I recently noticed that our financial department keeps daily discharge for the tax in paper form. Everyday they print out 12 pages of the report, and are forced to store these data for the last 5 years. It's definitely wrong in the digital age.

For 1 year they will print 4380 sheets, for 5 years 21900 sheets. On average, industry produces 12,000 sheets of A4 paper from 1 tree. So we have the opportunity to save nearly 2 trees, if we change the storage of financial statements in digital format.

Need to create only a file server, with simultaneous access for multiple users. Old file system that users are using now, is based on Samba. Step by step I move the main services on Microsoft products, so today we will create file server based on Windows Server.

Jake and Finn will be my assistants today. I think this is the best choice for the salvation of the defenseless trees ;)

EasyPeasy Way

I already have “clean” server located in the corporate domain. It is a virtual machine with 1 CPU, 8GB RAM and two drives: 50GB for system and 500GB for sharing files.

Let's install the required roles for the file server:

What's good about Microsoft? Well, they love to explain everything in details, though sometimes it may confuse you. I chose only 4 roles: File Server and FS Resource manager- the minimum that is needed, you can install only them.

Data deduplication is effective only when working with large amount of data. In a nutshell: its idea is to remove duplicates of the files on the server, that saves space on your disk. BUT, this crap eats quite a lot of RAM.

DFS is convenient because you can consolidate multiple file servers under one name, and users won't notice. As a result- Scalability without harm to end-users.

After the roles were installed, create a folder (called it Tax) and then:

Properties > Sharing > Advanced Sharing > Share This Folder > Permissions > And put a daw on Full Control. DONE!

Now, any user can do all he wants, he only needs to specify the path to the file server. As easy as pie!

Anticipating your question: Wait! For what all this crap about the server roles and something about the domain?!

Alright, alright, let's do it right

If someday, during the interview, you will be asked why you need the domain and everything associated with it, the first correct answer- SECURITY. Servers security, Users security, Data security.

Let's use those capabilities, for which Microsoft has spent millions of dollars.

For starters, remove this hole with full control for everyone. This thing is only for your home porn share folder. Set access only for authenticated dudes.

Now, when someone trying to access the file server will appear the window with request login and password.

Before proceeding with the next steps, remember a few important things.

There are two ways to manage user access rights to folders:

• Share Permissions- this is what we did above. And about what you can forget after decided give access for everyone or only for specific users.
• NTFS Rights- management access through the Security tab in folder properties. Allows you to use security groups and offers a wider choice in terms of access rights.

Direct and implicit deny is always stronger than any allow. For example: if you set full control in Share Permissions, and set only read in NTFS rights. The final user rights for the folder will be read. And Vice versa: full control in NTFS will not work, if user have only read rights in Share Permissions.

Let's see how it works. Go to the domain controller to create groups to access sharing folder. Microsoft recommends to create a separate access group for each folder, subfolder and subsubfolder with different rights. Not the best advice…

Live example: there are 50 user in my organization, the file server that they use, filled only 400 GB, but it contains already more than 1000 folders!

That’s why I prefer a different approach, and create only two groups: full control and read for the root folder.

Go back to the file server and add the created group in the security section.

Be sure to turn off inheritance (later you will understand why)

You can also add groups and users through a concise interface (without using advanced mode)

In full-control group I added another group, that contains all employees from the Finance Department who need to work with this folder. In read-access I will add a group of users which includes company executives.

You can add individual users

Since I disabled inheritance from the parent folder, full control from Sharing Permission does not work, and users who are not in any security groups will not be able to come here.

"I still don't understand why we installed roles in the beginning..."

OK, I would like to use this server not only to store reports, but also to create shared folders for different divisions of the Fin Department (billing and accounting). So now when entering at "netone-fc" users will see several folders. And for each of them I have to add two security group full and read. It's uncomfortable…

It is time to use File and Storage services, and create a folder like a real man!

Select File and Storage Services

Navigate to Shares. Right click on an empty area brings up a menu with the option to create a New Share.

Here you can create folders which will support NFS file share for UNIX systems. In my case, I choose SMB Share - Advanced to show you some of the features.

And so, I create a new folder called Bill. Pay attention to Local path. I specifically leave the staging folder \Shares before \Bill

Many administrators like to enable access-based enumeration (the first paragraph). Thus, users who have no any access to the folder will not even see it.

In other windows just press next

The user will not see the \Share folder, he will get access to the folder \Bill. Now I need to add group access in the security tab for the \Share and all subsequent new folders that I create through the file Manager will get the rights from it.

Now I just move the \Tax folder in the\Share. Users will not even notice the changes.

As a result, the administrator can give access to all folders using the hidden folder \Share with security groups. You have a сentral management interface to all shared folders on the server. Which also allows you to manage all of the physical disks and later to scale the data storage system.

You can also add new folders directly on the disc, without using the Manager. In any case, they will appear here.

It was the basis for the creation of shared folders in a Windows environment. When the time comes, we will consider the detailed configuration of DFS when using multiple servers, and their replication. There is also a lot of interesting tricks with the configuration of auditing and quota on folders and on individual files.

But most importantly, we managed to save at least 1 tree!

Happy to answer any of your questions, and will listen to your advice and comments. I encourage all Steemit community shares by experience in IT, using the tag #IT.

You can also offer cartoon assistants for the next article, I will be glad to hear your wishes☺

***

• Look At Me: Changings Records in MySQL Tables Using CLI