Managing Existing Partitions and Drives

Managing Existing Partitions and Drives

Disk Management provides many ways to manage existing partitions and drives. Use these features to assign drive letters , delete partitions, set the active partition, and more. In addition, Windows Server 2003 provides other utilities to carry out common tasks such as converting a volume to NTFS, checking a drive for errors, and cleaning up unused disk space.

Assigning Drive Letters and Paths

You can assign drives one drive letter and one or more drive paths, provided the drive paths are mounted on NTFS drives. Drives don't have to be assigned a drive letter or path . A drive with no designators is considered to be unmounted, and you can mount it by assigning a drive letter or path at a later date. You need to unmount a drive before moving it to another computer.

To manage drive letters and paths, right-click the drive you want to configure in Disk Management, and then choose Change Drive Letter And Paths. This opens the dialog box shown in Figure 11-7. You can now:

• Add a drive path

  Click Add, select Mount In The Following Empty NTFS Folder, and then type the path to an existing folder or click Browse to search for or create a folder.

• Remove a drive path

  Select the drive path to remove, click Remove, and then click Yes.

• Assign a drive letter

  Click Add, select Assign A Drive Letter, and then choose an available letter to assign to the drive.

• Change the drive letter

  Select the current drive letter, and then click Change. Select Assign A Drive Letter, and then choose a different letter to assign to the drive.

• Remove a drive letter

  Select the current drive letter, click Remove, and then click Yes.

Changing or Deleting the Volume Label

The volume label is a text descriptor for a drive. Because this label is displayed when the drive is accessed in various Windows Server 2003 utilities, such as Windows Explorer, you can use the label to help provide information about a drive's contents. You can change or delete a volume label using Disk Management or Windows Explorer.

Using Disk Management, you can change or delete a label by following these steps:

1. Right-click the partition, and then choose Properties.

2. In the General tab of the Properties dialog box, use the Label field to type a new label for the volume or delete the existing label. Click OK.

Using Windows Explorer, you can change or delete a label by following these steps:

1. Right-click the drive icon and then choose Properties.

2. In the General tab of the Properties dialog box, use the Label field to type a new label for the volume or delete the existing label. Click OK.

Deleting Partitions and Drives

To change the configuration of an existing drive that's fully allocated, you might need to delete existing partitions and logical drives. Deleting a partition or a drive removes the associated file system, and all data in the file system is lost. So before you delete a partition or a drive, you should back up any files and directories that the partition or drive contains.

You can delete a primary partition or logical drive by following these steps:

1. In Disk Management, right-click the partition or drive you want to delete, and then choose Delete Partition or Delete Logical Drive, as appropriate.

2. Confirm that you want to delete the partition by clicking Yes.

3. If you delete a partition on a physical drive that contains the Windows Server 2003 operating system, the number of the boot partition might change. If so, you'll need to update the Boot.ini file as described in the section of this chapter entitled "Updating the Boot Disk." Be sure to note the new partition number to use.

To delete an extended partition, follow these steps:

1. Delete all the logical drives on the partition following the steps listed above.

2. You should now be able to select the extended partition area itself and delete it.

Converting a Volume to NTFS

Windows Server 2003 provides a utility for converting FAT volumes to NTFS. This utility, called Convert (Convert.exe), is located in the %SystemRoot% folder. When you convert a volume using this tool, the file and directory structure is preserved and no data is lost. Keep in mind, however, that Windows Server 2003 doesn't provide a utility for converting NTFS to FAT. The only way to go from NTFS to FAT is to delete the partition by following the steps listed in the previous section and then to recreate the partition as a FAT volume.

The Convert Utility Syntax

Convert is a command-line utility run at the Command prompt. If you want to convert a drive, use the following syntax:

 convert  volume  /FS:NTFS 

where volume is the drive letter followed by a colon , drive path, or volume name . For example, if you wanted to convert the D drive to NTFS, you'd use the following command:

 convert D: /FS:NTFS 

The complete syntax for Convert is shown below:

 convert  volume  /FS:NTFS [/V] [/X] [/CvtArea:  filename  ] [/NoSecurity] 

The options and switches for Convert are used as follows :

  volume  

 /FS:NTFS 

 /V 

 /X 

 /CvtArea:  filename  

 /NoSecurity 

A sample statement using convert is:

 convert C: /FS:NTFS /V 

Using the Convert Utility

Before you use the Convert utility, double-check to see if the partition is being used as the active boot partition or a system partition containing the operating system. With Intel x86 systems, you can convert the active boot partition to NTFS. Doing so requires that the system gain exclusive access to this partition, which can only be obtained during startup. Thus, if you try to convert the active boot partition to NTFS, Windows Server 2003 displays a prompt asking if you want to schedule the drive to be converted the next time the system starts. If you click Yes, you can restart the system to begin the conversion process.

Before the Convert utility actually converts a drive to NTFS, the utility checks to see if the drive has enough free space to perform the conversion. Generally, Convert needs a block of free space that's roughly equal to 25 percent of the total space used on the drive. For example, if the drive stores 2 GB of data, Convert needs about 500 MB of free space. If there isn't enough free space, Convert aborts and tells you that you need to free up some space. On the other hand, if there's enough free space, Convert initiates the conversion. Be patient. The conversion process takes several minutes (longer for large drives). Don't access files or applications on the drive while the conversion is in progress.

Checking a Drive for Errors and Bad Sectors

The Windows Server 2003 utility for checking the integrity of a disk is Check Disk (Chkdsk.exe). You'll find this utility in the %SystemRoot% folder. Use Check Disk to check for and optionally repair problems found on FAT, FAT32, and NTFS volumes.

Although Check Disk can check for and correct many types of errors, the utility primarily looks for inconsistencies in the file system and its related metadata. One of the ways Check Disk locates errors is by comparing the volume bitmap to the disk sectors assigned to files in the file system. But beyond this, the usefulness of Check Disk is rather limited. For example, Check Disk can't repair corrupted data within files that appear to be structurally intact.

Running Check Disk from the Command Line

You can run Check Disk from the command line or within other utilities. At the Command prompt you can test the integrity of the E drive by typing the command

 chkdsk E: 

To find and repair errors that are found in the E drive, use the command

 chkdsk /f E: 

The complete syntax for Check Disk is shown below:

 chkdsk [  volume  [[  path  ]  filename  ]]] [/F] [/V] [/R] [/X] [/I] [/C]  [/L[:  size  ]] 

The options and switches for Check Disk are used as follows:

  volume  

  filename  

 /F 

 /V 

 /R 

 /L:  size  

 /X 

 /I 

 /C 

Running Check Disk Interactively

You can also run Check Disk interactively by using either Windows Explorer or Disk Management:

1. Right-click the drive and then choose Properties.

2. In the Tools tab of the Properties dialog box, click Check Now.

3. As shown in Figure 11-8, you can now:

   • Check for errors without repairing them. Click Start without selecting either of the check boxes.

   • Check for errors and fix them. Make the appropriate selections in the check boxes to fix file system errors or to recover bad sectors, or both. Then click Start.

     Figure 11-8. Check Disk is available by clicking the Check Now button in the Properties dialog box. Use it to check a disk for errors and repair them, if you wish.

     

Defragmenting Disks

Anytime you add files to or remove files from a drive, the data on the drive can become fragmented. When a drive is fragmented , large files can't be written to a single continuous area on the disk. As a result, the operating system must write the file to several smaller areas on the disk, which means more time is spent reading the file from the disk. To reduce fragmentation, you should periodically analyze and defragment disks using Disk Defragmenter.

You can analyze a disk to determine the level of fragmentation and defragment a disk by completing the following steps:

1. In Computer Management, expand Storage, and then select Disk Defragmenter.

2. Select the logical drive or volume that you want to work with by clicking it, as shown in Figure 11-9.

   Figure 11-9. Disk Defragmenter efficiently analyzes and defragments disks. The more frequently data is updated on drives, the more often you'll need to run this utility.

   

3. To analyze the amount of fragmentation on a partition or volume, click Analyze. The progress of the analysis is shown in the Analysis Display area. Fragmented files, contiguous files, system files, and free space are highlighted in different colors using the color code shown at the bottom of the display area. You can pause or stop the analysis if necessary.

4. When the analysis is complete, Disk Defragmenter recommends a course of action based on the amount of fragmentation. If there's a lot of fragmentation, you'll be prompted to defragment the disk. Otherwise, you'll be told the disk doesn't need to be defragmented.

5. To defragment the disk, click Defragment. The progress of the defragment operation is shown in the Defragmentation Display area. You can pause or stop the operation, if necessary.

6. To view a report of the analysis or defragmentation, click View Report.

Compressing Drives and Data

When you format a drive for NTFS, Windows Server 2003 allows you to turn on the built-in compression feature. With compression, all files and directories stored on a drive are automatically compressed when they're created. Because this compression is transparent to users, compressed data can be accessed just like regular data. The difference is that you can store more information on a compressed drive than you can on an uncompressed drive.

Compressing Drives

To compress a drive and all its contents, complete these steps:

1. In Windows Explorer or Disk Management, right-click the drive that you want to compress, and then select Properties.

2. Select Compress Drive To Save Disk Space and then click OK.

Compressing Directories and Files

If you decide not to compress a drive, Windows Server 2003 lets you selectively compress directories and files. To compress a file or directory, complete these steps:

1. In Windows Explorer, right-click the file or directory that you want to compress, and then select Properties.

2. In the General tab of the related property dialog box, click Advanced. Select Compress Contents To Save Disk Space, shown in Figure 11-10. Click OK twice.

   Figure 11-10. With NTFS, you can compress a file or directory by selecting the Compress check box in the Advanced Attributes dialog box.

   

For an individual file, Windows Server 2003 marks the file as compressed and then compresses it. For a directory, Windows Server 2003 marks the directory as compressed and then compresses all the files in it. If the directory contains subfolders, Windows Server 2003 displays a dialog box that allows you to compress all the subfolders associated with the directory. Simply select Apply Changes To This Folder, Subfolders , And Files and then click OK. Once you compress a directory, any new files added or copied to the directory are compressed automatically.

Expanding Compressed Drives

You can remove compression from a drive as follows:

1. In Windows Explorer or Disk Management, right-click the drive that contains the data you want to expand, and then select Properties.

2. Clear the Compress Drive To Save Disk Space check box and then click OK.

   Tip

   Windows always checks the available disk space before expanding compressed data. You should too. If there's less free space available than used space, you might not be able to complete the expansion. For example, if a compressed drive uses 1 GB of space and has 700 MB of free space available, there won't be enough free space to expand the drive.

   
   

Expanding Compressed Directories and Files

If you decide later that you want to expand a compressed file or directory, reverse the process by completing the following steps:

1. Right-click the file or directory in Windows Explorer.

2. In the General tab of the related property dialog box, click Advanced. Clear the Compress Contents To Save Disk Space check box. Click OK twice.

With files, Windows Server 2003 removes compression and expands the file. With directories, Windows Server 2003 expands all the files within the directory. If the directory contains subfolders, you'll also have the opportunity to remove compression from the subfolders. To do this, select Apply Changes To This Folder, Subfolders, And Files when prompted, and then click OK.

Encrypting Drives and Data

NTFS has many advantages over other file systems that you can use with Windows Server 2003. One of the major advantages is the capability to automatically encrypt and decrypt data using the Encrypting File System (EFS). When you encrypt data, you add an extra layer of protection to sensitive data ”and this extra layer acts as a security blanket blocking all other users from reading the contents of the encrypted files. Indeed, one of the great benefits of encryption is that only the designated user can access the data. This benefit is also a disadvantage , in that the user must remove encryption before authorized users can access the data.

Understanding Encryption and the Encrypting File System

File encryption is supported on a per-folder or per-file basis. Any file placed in a folder marked for encryption is automatically encrypted. Files in encrypted format can be read only by the person who encrypted the file. Before other users can read an encrypted file, the user must decrypt the file.

Every file that's encrypted has a unique encryption key. This means that an encrypted file can be copied, moved, and renamed just like any other file ”and in most cases these actions don't affect the encryption of the data (for details, see the section later in this chapter entitled "Working with Encrypted Files and Folders"). The user who encrypted the file always has access to the file, provided the user's public-key certificate is available on the computer that he or she is using. For this user, the encryption and decryption process is handled automatically and is transparent.

The process that handles encryption and decryption is called the Encrypting File System (EFS). The default setup for EFS allows users to encrypt files without needing special permission. Files are encrypted using a public/private key that EFS automatically generates on a per-user basis. The encryption algorithm used is the expanded Data Encryption Standard (DES), which is enforced using 56-bit encryption by default.

Encryption certificates are stored as part of the data in user profiles. If a user works with multiple computers and wants to use encryption, an administrator will need to configure a roaming profile for that user. A roaming profile ensures that the user's profile data and public-key certificates are accessible from other computers. Without this, users won't be able to access their encrypted files on another computer.

EFS has a built-in data recovery system to guard against data loss. This recovery system ensures that encrypted data can be recovered in the event a user's public-key certificate is lost or deleted. The most common scenario for this is when a user leaves the company and the associated user account is deleted. Although a manager might have been able to log on to the user's account, check files, and save important files to other folders, if the user account has been deleted, encrypted files will be accessible only if the encryption is removed or if the files are moved to a FAT or FAT32 volume (where encryption isn't supported).

To access encrypted files after the user account has been deleted, you'll need to use a recovery agent. Recovery agents have access to the file encryption key necessary to unlock data in encrypted files. To protect sensitive data, recovery agents don't, however, have access to a user's private key or any private key information.

Windows Server 2003 won't encrypt files without designated EFS recovery agents. For this reason, recovery agents are designated automatically and the necessary recovery certificates are generated automatically as well. This ensures that encrypted files can always be recovered.

EFS recovery agents are configured at two levels:

• Domain

  The recovery agent for a domain is configured automatically when the first Windows Server 2003 domain controller is installed. By default, the recovery agent is the domain administrator. Through Group Policy, domain administrators can designate additional recovery agents. Domain administrators can also delegate recovery agent privileges to designated security administrators.

• Local computer

  When a computer is part of a workgroup or in a stand-alone configuration, the recovery agent is the administrator of the local computer by default. Additional recovery agents can be designated. Further, if you want local recovery agents in a domain environment rather than domain-level recovery agents, you must delete the recovery policy from the group policy for the domain.

You can delete recovery agents if you don't want them to be used. However, if you delete all recovery agents, EFS will no longer encrypt files. One or more recovery agents must be configured for EFS to function.

Encrypting Directories and Files

With NTFS volumes, Windows Server 2003 lets you select files and folders for encryption. When you encrypt files, the file data is converted to an encrypted format that can be read only by the person who encrypted the file. Users can encrypt files only if they have the proper access permissions. When you encrypt folders, the folder is marked as encrypted, but actually only the files within it are encrypted. All files that are created in or added to a folder marked as encrypted are encrypted automatically.

To encrypt a file or directory, complete the following steps:

1. Right-click the file or directory that you want to encrypt, and then select Properties.

2. In the General tab of the related property dialog box, click Advanced. Then select the Encrypt Contents To Secure Data check box. Click OK twice.

For an individual file, Windows Server 2003 marks the file as encrypted and then encrypts it. For a directory, Windows Server 2003 marks the directory as encrypted and then encrypts all the files in it. If the directory contains subfolders, Windows Server 2003 displays a dialog box that allows you to encrypt all the subfolders associated with the directory. Simply select Apply Changes To This Folder, Subfolders, And Files and then click OK.

Working with Encrypted Files and Folders

Previously, I said that you can copy, move, and rename encrypted files and folders just like any other files, which is true, but I qualified this by saying "in most cases." When you work with encrypted files, you'll have few problems as long as you work with NTFS volumes on the same computer. When you work with other file systems or other computers, you might run into problems. Two of the most common scenarios are:

• Copying between volumes on the same computer

  When you copy or move an encrypted file or folder from one NTFS volume to another NTFS volume on the same computer, the files remain encrypted. However, if you copy or move encrypted files to a FAT or FAT32 volume, the files are decrypted before transfer and then transferred as standard files. FAT and FAT32 don't support encryption.

• Copying between volumes on a different computer

  When you copy or move an encrypted file or folder from one NTFS volume to another NTFS volume on a different computer, the files remain encrypted as long as the destination computer allows you to encrypt files and the remote computer is trusted for delegation. Otherwise, the files are decrypted and then transferred as standard files. The same is true when you copy or move encrypted files to a FAT or FAT32 volume on another computer. FAT and FAT32 don't support encryption.

After you transfer a sensitive file that has been encrypted, you might want to confirm that the encryption is still applied. Right-click the file and then select Properties. In the General tab of the related property dialog box, click Advanced. The Encrypt Contents To Secure Data option should be selected.

Configuring Recovery Policy

Recovery policies are configured automatically for domain controllers and workstations. By default, domain administrators are the designated recovery agents for domains and the local administrator is the designated recovery agent for a stand-alone workstation.

Through the Group Policy console, you can view, assign, and delete recovery agents. To do that, follow these steps:

1. Access the Group Policy console for the local computer, site, domain, or organizational unit you want to work with. For details on working with Group Policy, see the section entitled "Group Policy Management" in Chapter 4 , "Automating Administrative Tasks, Policies, and Procedures."

2. Access the Encrypted Data Recovery Agents node in Group Policy. To do this, expand Computer Configuration, Windows Settings, Security Settings, and Public Key Policies and then click Encrypted Data Recovery Agents.

3. As shown in Figure 11-11, the right-hand pane lists the recovery certificates currently assigned. Recovery certificates are listed according to whom they are issued, who issued them, expiration data, purpose, and more. In the figure the certificate was self-issued by the administrator for the purpose of file recovery (it's a recovery certificate for the local administrator).

   Figure 11-11. You use the Encrypting File System node to view, assign, and delete recovery agents in Group Policy.

   

4. To designate an additional recovery agent, right-click Encrypted Data Recovery Agents and then select Add. This starts the Add Recovery Agent Wizard, which you can use to select a previously generated certificate that has been assigned to a user and mark it as a designated recovery certificate. Click Next.

5. In the Select Recovery Agents page, click Browse Directory and then use the Find Users, Contacts, And Groups dialog box to select the user you want to work with.

   Security Alert

   Before you can designate additional recovery agents, you must set up a root Certificate Authority (CA) in the domain. Afterward, you must use the Certificates snap-in to generate a personal certificate that uses the EFS Recovery Agent template. The root CA must then approve the certificate request so that the certificate can be used.

   
   

6. To delete a recovery agent, select the recovery agent's certificate in the right pane and then press Delete. When prompted to confirm the action, click Yes to permanently and irrevocably delete the certificate. If the recovery policy is empty (meaning that it has no other designated recovery agents), EFS will be turned off so that files can no longer be encrypted.

Decrypting Files and Directories

If you decide later that you want to decrypt a file or directory, reverse the process by completing the following steps:

1. Right-click the file or directory in Windows Explorer.

2. In the General tab of the related property dialog box, click Advanced. Clear Encrypt Contents To Secure Data. Click OK twice.

With files, Windows Server 2003 decrypts the file and restores it to its original format. With directories, Windows Server 2003 decrypts all the files within the directory. If the directory contains subfolders, you'll also have the opportunity to remove encryption from the subfolders. To do this, select Apply Changes To This Folder, Subfolders, And Files when prompted and then click OK.

Recovering Disk Space

Disk Cleanup is a utility that examines disk drives for files that aren't needed or that could be compressed. By default, Disk Cleanup examines temporary files, the Recycle Bin, and catalogs used by the Content Indexer to see if there are files that can be deleted. Disk Cleanup also examines files that haven't been used in a while and recommends that they be compressed. Compressing old files can save a considerable amount of disk space.

You can start and work with Disk Cleanup by completing the following steps:

1. In Windows Explorer or Disk Management, right-click the drive that you want to clean up, and then select Properties.

2. Select Disk Cleanup. Disk Cleanup then examines the selected drive, looking for temporary files that can be deleted and for files that are candidates for compression. The more files on the drive, the longer the search process takes.

3. When Disk Cleanup finishes, you'll see a report similar to the one shown in Figure 11-12. File categories that you might see in the report include

   • Downloaded Program Files Contains programs downloaded for use by your browser, such as ActiveX controls and Java applets. These files are temporary and can be deleted.

   • Temporary Internet Files Contains Web pages stored to support browser caching of pages. These files are temporary and can be deleted.

   • Recycle Bin Contains files that have been deleted from the computer but not yet purged. Emptying the Recycle Bin permanently removes the files.

   • Temporary Files Contains information stored in the TEMP folder. These files are primarily temporary data or work files for applications.

   • Temporary Offline Files Contains local copies of recently used network files. These files are stored to enable offline access to files and can be deleted.

   • Offline Files Contains local copies of network files that you've specifically designated for use offline. If you delete these files without reconfiguring for online access only, the files will be copied back to this folder the next time you connect to the network.

   • Compress Old Files Contains a list of files that haven't been accessed in a while and are candidates for being compressed. By default, files are marked for possible compression when they haven't been used in 50 days. You can change the waiting period by selecting Compress Old Files in the list and then clicking Options. Afterward, type a new Compress After duration and then click OK.

   • Catalog Files for the Content Indexer Contains old catalogs that the Content Indexer no longer needs. These files can be deleted.

     Figure 11-12. Use the Disk Cleanup utility to help you find files that can be deleted or compressed.

     

4. Use the check boxes provided in the Files To Delete list to choose the files that you want to clean up, and then click OK. When prompted to confirm the action, click Yes.