage Reports

Identify disk usage trends.
Monitor selected users attempting to save unauthorized files.

All these features can be configured via the graphical interface or via PowerShell.

File Server Resource Manager Examples

Allow or deny access based on the location of data on the file server.
Expire files that have not been modified in a specified time.
Create quotas with warnings when a specified percentage of storage has been used.
Scheduled reporting on usage.
Prevent specified file types from being saved to shared locations.
Classify data with multiple identifiers.

File Server Resource Manager Advantages

Advanced Quota Management

File Server Resource Manager offers centralized quota management for volumes, folders, and files. Multiple quotas can be applied to different paths within a volume. Quota templates assist to simplify management of both soft and hard quotas.

Content Regulation

In addition to managing quotas, there is a need to regulate the types of files that can be stored on file shares. This could be in the form of blocking executables that could contain malicious code, blocking content that could infringe on copyrights, or even specifying file extensions such as allowing only *.docx and blocking *.doc.

Reports On Utilization of Storage

File Server Resource Manager is currently able to generate the below reports:

Location of files
File duplication
Last accessed date
Last modified date
File types
Properties of files
Properties of folders
Least accessed files
Recently accessed files
Quota usage

Easy File Location

Files can be sorted in a wide variety of ways, for example, name, time created, properties, etc

File Server Resource Manager Installation

The File Server Resource Manager can be installed via the Graphical User Interface (GUI) installation or PowerShell.

PowerShell Installation

Open PowerShell, and enter the below command to install the File Server Resource Manager:

Install-WindowsFeature -Name FS-Resource-Manager, RSAT-FSRM-Mgmt

No reboot is necessary after installing this feature.

Graphical User Interface Installation

Follow the below steps to install via the GUI:

Open the Server Manager.
Click “Manage.”

Next, click “Add Roles and Features.”

If prompted with the “Before You Begin” screen, click “Next.”

Then select “Role-based or feature-based installation” and click “Next.”

Select the server where the feature will be installed and click “Next.”

Expand “Select Server Roles,” then expand “File and Storage Services.”

Now expand “File and iSCSI Services.”

Select the “File Server Resource Manager” and click “Next.”

Select “Add Features”

Click “Next.”

Start the installation process by clicking “Install.”

Once complete, select “Close.”

File Server Resource Manager is now installed.

Template Creation

Quotas setting requires a template to be created. This template can be custom or from a predefined template within the File Server Resource Manager.

Quotas management can be simplified by changing templates. In addition, centralizing control of quotas makes enforcement of storage policy rules easy.

To create a quota template:

Open the File Server Resource Manager.
Expand the “Quota Management” in the left-hand pane.

Right-click “Quota Templates.”

Select “Create Quota Template.”

Mandatory fields for creating a template are the name, space limit, and selecting either a hard or soft quota.

Hard quotas will not allow users to exceed the limits.
Soft quotas will allow users to exceed limits but will produce a warning.

To set threshold notifications, select “Add.”
Configure the options.
Select “OK.”

Quota Creation

After setting up the quota template or using a default quota template, create the quota.

Quota creation steps:

Right-click on the File Server Resource Manager’s dashboard “Quotas.”
Select “Create Quota.”
On the “Create Quota” window, in the “Quota path” section, select “Browse.”

Browse to the path that requires quota enablement

Select “Create quota on the path” or “Auto apply template and create quotas on existing and new subfolders…” option.

To only apply a quota to the top-level folder, select the first option.
To apply the quota to a folder and all subfolders, select the second option.

Select “Derive properties from this quota template”.
Select the previously created template.
Select “Create.”

File Server Resource Manager’s dashboard will show the new quota where limits are applied.

File Screening Configuration

To create a file screening template, select “Action.”

Next, select “Create File Screen Template.”

In the new window that opens up, configure the desired options and click “OK.”

Report Generation

File Server Resource Manager allows a variety of reports to be generated.
For example, disk usage or monitoring groups of users to check for non-compliance.

To create reports:

Select “Storage Reports Management.”

Click “Action.”

Choose “Schedule a New Report Task.”

Create a unique name for the report.

Select the desired information the report should contain.

Choose a file format to save the output to.

Click “OK.”

Conclusion

The above examples will give you a good starting point to manage your Microsoft Windows Server 2022 storage. Once you are comfortable with these, explore more advanced options such as file classification.

Installing Docker on Windows Server 2022

February 21, 2022/0 Comments/in Windows 2022 /by Carsten

Docker was initially created as a Linux-based containerization solution. Docker has since expanded to include Microsoft operating systems.

Since Windows Server 2019, there has been a greater effort to address inconsistencies between Windows and Linux Docker hosts. Windows Server 2022 takes this process even further.

Docker installation requirements on Windows Server 2022

Docker containers on Windows come in two flavours:

Process isolation: Containers and OS share the host kernel.
Hyper-V: This offers secure kernel options and greater compatibility.
To enable this feature requires Hyper-V to be enabled on the host.

Hyper-V is optional during installation but is necessary to run containers in isolation mode.

OS builds are a very important factor when setting up containerization. A guest OS needs to be an equal or lower build to the host operating system.

Docker installation for Server 2022

Before installing Docker, Windows Server 2022 requires the Containers feature to be enabled.

To do this:

Open the Windows Server Manager
Select Manage
Select Add Roles and Features

Click Next on the Before You Begin page.

Select the name of the server where the feature will be installed and click Next

No selections are to be made on the Server Roles page; simply click Next.

On the Features page, tick the box next to Containers and click Next.

Click Install

Once the feature has been installed, click Close.

Note: This will trigger a system reboot.

After the system has rebooted, run PowerShell as an administrator.

Run the below command:

Install-Module -Name DockerMsftProvider -Repository PSGallery –Force

When prompted for the NuGet installation, type Y and hit Enter.

Next run the below command to install the latest Docker version:

Install-Package -Name docker -ProviderName DockerMsftProvider

When prompted for the NuGet installation, type A to install all and hit Enter.

Once installation is completed, the installed Docker version will show.

Another way to check the Docker build is to run the below PowerShell command:

Docker --version

Running your first Docker container on Server 2022

To get started with your first container on Windows Server 2022, do the below:

Ensure the Docker service is running via PowerShell

Get-Service Docker

Download a sample container

Docker pull mcr.microsoft.com/dotnet/samples:dotnetapp

The previous command will download the image.

Test the container with:

Docker run –rm mcr.microsoft.com/dotnet/samples

Seeing the below output will confirm that the container successfully ran.

Conclusion

We hope that this guide simplifies your journey into containerization.

Windows Server 2022 – New Features

December 4, 2021/0 Comments/in Windows 2022 /by Carsten

Microsoft released its latest server operating system, Windows Server 2022, on 18 August 2021. With this release came a variety of new features in four areas:

Hybrid Azure Integration
Security
Application platforms
Other

We’ll investigate each area in more detail below.

Hybrid Azure Integration

Azure Arc allows on-premises Windows servers and those hosted in other cloud environments to be managed as a resource in Azure, thereby giving a consistent experience managing native and hybrid systems.

Windows Admin Center ships with new features to enable, and report on, the new secured-core feature discussed below.

Specific to Windows Server 2022 Datacenter: Azure Edition is a new feature for patching guest virtual machines without requiring a restart.

Security

Secured-core servers rely on hardware, firmware, and drivers working together with the operating system to enable high-security features to provide additional security against sophisticated attacks.

Hardware root-of-trust uses TPM (Trusted Platform Module) 2.0 to ensure the server starts with untampered code.

Dynamic Root of Trust Measurement (DRTM) works to protect against firmware attacks. These are often undetectable to traditional antivirus software.

Secure boot with UEFI checks the validity of signatures for drivers at boot to ensure these are trusted. Only if these signatures pass scrutiny will the operating system be allowed to start.

Virtualization-based security is only available on secured-core servers. This feature isolates a region of memory from the host to prevent a prevalent vulnerability exploited by crypto-mining attacks.

Secure HTTP (HTTPS) is enabled by default.

DNS queries are now secured with HTTPS.

SMB (Secure Message Block) will automatically use AES-256 encryption for communication with other systems that support this protocol and AES-128 for systems that do not support it.

Application Platforms

Kubernetes Windows Containers images are approximately 40% smaller and load about 30% faster than previous versions.

Applications that rely on Azure Active Directory no longer require the container host to be domain-joined.

Intel Secured Guard Extension on Intel Ice Lake processors improved confidential computing by protecting memory to isolate applications.

Intel Ice Lake processors support 2048 logical cores on 64 physical sockets and up to 48TB of RAM on Server 2022.

Other

Nested virtualization, or the ability to run Hyper-V inside of a Hyper-V virtual machine, is now supported on AMD processors.

Internet Explorer is no longer available, having been fully replaced in Server 2022 with the Microsoft Edge browser.

Improvements have been made to the networking functionality to reduce packet loss and move more of the processing from the CPU to the dedicated network hardware.

Updates to the Storage Migration Service allows data to be migrated from more locations than previously.

Conclusion

Anybody looking for the most modern features for their server environment should undoubtedly consider Windows Server 2022.

How to create junction links on Windows Server 2022

November 19, 2021/0 Comments/in HowTo, Windows 2022 /by Carsten

Windows contains three types of file links.

Hard links: Creates a second directory entry to a file such that it can reference a file using more than one reference path.

Symbolic links: Creates a new file altogether that references an already existing file

Junction links: Creates a link between directories on different volumes or drives, but not between network drives. This link is only possible between folders.

Create a junction link on Windows Server 2022

Creating a junction link will link two folders together.

In our tutorial, we will create a junction link between the below two locations:

C:\NewJunction

and

C:\Users\Administrator\Download\Junction

To create the link, search for the Command Prompt, right-click on it, and select “Run as administrator.”

Next, use the mklink command in the below syntax:

mklink /J “junction path link” “target folder path”

In our example, that would be as follows:

Note: The target folder must be created prior to running this command.

mklink /J “C:\Junction” “C:\Users\Administrator\Downloads\TestSetup”

The junction link is now created.

Verify the link by running the below command:

dir /al /b

Alternatively, running the below command will list all directories and junctions

dir

Hide Windows Server 2022 junction links

To create a junction link with the target folder hidden, the below command can be used:

mklink /J …::$INDEX_ALLOCATION target folder

To confirm that the link is created as hidden, run either of the below commands:

dir 

dir /al /b

The destination will be listed as “…”

Delete Windows Server 2022 junction links

To delete an unused junction link, use the below command:

rmdir path to junction link

Note: Deleting a link will not delete the target folder or the files in the target location.