It's such a shame. You spend months creating the perfect drive image for your company, only to have users and fellow administrators destroy it little by little through installing new applications, deleting files, and disorganizing the file system. Almost brings a tear to your eye. In this chapter, you will learn how to reorganize the disorganized, secure your systems, and perform updates to keep your imaged systems and servers healthy and clean.
Microsoft uses a common organized structure to store user data. If you know the locations of these directories and the quickest way to access them, you can easily modify their contents within your scripts. Table 7.1 lists common locations for Windows 2000/XP/2003.
Data Type | Path |
---|---|
All Users Desktop | %ALLUSERSPROFILE%\Desktop |
All Users Start Menu | %ALLUSERSPROFILE%\Start Menu |
Desktop | %USERPROFILE%\Desktop |
Favorites | %USERPROFILE%\Favorites |
NetHood | %USERPROFILE%\NetHood |
PrintHood | %USERPROFILE%\PrintHood |
Quick Launch | %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch |
Start Menu | %USERPROFILE%\Start Menu |
The WshShell object contains a property called SpecialFolders used to access these common locations. To access the SpecialFolders property, proceed as follows :
Set SHELL = CreateObject("WScript.Shell") Set SF = SHELL .SpecialFolders
Here is a list of the folders available to the SpecialFolder property:
AllUsersDesktop
AllUsersStartMenu
AllUsersPrograms
AllUsersStartup
AppData
Desktop
Favorites
Fonts
MyDocuments
NetHood
PrintHood
Programs
Recent
SendTo
StartMenu
Startup
Templates
Here is an example of how to access these special folders in Windows Script Host:
Set SHELL = CreateObject("WScript.Shell") Set SF = SHELL .SpecialFolders Wscript.Echo "Desktop: " & SF ("Desktop")
Note | Access to these folders is dependent on your version of Windows. For example, there is no AllUsersDesktop folder for Windows 9x. |
Sharing is the basic principle to networking: making resources easily available to multiple users. Windows allows you to share files, folders, and even devices to allow others to access your resources over the network.
Note | Because Windows 2000 Professional and Windows XP allows only 10 concurrent network connections, this is the maximum number of simultaneous users that can access a share. The limit for a Windows 2000/2003 Server is dependent on the number of concurrent licenses you have for each server. |
To share a resource, right-click the resource and choose "Sharing" for Windows 2000 or "Sharing and Security" for Windows XP. Select "Share This Folder" and specify a share name. Resources are shared by their share names. Share names do not need to be the same name as the actual resource. For example, a folder called FILES can have a share name called MYFILES. To remain compatible with the DOS naming convention, your share names should not exceed eight characters .
Once a resource is shared, you can control access to it by modifying its share permissions. When a resource is shared, the default settings are to share that object with everyone. You can set varying access levels for your shared resources, and the process is identical to modifying NTFS permissions. Although NTFS is not required to set share permissions, you can increase security and functionality by using it.
The NTFS (NT File System) file system contains significant improvements over the previous Windows file systems (FAT and FAT32). Some of these improvements include:
Maximum size : 16 exabytes
Long file name support
File, folder, and volume security
Compression
Bad cluster recovery
Disk quotas ”Disk usage limits you can set on a per-user basis
Encryption ”A method to make data unreadable for unauthorized viewers using the 56 Bit DES (Data Encryption Standard)
Reparse points ”An enhancement to file objects that allows developers to extend file system functionality
Sparse files ”Files that can be created at any size, but which grow only as needed
Change Journal ”Originally called the Update Sequence Number (USN) journal, a hidden journal that records changes to the file system
If you are currently using the FAT (File Allocation Table) file system, you can gain the benefits of NTFS by safely converting to it using CONVERT.EXE. To convert from FAT to NTFS, start a command prompt and enter the following:
CONVERT drive /FS:NTFS
Here, drive is the drive to convert to NTFS (for example, C:).
Warning | This is a one-way conversion process. Microsoft does not provide any method to convert an NTFS volume to FAT or FAT32. Remember, NTFS drives are not accessible from Windows 95, 98, and ME. |
NTFS stores extra information such as file ownership and uses access control lists (ACLs) to secure its files and folders from users and groups. The ACL contains access control entries (ACEs) that determine which type of access will be given. NTFS provides different ACEs for files and folders. To view the different ACEs you can set, open Windows Explorer and select PropertiesSecurityPermissions for a specific file or folder (see Figure 7.1).
In addition to the default NTFS permissions, you can specifically set individual permissions through the Type of AccessSpecial Access selection, as shown in Figure 7.2.
Warning | Setting "No Access" to the group Everyone will prevent even administrators from accessing the affected resources. |