Managing Existing Partitions and DrivesDisk Management provides many ways to manage existing partitions and drives. Use these features to assign drive letters , delete partitions, set the active partition, and more. In addition, Windows Server 2003 provides other utilities to carry out common tasks such as converting a volume to NTFS, checking a drive for errors, and cleaning up unused disk space. Assigning Drive Letters and PathsYou can assign drives one drive letter and one or more drive paths, provided the drive paths are mounted on NTFS drives. Drives don't have to be assigned a drive letter or path . A drive with no designators is considered to be unmounted, and you can mount it by assigning a drive letter or path at a later date. You need to unmount a drive before moving it to another computer. To manage drive letters and paths, right-click the drive you want to configure in Disk Management, and then choose Change Drive Letter And Paths. This opens the dialog box shown in Figure 11-7. You can now:
Figure 11-7. Use this dialog box to change the drive letter and path assignment.
Note If you try to change the letter of a drive that's in use, Windows Server 2003 displays a warning. You'll need to exit programs that are using the drive and try again or allow Disk Management to force the change by clicking Yes when prompted. Changing or Deleting the Volume LabelThe volume label is a text descriptor for a drive. Because this label is displayed when the drive is accessed in various Windows Server 2003 utilities, such as Windows Explorer, you can use the label to help provide information about a drive's contents. You can change or delete a volume label using Disk Management or Windows Explorer. Using Disk Management, you can change or delete a label by following these steps:
Using Windows Explorer, you can change or delete a label by following these steps:
Deleting Partitions and DrivesTo change the configuration of an existing drive that's fully allocated, you might need to delete existing partitions and logical drives. Deleting a partition or a drive removes the associated file system, and all data in the file system is lost. So before you delete a partition or a drive, you should back up any files and directories that the partition or drive contains. You can delete a primary partition or logical drive by following these steps:
To delete an extended partition, follow these steps:
Converting a Volume to NTFSWindows Server 2003 provides a utility for converting FAT volumes to NTFS. This utility, called Convert (Convert.exe), is located in the %SystemRoot% folder. When you convert a volume using this tool, the file and directory structure is preserved and no data is lost. Keep in mind, however, that Windows Server 2003 doesn't provide a utility for converting NTFS to FAT. The only way to go from NTFS to FAT is to delete the partition by following the steps listed in the previous section and then to recreate the partition as a FAT volume. The Convert Utility SyntaxConvert is a command-line utility run at the Command prompt. If you want to convert a drive, use the following syntax: convert volume /FS:NTFS where volume is the drive letter followed by a colon , drive path, or volume name . For example, if you wanted to convert the D drive to NTFS, you'd use the following command: convert D: /FS:NTFS The complete syntax for Convert is shown below: convert volume /FS:NTFS [/V] [/X] [/CvtArea: filename ] [/NoSecurity] The options and switches for Convert are used as follows :
A sample statement using convert is: convert C: /FS:NTFS /V Using the Convert UtilityBefore you use the Convert utility, double-check to see if the partition is being used as the active boot partition or a system partition containing the operating system. With Intel x86 systems, you can convert the active boot partition to NTFS. Doing so requires that the system gain exclusive access to this partition, which can only be obtained during startup. Thus, if you try to convert the active boot partition to NTFS, Windows Server 2003 displays a prompt asking if you want to schedule the drive to be converted the next time the system starts. If you click Yes, you can restart the system to begin the conversion process. Tip Often it'll take several restarts of a system to completely convert the active boot partition. Don't panic. Let the system proceed with the conversion. Before the Convert utility actually converts a drive to NTFS, the utility checks to see if the drive has enough free space to perform the conversion. Generally, Convert needs a block of free space that's roughly equal to 25 percent of the total space used on the drive. For example, if the drive stores 2 GB of data, Convert needs about 500 MB of free space. If there isn't enough free space, Convert aborts and tells you that you need to free up some space. On the other hand, if there's enough free space, Convert initiates the conversion. Be patient. The conversion process takes several minutes (longer for large drives). Don't access files or applications on the drive while the conversion is in progress. Checking a Drive for Errors and Bad SectorsThe Windows Server 2003 utility for checking the integrity of a disk is Check Disk (Chkdsk.exe). You'll find this utility in the %SystemRoot% folder. Use Check Disk to check for and optionally repair problems found on FAT, FAT32, and NTFS volumes. Although Check Disk can check for and correct many types of errors, the utility primarily looks for inconsistencies in the file system and its related metadata. One of the ways Check Disk locates errors is by comparing the volume bitmap to the disk sectors assigned to files in the file system. But beyond this, the usefulness of Check Disk is rather limited. For example, Check Disk can't repair corrupted data within files that appear to be structurally intact. Running Check Disk from the Command LineYou can run Check Disk from the command line or within other utilities. At the Command prompt you can test the integrity of the E drive by typing the command chkdsk E: To find and repair errors that are found in the E drive, use the command chkdsk /f E: Note Check Disk can't repair volumes that are in use. If the volume is in use, Check Disk displays a prompt that asks if you want to schedule the volume to be checked the next time you restart the system. Answer Yes to the prompt to schedule this. The complete syntax for Check Disk is shown below: chkdsk [ volume [[ path ] filename ]]] [/F] [/V] [/R] [/X] [/I] [/C] [/L[: size ]] The options and switches for Check Disk are used as follows:
Running Check Disk InteractivelyYou can also run Check Disk interactively by using either Windows Explorer or Disk Management:
Defragmenting DisksAnytime you add files to or remove files from a drive, the data on the drive can become fragmented. When a drive is fragmented , large files can't be written to a single continuous area on the disk. As a result, the operating system must write the file to several smaller areas on the disk, which means more time is spent reading the file from the disk. To reduce fragmentation, you should periodically analyze and defragment disks using Disk Defragmenter. You can analyze a disk to determine the level of fragmentation and defragment a disk by completing the following steps:
Compressing Drives and DataWhen you format a drive for NTFS, Windows Server 2003 allows you to turn on the built-in compression feature. With compression, all files and directories stored on a drive are automatically compressed when they're created. Because this compression is transparent to users, compressed data can be accessed just like regular data. The difference is that you can store more information on a compressed drive than you can on an uncompressed drive.
Compressing DrivesTo compress a drive and all its contents, complete these steps:
Compressing Directories and FilesIf you decide not to compress a drive, Windows Server 2003 lets you selectively compress directories and files. To compress a file or directory, complete these steps:
For an individual file, Windows Server 2003 marks the file as compressed and then compresses it. For a directory, Windows Server 2003 marks the directory as compressed and then compresses all the files in it. If the directory contains subfolders, Windows Server 2003 displays a dialog box that allows you to compress all the subfolders associated with the directory. Simply select Apply Changes To This Folder, Subfolders , And Files and then click OK. Once you compress a directory, any new files added or copied to the directory are compressed automatically. Note If you move an uncompressed file from a different drive, the file is compressed. However, if you move an uncompressed file to a compressed folder on the same NTFS drive, the file isn't compressed. Note also that you can't encrypt compressed files. Expanding Compressed DrivesYou can remove compression from a drive as follows:
Expanding Compressed Directories and FilesIf you decide later that you want to expand a compressed file or directory, reverse the process by completing the following steps:
With files, Windows Server 2003 removes compression and expands the file. With directories, Windows Server 2003 expands all the files within the directory. If the directory contains subfolders, you'll also have the opportunity to remove compression from the subfolders. To do this, select Apply Changes To This Folder, Subfolders, And Files when prompted, and then click OK. Tip Windows Server 2003 also provides command-line utilities for compressing and decompressing your data. The compression utility is called Compact (Compact.exe). The decompression utility is called Expand (Expand.exe). Encrypting Drives and DataNTFS has many advantages over other file systems that you can use with Windows Server 2003. One of the major advantages is the capability to automatically encrypt and decrypt data using the Encrypting File System (EFS). When you encrypt data, you add an extra layer of protection to sensitive data ”and this extra layer acts as a security blanket blocking all other users from reading the contents of the encrypted files. Indeed, one of the great benefits of encryption is that only the designated user can access the data. This benefit is also a disadvantage , in that the user must remove encryption before authorized users can access the data. Note As discussed previously, you can't compress encrypted files. The encryption and compression features of NTFS are mutually exclusive. You can use one feature or the other, but not both. Understanding Encryption and the Encrypting File SystemFile encryption is supported on a per-folder or per-file basis. Any file placed in a folder marked for encryption is automatically encrypted. Files in encrypted format can be read only by the person who encrypted the file. Before other users can read an encrypted file, the user must decrypt the file. Every file that's encrypted has a unique encryption key. This means that an encrypted file can be copied, moved, and renamed just like any other file ”and in most cases these actions don't affect the encryption of the data (for details, see the section later in this chapter entitled "Working with Encrypted Files and Folders"). The user who encrypted the file always has access to the file, provided the user's public-key certificate is available on the computer that he or she is using. For this user, the encryption and decryption process is handled automatically and is transparent. The process that handles encryption and decryption is called the Encrypting File System (EFS). The default setup for EFS allows users to encrypt files without needing special permission. Files are encrypted using a public/private key that EFS automatically generates on a per-user basis. The encryption algorithm used is the expanded Data Encryption Standard (DES), which is enforced using 56-bit encryption by default. Security Alert For stricter security, North American users can order the Enhanced CryptoPAK from Microsoft. The Enhanced CryptoPAK provides 128-bit encryption. Files that use 128-bit encryption can be used only on a system that supports 128-bit encryption. Encryption certificates are stored as part of the data in user profiles. If a user works with multiple computers and wants to use encryption, an administrator will need to configure a roaming profile for that user. A roaming profile ensures that the user's profile data and public-key certificates are accessible from other computers. Without this, users won't be able to access their encrypted files on another computer. Security Alert An alternative to a roaming profile is to copy the user's encryption certificate to the computers that the user uses. You can do this using the certificate backup and restore process discussed in the section of Chapter 15 entitled "Backing Up and Restoring Encrypted Data and Certificates." Simply back up the certificate on the user's original computer and then restore the certificate on each of the other computers the user logs on to. EFS has a built-in data recovery system to guard against data loss. This recovery system ensures that encrypted data can be recovered in the event a user's public-key certificate is lost or deleted. The most common scenario for this is when a user leaves the company and the associated user account is deleted. Although a manager might have been able to log on to the user's account, check files, and save important files to other folders, if the user account has been deleted, encrypted files will be accessible only if the encryption is removed or if the files are moved to a FAT or FAT32 volume (where encryption isn't supported). To access encrypted files after the user account has been deleted, you'll need to use a recovery agent. Recovery agents have access to the file encryption key necessary to unlock data in encrypted files. To protect sensitive data, recovery agents don't, however, have access to a user's private key or any private key information. Windows Server 2003 won't encrypt files without designated EFS recovery agents. For this reason, recovery agents are designated automatically and the necessary recovery certificates are generated automatically as well. This ensures that encrypted files can always be recovered. EFS recovery agents are configured at two levels:
You can delete recovery agents if you don't want them to be used. However, if you delete all recovery agents, EFS will no longer encrypt files. One or more recovery agents must be configured for EFS to function. Encrypting Directories and FilesWith NTFS volumes, Windows Server 2003 lets you select files and folders for encryption. When you encrypt files, the file data is converted to an encrypted format that can be read only by the person who encrypted the file. Users can encrypt files only if they have the proper access permissions. When you encrypt folders, the folder is marked as encrypted, but actually only the files within it are encrypted. All files that are created in or added to a folder marked as encrypted are encrypted automatically. To encrypt a file or directory, complete the following steps:
Note You can't encrypt compressed files, system files, or read-only files. If you try to encrypt compressed files, the files are automatically uncompressed and then encrypted. If you try to encrypt system files, you'll get an error. For an individual file, Windows Server 2003 marks the file as encrypted and then encrypts it. For a directory, Windows Server 2003 marks the directory as encrypted and then encrypts all the files in it. If the directory contains subfolders, Windows Server 2003 displays a dialog box that allows you to encrypt all the subfolders associated with the directory. Simply select Apply Changes To This Folder, Subfolders, And Files and then click OK. Note On NTFS volumes, files remain encrypted even when they're moved, copied, and renamed. If you copy or move an encrypted file to a FAT or FAT32 drive, the file is automatically decrypted before being copied or moved. Thus, you must have proper permissions to copy or move the file. Working with Encrypted Files and FoldersPreviously, I said that you can copy, move, and rename encrypted files and folders just like any other files, which is true, but I qualified this by saying "in most cases." When you work with encrypted files, you'll have few problems as long as you work with NTFS volumes on the same computer. When you work with other file systems or other computers, you might run into problems. Two of the most common scenarios are:
After you transfer a sensitive file that has been encrypted, you might want to confirm that the encryption is still applied. Right-click the file and then select Properties. In the General tab of the related property dialog box, click Advanced. The Encrypt Contents To Secure Data option should be selected. Configuring Recovery PolicyRecovery policies are configured automatically for domain controllers and workstations. By default, domain administrators are the designated recovery agents for domains and the local administrator is the designated recovery agent for a stand-alone workstation. Through the Group Policy console, you can view, assign, and delete recovery agents. To do that, follow these steps:
Decrypting Files and DirectoriesIf you decide later that you want to decrypt a file or directory, reverse the process by completing the following steps:
With files, Windows Server 2003 decrypts the file and restores it to its original format. With directories, Windows Server 2003 decrypts all the files within the directory. If the directory contains subfolders, you'll also have the opportunity to remove encryption from the subfolders. To do this, select Apply Changes To This Folder, Subfolders, And Files when prompted and then click OK. Tip Windows Server 2003 also provides a command-line utility for encrypting and decrypting your data. This utility is called Cipher (Cipher.exe). Typing cipher at the command prompt by itself shows you the encryption status of all folders in the current directory. Recovering Disk SpaceDisk Cleanup is a utility that examines disk drives for files that aren't needed or that could be compressed. By default, Disk Cleanup examines temporary files, the Recycle Bin, and catalogs used by the Content Indexer to see if there are files that can be deleted. Disk Cleanup also examines files that haven't been used in a while and recommends that they be compressed. Compressing old files can save a considerable amount of disk space. You can start and work with Disk Cleanup by completing the following steps:
|