- Turn the tables on your organization with Adaxes 2018.1’s Web Interface and reporting capabilities - Thu, Sep 20 2018
- Review: Softerra Adaxes – Automating Active Directory management - Thu, Jun 4 2015
- Azure Multi-Factor Authentication – Part 8: Delegating Administration - Tue, Apr 28 2015
Both file sharing and the File Server role have been an integral part of Server Core installations since their first inceptions.
In fact, Server Core installations have always been, by default, able to act as file servers after you configure the built-in firewall to allow SMB traffic. This way, you will end up with a functioning file server; however, I would only recommend doing so to transfer files, programs, and utilities to your Server Core installation. If you truly want to benefit from a Server Core installation, install some File Server Role Services on it.
Overview of File Services in Server Core
Just like the Certificate Services Server Role in the previous article, the File Server Server Role offers a couple of Server Role Services in two distinct categories:
- File and iSCSI services
- File Server
The File Server Role Service allows you to manage file shares and enables users to access files on Server Core installations, from the network, using the Server Message Block (SMB) protocol. - BranchCache for Network Files
BranchCache is a technology that allows computers in branch offices to cache commonly downloaded files from file and web shares on which BranchCache is enabled, and then provide those files to other computers in the branch office. The BranchCache for Network Files Role Service offers the caching functionality for file shares. - Data Deduplication
Installing and configuring the Data Deduplication Role Service helps save disk space by storing a single copy of identical data on an NTFS-formatted volume. - DFS Namespaces
DFS Namespaces enable you to group file shares that are located on different servers into one or more logically structured namespaces based on DNS names. - DFS Replication
DFS Replication is used to replicate data between multiple servers over limited-bandwidth network connections and local area network connections. - File Server Resource Manager (FSRM)
This Role Service enables scheduled storage reports, file classification, file quotas, and screening policies. It is a prerequisite for Dynamic Access Control (DAC). - File Server VSS Agent Service
If you’re looking to perform volume shadow copies of applications that store data files on your file server, you’ll need this Role Service. - iSCSI Target Server and iSCSI Target Storage Provider (VDS and VSS)
The iSCSI Target Server Role Service enables your Server Core installation to serve data on the iSCSI protocol. The iSCSI Target Storage Provider (VDS and VSS) Role Service allows for remote management through standard programs and for performing volume shadow copies. - Server for NFS
If you’d like to share files with UNIX-based computers and other computers that use the network file system (NFS) protocol, this Role Service is for you.
- File Server
- Storage Services
This Role Service enables basic file sharing and remote and local storage management functionality. In addition, it allows for creating storage pools and storage spaces.
By default, the Storage Services Role Service is the only File Server Role Service installed. This explains the ability to access the hidden and administrative shares (for example, C$) on your Server Core installation.
How to install File Services in Server Core
Before you can install any of the File Server Role Services, you’ll need to install the File and iSCSI Services Role Service. This can easily be done by running the following PowerShell one-liner (start off by typing PowerShell first, to get the PowerShell prompt):
Install-WindowsFeature File-Services
This way, the File Server Services Role (FS-Fileserver) will automatically be installed and the Windows Firewall will be configured to allow SMB traffic. Optionally, you can install one of the other Server Role Services. The table below shows the Role Service names you can use in combination with the Install-WindowsFeature PowerShell cmdlet:
File and iSCSI Services Role Description | File and iSCSI Services Role Feature Name |
BranchCache for Network Files | FS-BranchCache |
Data Deduplication | FS-Data-Deduplication |
DFS Namespaces | FS-DFS-Namespace |
DFS Replication | FS-DFS-Replication |
File Server Resource Manager | FS-Resource-Manager |
File Server VSS Agent Service | FS-VSS-Agent |
iSCSI Target Server | FS-iSCSITarget-Server |
iSCSI Target Storage Provider (VDS and VSS) | iSCSITarget-VSS-VDS |
Server for NFS | FS-NFS-Service |
Configuring File Services on Server Core
The following three scenarios show you the possibilities of the File Server Role on Server Core installations of Windows Server 2012:
Creating a basic file server
One of the easiest things to do is create a basic file server. In fact, you have already done that by installing the File and iSCSI File Services Role Service above.
Now, to create some file shares for users, you could fire up Computer Management (compmgmt.msc) or the shared folders MMC Snap-in (fsmgmt.msc) from a Windows 8 or a Server with a GUI Windows Server 2012 installation. Alternatively, you can create folders and shares from the command line.
For instance, to create a folder on the E:\ NTFS-formatted volume, give the built-in group Authenticated users “modify NTFS” rights, and share it as Groupdata with modify permissions on the share, use the following commands:
md E:\Groupdata
icacls E:\Groupdata /grant "Authenticated Users": (OI)(CI)(M)
PowerShell
New-SmbShare -Name Groupdata -Path E:\Groupdata -FolderEnumerationMode AccessBased -CachingMode Documents -EncryptData $True -FullAccess Everyone
How to create a file share
Oops. By using the New-SMBShare cmdlet, I already created a share with a couple of advanced features like Access-Based Enumeration (ABE), the caching mode, and encryption requirements for the SMB traffic. See how easy that is! 🙂
Creating a DAC-aware file server
One of the neat new features of Windows Server 2012 is Dynamic Access Control. DAC allows you to grant access to files and folders, based on attributes of a user’s account in Active Directory or the account of the computer that user is working on.
First, if you haven’t already done so, you will need to make your file server a member of the Active Directory domain. Then, you will need to install the File Server Resource Manager File Server Role Service. The following PowerShell command is particularly useful (and short) to use for this purpose:
Install-WindowsFeature FS-Resource-Manager
Now, you can plan and create your Central Access Policies and automatic file classification, and roll out all this new stuff to your Server Core-based File Server through Group Policies. More information can be found here.
Enabling data deduplication on a file server
Another cool feature that’s new in Windows Server 2012 File Services is data deduplication. This feature allows you to cut up files into storage chunks, store identical chunks of data in the Storage Information folder of an NTFS-formatted volume, and then link to these identical chunks from multiple files, which drastically reduces the storage used over time.
To use this feature, first we’ll need to install the role service. The following PowerShell command will do exactly that:
Install-WindowsFeature FS-Data-Deduplication
Now, we only have to configure the data deduplication policy for the volume. In the example below, we’ll enable data deduplication on E:\ using PowerShell with default settings (you can change these with Set-DedupVolume afterwards):
Enable-DedupVolume E:
To get things rolling, we’ll run the following PowerShell command to start deduplication:
Start-DedupJob -Volume E: -Type Optimization
Enable data deduplication
Concluding
The File Server Role in Server Core installations of Windows Server 2012 is a very modular Server Role, allowing you to create highly available, highly performing File Servers, iSCSI target servers, and NFS servers.
When I try to connect from another computer through MMC, I get a message that RPC server is unavailable, probably because the connection is being blocked by firewall.