Quotas
Windows 2000 introduced disk quotas, which allowed a maximum amount of logical disk space to be defined on a per-volume and per-user basis. When the quota was exceeded, either the user couldn't write additional information in the case of a hard limit, or an event log was written if a soft limit was reached.
This quota system had limitations; each user had her own entry, and quotas did not work for shared areas. Also, the quota was for an entire disk. File server users might have access to many different shares and areas on a single volume, and different quota limits should be possible at that level of granularity. For shared areas, a quota on the total folder size should be shared between anyone who has write permissions.
The quota management subsystem of FSRM provides exactly this level of granularity, based on physical disk usage rather than logical usage. The Windows 2000-type quotas based the disk usage on the logical size of the data, which is not the space used on the actual physical disk. If you compress a 10MB (logical size) Word document, it might only use 350KB (physical size) on disk. Under the legacy quota, this compressed file would use 10MB of the user's quota. Under the FSRM quota solution, the physical size (350KB) is used. That drives users to be more diligent in compressing their information because it directly affects the amount of data they can store.
Quota management (like file screening) offers a flexible set of rich notifications that can be defined in the event of a quota breach or when a certain percentage of the quota is reached. This feature is only available on NTFS, nonremovable volumes.
A big change here is that quotas are defined on a per-volume or perfolder basis; no user or group is specified. NTFS permissions should be used to restrict who can write to a folder. Quotas are not a security mechanism. They control how much can be written, and NTFS controls who can write it. After a quota is applied to a folder or volume, anyone with write permissions is encompassed by the total quota limit.
FSRM quotas are highly flexible. First, the quota can be configured as a hard or soft quota. A hard quota enforces the quota limit and cancels an I/O request if it would result in the quota being exceeded. A soft quota is not enforced and allows continued I/O beyond the quota size. So why bother having a soft quota? When a quota is reached, or at a defined percentage of the quota, one or more actions can be triggered:
- E-mail message: Sends a message to a defined administrator and/or the user performing the I/O with configurable message content that can contain a number of variables. For example, variables for the quota used in MB, the percentage used, the server, and so on, exist. The user simply receives an access denied message when a hard quota is exceeded and he might not understand. The e-mail message is sent to him within seconds, and you could use it to recommunicate what quotas are in force and the policies behind their use.
- Event log: A warning event can be written to the application event log, which can contain configurable content based on a number of variables.
- Command: Run a script or command with a defined set of arguments. It can be run as the local service, network service, or local system context.
- Report: A storage report, as described in the previous section, can be called. When a quota is exceeded, a storage report is run and then e-mailed to the user who exceeded the quota. This helps the user understand what data has caused her to exceed her quota and take action to free space. Use caution with this, based on the resources required to run the reports. Running large storage reports in the middle of the day can cause a considerable performance hit. There are situations where running in the day would be okay-for example, a common use might be to run a report on a user's home folder, which is small and would, therefore, run a report quickly.
These options are powerful. When sets of actions are used, such as warning a user when he reaches 85% of his quota and performing a more definitive action at 100%, a lot of configuration is needed. Do not repeat it on the various different folders and volumes on which quotas are required. Thankfully, templates are supported, which allow a set of actions to be defined at various percentage states of a defined quota and can then be quickly applied to various volumes and folders.
Microsoft has a number of templates that can be customized to your exact requirements. These are accessed via the Quota Templates leaf under Quota Management in the navigation pane. You can modify a template by right-clicking it and selecting Edit Template Properties.
Quota Properties
The properties of a quota template show the type of the quota (hard or soft) and the quota limit in terabytes, gigabytes, megabytes, and kilobytes. The four types of actions available can be configured at different threshold points in any combination (for example, at 85% of a quota, 95% of a quota, and then 100%). A good template to look at is the 200MB Limit with 50MB Extension template. Look at the properties of that template. This template has a 200MB limit, and when the limit is reached, the quota is extended by an additional 50MB. This gives a total quota of 250MB.
Select the Warning (100%) threshold notification and click Edit so you can see all the options available. These options are broken into four tabs relating to the four types of actions.
E-Mail Message
The E-mail Message tab allows an e-mail account or distribution group to be selected as the target for an e-mail message. You can opt to send an e-mail to the actual user who exceeds the threshold.
A subject and body for the e-mail can be configured. Notice that a number of FSRM variables can be inserted into the header and body to make the message content specific to the notification. The example shows using the Source I/O Owner variable to insert the user who made the I/O request that exceeded the threshold. Quota Path shows the actual location where the quota is set. If you select the variable drop-down box, all the available variables are displayed.
If you want to configure options such as who the message is from, a reply-to, CC, and BCC, click the Additional E-mail Headers button, which allows this extra information to be input.
Event Log
The Event Log tab works in a similar fashion to the E-mail Message tab, except this time you can just configure the body of text with variables written to the Application Event Log.
Command
The Command tab enables you to run any command that can be called from a command line. Arguments to the command can be configured along with a working directory. The use of this is shown with the 200MB Limit with a 50MB Extension quota.
At 100% of the quota, the command runs the quota command-line interface tool, dirquota, to extend the quota by 50MB. It does this by replacing the 200MB limit template with a 250MB limit template. As a side point, this reinforces that everything that can be done through the GUI can also be configured using the command-line tools and that some sophisticated combinations are possible.
Select the account in which to run the command from the local service, network service, or local system (the default).
Report
The Report tab is used to run any of the reports you have seen before (although without customizable options). A report can be sent to a defined administrator and to the user who exceeded the threshold.
Assigning Quotas
After the templates are defined, a new quota entry is easily created by selecting Create Quota from the actions pane within the Quotas leaf of Quota Management. If you selected to use FSRM for usage monitoring when installing FSRM, there is already one soft quota entry for each volume that was selected.
The Create Quota dialog allows the selection of a template or a custom set of criteria. The recommended way is to use a quota template rather than manually defining criteria (hence the whole point of quotas). After all options are selected, click the Create button.
Notice at the top Create Quota on Path or an Auto Apply Template and Create Quotas on Existing and New Subfolders option is available. The normal option is to select Create Quota on Path, which applies the template or custom properties onto the selected quota path. The second option is useful on folders that might contain dynamically created subfolders that each need their own quota, such as a folder that houses user home folders. Each user's folder should have its own quota applied. When Auto Apply is selected, all existing subfolders have the quota selected applied individually. As new folders are created, they automatically have their own copy of the selected quota applied to them.
Note that only the first quota, D:\Data\Users\*, was manually created. All the others were automatically created because the quota type was set as Auto Apply. Another useful feature is that if the template is modified, you can opt to apply this change to all template instances. If you change the limit from 200MB to 500MB in the template and select the appropriate option to propagate to derived template uses.
If you navigate a volume with quotas locally, the free space changes based on the prevalent quota, as shown in the following code. Notice that the free space changes as you move through the volume.
F:\Data\Users>dir Volume in drive F is New Volume Volume Serial Number is 50E8-E6EE Directory of F:\Data\Users 05/07/2007 02:18 PM <DIR> . 05/07/2007 02:18 PM <DIR> .. 05/07/2007 02:18 PM <DIR> Achilles 05/07/2007 02:18 PM <DIR> Hector 05/07/2007 02:18 PM <DIR> Marrylane 0 File(s) 0 bytes 5 Dir(s) 1,131,294,720 bytes free F:\Data\Users>cd hector F:\Data\Users\Hector>dir Volume in drive F is New Volume Volume Serial Number is 50E8-E6EE Directory of F:\Data\Users\Hector 05/07/2007 02:18 PM <DIR> . 05/07/2007 02:18 PM <DIR> .. 0 File(s) 0 bytes 2 Dir(s) 209,711,104 bytes free
With Server Message Block (SMB) 1.0 (used prior to Windows Vista and Windows Server 2008), a remote location's free space stayed the same as the free space of the point of connection, such as the root share. With SMB 2.0, the free space changes for remote paths. The following code shows a remote connection from a Vista client. Notice the space change is the same as the local.
C:\Users\marrylane>net use * \\192.168.1.180\f$ Drive Z: is now connected to \\192.168.1.180\f$. The command completed successfully. C:\Users\mike>z: Z:\>cd data Z:\Data>cd users Z:\Data\Users>dir Volume in drive Z is New Volume Volume Serial Number is 50E8-E6EE Directory of Z:\Data\Users 05/07/2007 02:18 PM <DIR> . 05/07/2007 02:18 PM <DIR> .. 05/07/2007 02:18 PM <DIR> Achilles 05/07/2007 02:18 PM <DIR> Hector 05/07/2007 02:18 PM <DIR> Marrylane 0 File(s) 0 bytes 5 Dir(s) 1,131,294,720 bytes free Z:\Data\Users>cd marrylane Z:\Data\Users\Marrylane>dir Volume in drive Z is New Volume Volume Serial Number is 50E8-E6EE Directory of Z:\Data\Users\Marrylane 05/07/2007 02:18 PM <DIR> . 05/07/2007 02:18 PM <DIR> .. 0 File(s) 0 bytes 2 Dir(s) 209,711,104 bytes free
Templates can be exported and imported using the command-line tools but not via the MMC snap-in. Currently, exporting and importing is the only way to perform template management over multiple machines. You look at the syntax of exporting and importing in the file screening section- the syntax is the same for both quota and file screens.
SMB 2.0: Windows Vista and Windows Server 2008 support SMB 2.0, a major improvement over SMB 1.0. The real power of SMB 2.0 is performance. The original SMB was optimized around 60KB data packages, which are uncommon in today's networks that handle files that are megabytes, if not gigabytes, in size. Whereas SMB 1.0 used a fixed window size where packets had to arrive in sequence, SMB 2.0 uses a variable window size. Packets can be sent without an acknowledgment from the preceding packets, allowing data to be sent 30 to 40 times faster under SMB 2.0. SMB 2.0 also supports symbolic links. SMB 2.0 can only be used if both ends of a link support SMB 2.0. If XP is talking to a Windows Server 2008 box, SMB 1.0 is used.
In this tutorial:
- Windows Server File System and Print Management
- File System Types and Management
- New Technology File System (NTFS)
- New NTFS Features in Windows Server 2008
- Formatting and Managing File Systems
- Converting File Systems
- File Management
- File Permissions
- Shares
- NTFS Quotas
- Encrypted File System (EFS)
- Shadow Copy Feature
- File Server Resource Manager
- File Server Resource Manager Options
- Reporting
- Quotas
- File Screening
- Exporting and Importing File Screens and Quotas
- Print Management
- Print Management MMC
- Printer Properties
- Listing a Printer in the Active Directory
- Connecting Users to Network Printers
- Deploying Printers
- Allowing Nonadministrators/Power Users to Install Printers
- Migrating a Printer
- Automatic Network Print Addition
- Print Server Configuration
- Customizing Views of Information