Microsoft Windows XP Professional Administrators Guide

Windows XP Professional provides several advanced disk management features that an administrator may wish to apply. These include the ability to compress all or some of the data on a disk drive to create additional storage space, and the ability to encrypt or encode data so that it can only be accessed and decrypted or decoded by the person who created it. Compression and encryption are mutually exclusive technologies, meaning that both cannot be applied to a file at the same time.

Another advanced disk management feature supported by Windows XP Professional is the application of disk quotas. Disk quotas allow administrators to impose restrictions on the amount of disk space that individual users can consume on a hard disk drive. This can be an especially useful tool on shared computers or on computers where shared files reside.

Applying Disk Compression

Compression is a tool used to create additional storage by reducing the space required to store files. To apply compression, the user or administrator needs write permission over the file or folder. If a folder is compressed, all the files in the folder are compressed as well. If the folder contains subfolders, Windows XP displays a prompt asking if compression should be applied to them as well.

Compression is transparent to the user. When a compressed file is accessed, Windows XP automatically uncompresses it and passes it to the calling application (assuming that the user has the necessary file permissions to open the file). When the user later saves the file, Windows XP recompresses it again.

Compression can only be applied to a partition or volume formatted with the NTFS file system. In addition, compression cannot be used on an encrypted file. If a user attempts to compress one of his or her encrypted files, Windows XP will decrypt it and then compress it.

If a compressed file is moved or copied to another location, its compressed state may change. The following list outlines various scenarios and their effect on a file's compression state.

One way to make working with compressed files and folders easier is to change the color that Windows XP uses to display them. Setting these options will tell Windows XP to display the text names of any compressed files or folders using blue text. This can be accomplished using the following procedure.

  1. Click on Start and then My Computer. The My Computer folder appears.

  2. Select Folder Options from the Tools menu. The Folder Options dialog appears.

  3. Select the View property sheet.

  4. Scroll down and select the Show encrypted or compressed NTFS files in color option.

  5. Click on OK.

The following procedure outlines the steps involved in compressing a file.

  1. Using Windows Explorer, locate the file to be compressed.

  2. Right-click on the file and select Properties. The file's property dialog appears.

  3. Click on the Advanced button located in the Attributes section of the property sheet.

  4. The Advanced Attributes dialog appears, as shown in Figure 11.6.

    Figure 11.6: Compressing a file

  5. Select the Compress contents to save disk space option and click on OK.

The following procedure outlines the steps involved in compressing a folder.

  1. Using Windows Explorer, locate the folder to be compressed.

  2. Right-click on the folder and select Properties. The folder's property dialog appears.

  3. Click on the Advanced button located in the Attributes section of the property sheet.

  4. Select the Compress contents to save disk space option and click on OK.

  5. The Confirm Attribute Changes dialog appears, as shown in Figure 11.7. The following options are available.

    • Apply changes to this folder only. Limits compression to just the files stored in this folder

    • Apply changes to this folder, subfolders, and files. Compresses everything in the folder including any files stored in subfolders

    Select an option and click on OK.

Figure 11.7: Compressing a folder

Applying Disk Encryption

Encryption adds a powerful level of security to Windows XP Professional and is especially important for users with portable computers where a greater chance exists that a computer could be stolen. Once stolen, it is possible to extract a laptop's hard disk drive and install it in another computer and access its data. However, by applying encryption, this data theft technique is blocked.

Encryption is transparent to the user. When an encrypted file is accessed, Windows XP automatically decrypts it and passes it to the calling application (assuming that the user has the necessary file permissions to open the file). When the user later saves the file, Windows XP encrypts it again.

Windows XP Professional implements encryption using the EFS (Encrypted File System). EFS uses the DES (Data Encryption Standard), which applies 56-bit encryption using public/private keys. Optionally, Microsoft provides a 128-bit Enhanced CryptoPak, which can be used to implement 128-bit encryption for greater security.

Encryption can only be applied to files stored on NTFS formatted partitions or volumes. If a file is moved or copied from one location to another on the same or a different NTFS volume, it remains encrypted. However, if the file is moved or copied to a FAT or FAT32 partition or volume, it is stored in a decrypted state.

Microsoft recommends applying encryption at the folder level. When implemented, encryption should be applied to each user's My Documents folder. In addition, all temporary folders should be encrypted, because some applications place unencrypted copies of files in these folders when they are working with them.

One way to make working with encrypted files and folders easier is to change the color that Windows XP uses to display them. Setting this option tells Windows XP to display the text names of any encrypted files or folders using green text. This can be accomplished using the following procedure.

  1. Click on Start and then My Computer. The My Computer folder appears.

  2. Select Folder Options from the Tools menu. The Folder Options dialog appears.

  3. Select the View property sheet.

  4. Scroll down and select the Show encrypted or compressed NTFS files in color option.

  5. Click on OK.

To encrypt a file or folder, the user or administrator must be able to read and write to it. The following procedure outlines the steps involved in encrypting a file.

  1. Using Windows Explorer, locate the file to be encrypted.

  2. Right-click on the file and select Properties. The file's property dialog appears.

  3. Click on the Advanced button located in the Attributes section of the property sheet.

  4. The Advanced Attributes dialog appears.

  5. Select the Encrypt contents to secure data option and click on OK.

  6. If the file is not stored in an encrypted folder, the Encryption Warning dialog appears, as shown in Figure 11.8.

    The following options are available.

    • Encrypt the file and the parent folder. Encrypts the folder that stores the file

    • Encrypt the file only. Only encrypts the file

    Select an option and click on OK.

Figure 11.8: Encrypting a file that is not stored inside an encrypted folder

The following procedure outlines the steps involved in encrypting a folder.

  1. Using Windows Explorer, locate the folder to be encrypted.

  2. Right-click on the folder and select Properties. The folder's property dialog appears.

  3. Click on the Advanced button located in the Attributes section of the property sheet.

  4. Select the Encrypt contents to secure data option and click on OK.

  5. Click on OK to close the folder's Properties dialog.

  6. The Confirm Attribute Changes dialog appears. The following options are available.

    • Apply changes to this folder only. Limits encryption to just the files stored in this folder

    • Apply changes to this folder, subfolders, and files. Encrypts everything in the folder, including any files stored in subfolders

    Select an option and click on OK.

Limiting Disk Consumption with Disk Quotas

Computers that store shared data or that are used by multiple users may require administrators to limit the amount of disk space that individual users are permitted to consume. Windows XP Professional applies encryption on a per-volume, per-user basis. Disk quotas are only available on NFTS formatted partitions or volumes.

Windows XP allows a global quota to be set for all users of a partition or volume. It then allows administrators to set exceptions for individual users with differing storage requirements. For example, all users could be limited to 200MB of storage on a drive partition or volume, and a few select individuals could be assigned a higher limit. Disk quotas have no affect on administrative accounts. Therefore, administrators cannot have their storage capacity limited.

Any time new software is installed, the space that it consumes is counted against the user that installed it, unless it is installed by an administrator. Unlike compression and encryption, disk quotas can only be turned on at the disk level. They cannot be applied to individual files or folders.

The following procedure outlines the steps involved in establishing a quota over a partition or volume.

  1. Click on Start and then My Computer. The My Computer folder appears.

  2. Right-click on a hard disk drive and select Properties. The Properties dialog for the drive appears.

  3. Select the Quota property sheet.

  4. Select Enable quota management, as shown in Figure 11.9.

    Figure 11.9: Enabling quota management for a hard disk drive

  5. Select the Deny disk space to users exceeding quota limit to prevent any users who have exhausted their predefined storage limit on that partition or volume from storing any additional files until they remove other files to free up disk space.

  6. Select from one of the following options to determine how quotas are applied to new users.

    • Do not limit disk usage. Does not apply storage limits to new users

    • Limit disk space to/Set warning level to. Specifies storage limits for new users as well as the amount of space that, once consumed, creates a warning message for the user

  7. Select the Log event when a user exceeds their quota limit option to send a message to the Windows XP Application event log.

  8. Select the Log event when a user exceeds their warning level option to send a message to the Windows XP Application event log.

  9. Click on OK. The Disk Quota dialog appears, stating that it may take several minutes for Windows XP to scan the disk and set quotas.

  10. Click on OK.

Once disk quotas have been set on a partition or volume, adjustments can be set up for individual users. The following procedure outlines the steps involved in setting up individual quotas.

  1. Click on Start and then My Computer. The My Computer folder appears.

  2. Right-click on a hard disk drive and select Properties. The Properties dialog for that drive appears.

  3. Select the Quota property sheet.

  4. Click on Quota Entries. The Quota Entries for New Volume dialog appears, as shown in Figure 11.10.

    Figure 11.10: Viewing assigned quotas

  5. To change the quotas assigned to a particular user, select the user and click on the Properties option located on the Quota menu. The dialog shown in Figure 11.11 appears.

    Figure 11.11: Changing the quota limits applied to an individual user

  6. To remove quota limits for the user, select the Do not limit disk usage option.

  7. To set different disk and warning limits, specify them in the Limit disk space to and Set warning level to fields.

  8. Click on OK.

  9. Changes made to the user's quota limits will appear on the Quota Entries for New Volume dialog. Close this dialog.

  10. Click on OK to close the Properties dialog for the disk drive.

Категории