Chapter 7: Local System Management
In Brief
It's such a shame. You spend months creating the perfect drive image for your company, only to have users and fellow administrators destroy it little by little through installing new applications, deleting files, and disorganizing the file system. Almost brings a tear to your eye. In this chapter, you will learn how to reorganize the disorganized, secure your systems, and perform updates to keep your imaged systems and servers healthy and clean.
Common Locations
Microsoft uses a common organized structure to store user data. If you know the locations of these directories and the quickest way to access them, you can easily modify their contents within your scripts. Table 7.1 lists common locations for Windows 2000/XP/2003.
| Data Type | Path |
|---|---|
| All Users Desktop | %ALLUSERSPROFILE%\Desktop |
| All Users Start Menu | %ALLUSERSPROFILE%\Start Menu |
| Desktop | %USERPROFILE%\Desktop |
| Favorites | %USERPROFILE%\Favorites |
| NetHood | %USERPROFILE%\NetHood |
| PrintHood | %USERPROFILE%\PrintHood |
| Quick Launch | %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch |
| Start Menu | %USERPROFILE%\Start Menu |
Accessing SpecialFolders with Windows Script Host
The WshShell object contains a property called SpecialFolders used to access these common locations. To access the SpecialFolders property, proceed as follows :
Set SHELL = CreateObject("WScript.Shell") Set SF = SHELL .SpecialFolders Here is a list of the folders available to the SpecialFolder property:
-
AllUsersDesktop
-
AllUsersStartMenu
-
AllUsersPrograms
-
AllUsersStartup
-
AppData
-
Desktop
-
Favorites
-
Fonts
-
MyDocuments
-
NetHood
-
PrintHood
-
Programs
-
Recent
-
SendTo
-
StartMenu
-
Startup
-
Templates
Here is an example of how to access these special folders in Windows Script Host:
Set SHELL = CreateObject("WScript.Shell") Set SF = SHELL .SpecialFolders Wscript.Echo "Desktop: " & SF ("Desktop") | Note | Access to these folders is dependent on your version of Windows. For example, there is no AllUsersDesktop folder for Windows 9x. |
Sharing
Sharing is the basic principle to networking: making resources easily available to multiple users. Windows allows you to share files, folders, and even devices to allow others to access your resources over the network.
| Note | Because Windows 2000 Professional and Windows XP allows only 10 concurrent network connections, this is the maximum number of simultaneous users that can access a share. The limit for a Windows 2000/2003 Server is dependent on the number of concurrent licenses you have for each server. |
To share a resource, right-click the resource and choose "Sharing" for Windows 2000 or "Sharing and Security" for Windows XP. Select "Share This Folder" and specify a share name. Resources are shared by their share names. Share names do not need to be the same name as the actual resource. For example, a folder called FILES can have a share name called MYFILES. To remain compatible with the DOS naming convention, your share names should not exceed eight characters .
Once a resource is shared, you can control access to it by modifying its share permissions. When a resource is shared, the default settings are to share that object with everyone. You can set varying access levels for your shared resources, and the process is identical to modifying NTFS permissions. Although NTFS is not required to set share permissions, you can increase security and functionality by using it.
NTFS Overview
The NTFS (NT File System) file system contains significant improvements over the previous Windows file systems (FAT and FAT32). Some of these improvements include:
-
Maximum size : 16 exabytes
-
Long file name support
-
File, folder, and volume security
-
Compression
-
Bad cluster recovery
-
Disk quotas ”Disk usage limits you can set on a per-user basis
-
Encryption ”A method to make data unreadable for unauthorized viewers using the 56 Bit DES (Data Encryption Standard)
-
Reparse points ”An enhancement to file objects that allows developers to extend file system functionality
-
Sparse files ”Files that can be created at any size, but which grow only as needed
-
Change Journal ”Originally called the Update Sequence Number (USN) journal, a hidden journal that records changes to the file system
Converting to NTFS
If you are currently using the FAT (File Allocation Table) file system, you can gain the benefits of NTFS by safely converting to it using CONVERT.EXE. To convert from FAT to NTFS, start a command prompt and enter the following:
CONVERT drive /FS:NTFS
Here, drive is the drive to convert to NTFS (for example, C:).
| Warning | This is a one-way conversion process. Microsoft does not provide any method to convert an NTFS volume to FAT or FAT32. Remember, NTFS drives are not accessible from Windows 95, 98, and ME. |
NTFS Security
NTFS stores extra information such as file ownership and uses access control lists (ACLs) to secure its files and folders from users and groups. The ACL contains access control entries (ACEs) that determine which type of access will be given. NTFS provides different ACEs for files and folders. To view the different ACEs you can set, open Windows Explorer and select PropertiesSecurityPermissions for a specific file or folder (see Figure 7.1).
Figure 7.1: Editing NTFS general permissions.
In addition to the default NTFS permissions, you can specifically set individual permissions through the Type of AccessSpecial Access selection, as shown in Figure 7.2.
Figure 7.2: Editing NTFS special access permissions.
| Warning | Setting "No Access" to the group Everyone will prevent even administrators from accessing the affected resources. |
EAN: 2147483647
Pages: 89