• Chapter 1. Installing and Configuring Windows Server 2003
  • software development Company Server 2003
  • Chapter 1. Installing and Configuring Windows Server 2003
  • New Features in Windows Server 2003
  • Best Practices
  • Moving Forward
  • Version Comparisons
  • Hardware Recommendations
  • Installation Checklist
  • Functional Overview of Windows Server 2003 Setup
  • Installing Windows Server 2003
  • Post Setup Configurations
  • Functional Description of the Windows Server 2003 Boot Process
  • Correcting Common Setup Problems
  • Chapter 2. Performing Upgrades and Automated Installations
  • New Features in Windows Server 2003
  • NT4 Upgrade Functional Overview
  • Upgrading an NT4 or Windows 2000 Server
  • Automating Windows Server 2003 Deployments
  • Moving Forward
  • Chapter 3. Adding Hardware
  • New Features in Windows Server 2003
  • Functional Description of Windows Server 2003 Architecture
  • Overview of Windows Server 2003 Plug and Play
  • Installing and Configuring Devices
  • Troubleshooting New Devices
  • Moving Forward
  • Chapter 4. Managing NetBIOS Name Resolution
  • New Features in Windows Server 2003
  • Moving Forward
  • Overview of Windows Server 2003 Networking
  • Name Resolution and Network Services
  • Network Diagnostic Utilities
  • Resolving NetBIOS Names Using Broadcasts
  • Resolving NetBIOS Names Using Lmhosts
  • Resolving NetBIOS Names Using WINS
  • Managing WINS
  • Disabling NetBIOS-over-TCP/IP Name Resolution
  • Chapter 5. Managing DNS
  • New Features in Windows Server 2003
  • Configuring a Caching-Only Server
  • Configuring a DNS Server to Use a Forwarder
  • Managing Dynamic DNS
  • Configuring Advanced DNS Server Parameters
  • Examining Zones with Nslookup
  • Command-Line Management of DNS
  • Configuring DHCP to Support DNS
  • Moving Forward
  • Overview of DNS Domain Structure
  • Functional Description of DNS Query Handling
  • Designing DNS Domains
  • Active Directory Integration
  • Configuring DNS Clients
  • Installing and Configuring DNS Servers
  • Configuring Secondary DNS Servers
  • Integrating DNS Zones into Active Directory
  • Chapter 6. Understanding Active Directory Services
  • New Features in Windows Server 2003
  • Active Directory Support Files
  • Active Directory Utilities
  • Bulk Imports and Exports
  • Moving Forward
  • Limitations of Classic NT Security
  • Directory Service Components
  • Brief History of Directory Services
  • X.500 Overview
  • LDAP Information Model
  • LDAP Namespace Structure
  • Active Directory Namespace Structure
  • Active Directory Schema
  • Chapter 7. Managing Active Directory Replication
  • New Features in Windows Server 2003
  • Replication Overview
  • Detailed Replication Transaction Descriptions
  • Designing Site Architectures
  • Configuring Inter-site Replication
  • Controlling Replication Parameters
  • Special Replication Operations
  • Troubleshooting Replication Problems
  • Moving Forward
  • Chapter 8. Designing Windows Server 2003 Domains
  • New Features in Windows Server 2003
  • Design Objectives
  • DNS and Active Directory Namespaces
  • Domain Design Strategies
  • Strategies for OU Design
  • Flexible Single Master Operations
  • Domain Controller Placement
  • Moving Forward
  • Chapter 9. Deploying Windows Server 2003 Domains
  • New Features in Windows Server 2003
  • Preparing for an NT Domain Upgrade
  • In-Place Upgrade of an NT4 Domain
  • In-Place Upgrade of a Windows 2000 Forest
  • Migrating from NT and Windows 2000 Domains to Windows Server 2003
  • Additional Domain Operations
  • Moving Forward
  • Chapter 10. Active Directory Maintenance
  • New Features in Windows Server 2003
  • Loss of a DNS Server
  • Loss of a Domain Controller
  • Loss of Key Replication Components
  • Backing Up the Directory
  • Performing Directory Maintenance
  • Moving Forward
  • Chapter 11. Understanding Network Access Security and Kerberos
  • New Features in Windows Server 2003
  • Windows Server 2003 Security Architecture
  • Security Components
  • Password Security
  • Authentication
  • Analysis of Kerberos Transactions
  • MITv5 Kerberos Interoperability
  • Security Auditing
  • Moving Forward
  • Chapter 12. Managing Group Policies
  • New Features in Windows Server 2003
  • Group Policy Operational Overview
  • Managing Individual Group Policy Types
  • Moving Forward
  • Chapter 13. Managing Active Directory Security
  • New Features in Windows Server 2003
  • Overview of Active Directory Security
  • Using Groups to Manage Active Directory Objects
  • Service Accounts
  • Using the Secondary Logon Service and RunAs
  • Using WMI for Active Directory Event Notification
  • Moving Forward
  • Chapter 14. Configuring Data Storage
  • New Features in Windows Server 2003
  • Functional Description of Windows Server 2003 Data Storage
  • Performing Disk Operations on IA32 Systems
  • Recovering Failed Fault Tolerant Disks
  • Working with GPT Disks
  • Moving Forward
  • Chapter 15. Managing File Systems
  • New Features in Windows Server 2003
  • Overview of Windows Server 2003 File Systems
  • NTFS Attributes
  • Link Tracking Service
  • Reparse Points
  • File System Recovery and Fault Tolerance
  • Quotas
  • File System Operations
  • Moving Forward
  • Chapter 16. Managing Shared Resources
  • New Features in Windows Server 2003
  • Functional Description of Windows Resource Sharing
  • Configuring File Sharing
  • Connecting to Shared Folders
  • Resource Sharing Using the Distributed File System (Dfs)
  • Printer Sharing
  • Configuring Windows Server 2003 Clients to Print
  • Managing Print Services
  • Moving Forward
  • Chapter 17. Managing File Encryption
  • New Features in Windows Server 2003
  • File Encryption Functional Description
  • Certificate Management
  • Encrypted File Recovery
  • Encrypting Server-Based Files
  • EFS File Transactions and WebDAV
  • Special EFS Guidelines
  • EFS Procedures
  • Moving Forward
  • Chapter 18. Managing a Public Key Infrastructure
  • New Features in Windows Server 2003
  • Moving Forward
  • PKI Goals
  • Cryptographic Elements in Windows Server 2003
  • Public/Private Key Services
  • Certificates
  • Certification Authorities
  • Certificate Enrollment
  • Key Archival and Recovery
  • Command-Line PKI Tools
  • Chapter 19. Managing the User Operating Environment
  • New Features in Windows Server 2003
  • Side-by-Side Assemblies
  • User State Migration
  • Managing Folder Redirection
  • Creating and Managing Home Directories
  • Managing Offline Files
  • Managing Servers via Remote Desktop
  • Moving Forward
  • Chapter 20. Managing Remote Access and Internet Routing
  • New Features in Windows Server 2003
  • Configuring a Network Bridge
  • Configuring Virtual Private Network Connections
  • Configuring Internet Authentication Services (IAS)
  • Moving Forward
  • Functional Description of WAN Device Support
  • PPP Authentication
  • NT4 RAS Servers and Active Directory Domains
  • Deploying Smart Cards for Remote Access
  • Installing and Configuring Modems
  • Configuring a Remote Access Server
  • Configuring a Demand-Dial Router
  • Configuring an Internet Gateway Using NAT
  • Chapter 21. Recovering from System Failures
  • New Features in Windows Server 2003
  • Functional Description Ntbackup
  • Backup and Restore Operations
  • Recovering from Blue Screen Stops
  • Using Emergency Management Services (EMS)
  • Using Safe Mode
  • Restoring Functionality with the Last Known Good Configuration
  • Recovery Console
  • Moving Forward
  • Who Should Read This Book
  • Who This Book Is Not For
  • Conventions
  • Acknowledgments
  • About the Author
  • About the Technical Reviewers
  • Index
  • Index A
  • Index B
  • Index C
  • Index D
  • Index E
  • Index F
  • Index G
  • Index H
  • Index I
  • Index J
  • Index K
  • Index L
  • Index M
  • Index N
  • Index O
  • Index P
  • Index Q
  • Index R
  • Index S
  • Index SYMBOL
  • Index T
  • Index U
  • Index V
  • Index W
  • Index X
  • Index Z
  • Preface
  • Previous Section Next Section

    Managing Offline Files

    Whether you use folder redirection or home directories, laptop users get upset when they cannot access their files. The answer to their dilemma is offline files. With this feature, a user can mirror his server-based files to his local laptop. When the user connects back to the network again, changes made to the offline files are synchronized with the copies on the server and civilization is saved.

    Additional Uses for Offline Files

    The names used by Microsoft for offline files varies depending on the perspective. At the server, the technology is called client-side caching. At the client, the technology is called offline files. But whatever you call it, the feature has applications in addition to helping laptop users. For example:

    • Local access to large files. It can be difficult to work on huge files stored on a server. Graphic designers and CAD operators typically copy big files to their local hard drives to work on them during the day then copy them back in the evenings. Sometimes they forget, though, and you can help to automate the synchronization process by using offline files.

    • File availability during network outages. Sporadic outages are darned near unavoidable, but users get cynical during prolonged periods of instability. They start keeping their files on their local drives. If your end users show reluctance to save their files on servers, offline files can be a way to lure them back onto the network again.

    • Application caching. Users often want to run network-based applications while they're on the road. Instead of installing the applications on the laptops, you can use offline files to store cached copies of the executables.

    Inappropriate Uses of Offline Files

    Offline files are not the solution to every mobile user's problems. Here are instances where offline files are not a good solution:

    • Files accessed by multiple users. Imagine files accessed by several different users who make modifications at their laptops while they are offline and then sync up. The last user to sync will overwrite all the other's changes. They won't be happy. You won't be happy.

    • Database files. You definitely do not want to cache database files. The synchronization process may get the changed data file but miss a transaction log or a change to a support file.

    • Client/server application files. Don't use offline files to save a local copy of client/server configuration files if the application makes its own caching provisions.

    • PST files. If you run Microsoft Outlook in Corporate Workgroup mode, users can store offline folders and archives in a local PST (Personal Store) file. Outlook handles the synchronization between the Exchange information store and the local PST. Don't layer this synchronization with offline file synchronization. This will cause data corruption.

    The system automatically filters for file types that meet the criteria listed above. This includes files with the following extensions:

    .db (Foxpro)

    .pst (Outlook)

    .mdb, .mdw, .mde, and .ldb (Access)

    .slm (Visual Sourcesafe)

    If you have files with these extensions in a folder, the system will refuse to configure the folder for offline files. If a folder has been configured for offline files, the system will refuse to put a file with one of these extensions in the folder.

    The extensions are hard-coded into the client-side caching service. You can override them with a group policy called Files Not Cached. This policy is in Computer Configuration | Administrative Templates | Network | Offline Files.

    Use caution when enabling the Files Not Cached policy. It completely overrides the default extensions. If you have an extension that you want to add to the list, be sure to include all the rest from the preceding list.

    Offline Files and Remote Desktop

    Offline files are disabled on machines that have Remote Desktop enabled. This includes all servers running Windows Server 2003 because Remote Desktop is enabled by default. If you are running Windows Server 2003 on a laptop for testing, or you have some other reason for enabling offline folders on a server, you can disable remote desktop on the server as shown in Procedure 19.3.

    Procedure 19.3 Disabling Remote Desktop

    1. Right-click My Computer and select PROPERTIES from the flyout menu. This opens the Properties window.

    2. Select the Remote tab.

    3. Uncheck the Allow Users To Connect Remotely To This Computer option.

    4. Click OK to save the change. This will not disconnect any current remote desktop users. You may need to log them off the server or restart before you get the offline file option.

    You can enable Remote Desktop at any time by reselecting the Allow Users To Connect Remotely To This Computer option. If you have enabled offline files in the meantime, you must first disable it before enabling Remote Desktop connections.

    The same restriction to offline files applies to standalone XP desktops with Fast User Switching enabled. This should not be a problem in a corporate environment because Fast User Switching is disabled when you join a desktop to a domain. If you have users at standalone XP desktops that connect to shared folders on servers running Windows Server 2003 or Windows 2000 and the users want to enable offline files, you must disable Fast User Switching. Select the User Accounts option in the new Control Panel interface and select Change The Way Users Log On Or Off. Uncheck the Fast User Switching option and save the change.

    Configuring Client-Side Caching at the Server

    Client-side caching is controlled at the server using parameters associated with the share point. In the Sharing tab of a shared folder, click Caching. This opens a Caching Settings window. Figure 19.5 shows an example.

    Figure 19.5. Caching Settings window for a shared folder showing the default caching option.

    graphics/19fig05.gif

    There are three cache configuration options. They are differentiated by how the client selects items to be cached and how the server handles file changes.

    Manual Caching of Documents

    This is the default caching option. In this option, the user must decide which files to save offline. This is called pinning. The name of this option is a little deceiving because a user can pin executables as well as data files.

    A file or folder is pinned using the Make Available Offline option in the PROPERTIES menu of the file or folder. A pinned file or folder displays an icon with a blue, double-headed arrow.

    When a user opens a pinned file, the system checks the server copy to see if any changes have occurred. If not, the local copy is opened. If changes have been made at the server, the server copy is downloaded into the local cache then the local copy is opened.

    As long as the client keeps the local copy open, the server copy is kept locked. This prevents someone from modifying the server copy from another source. Unfortunately, it is up to the application to use locks and to look for locks. For example, Microsoft Word is a good neighbor and refuses to open a locked file. Notepad, on the other hand, ignores locks and opens any file you point it at.

    Automatic Caching of Documents

    With this option, the user is not required to pin a file to cache it. Local copies are cached whenever the user opens a file in the shared folder.

    If a file has been automatically cached, the icon does not display any special insignia. If a user expects to see certain files when offline, the user should manually pin the files to make sure they will be available.

    As with manually pinned files, when a user opens an automatically cached file, the server copy is checked first to see if it is different than the local copy. The locally cached copy is used for reading and any changes are made to both the local copy and the server copy. The server copy is kept locked.

    When a user creates a new file in a share configured for automatic caching, the file is also cached locally. If a file is created at the server by someone else, it will appear in the file list in Explorer but it will only be cached if the user opens the file. Train your users with the following mantra, "To see the file later, open it now."

    Automatic Caching of Programs and Documents

    This option differs from the other automatic caching option only in the way it handles file locks. Data files are locked but executables are not. This is supposed to reduce network traffic, although eliminating a few Server Message Block (SMB) packets doesn't seem like much of a savings. For the most part, avoid this configuration and stick with Use Automatic Caching of Documents. Use this option only if you have a legacy application that does not behave well when multiple users access it.

    Disabling Caching

    There is a fourth option, of course. You can just say no to offline files and disable caching at the server. This must be done for each share point where you do not want to permit caching. For instance, if you have a share point that holds gigs and gigs of executables and you don't like the idea of users pinning all those files to their local cache, disable caching at the share.

    You can also disable offline files at the clients. By default, offline files are enabled for XP desktops and disabled for servers running Windows Server 2003. The toggle is exposed in the TOOLS | FOLDER OPTIONS menu of any folder. Figure 19.6 shows an example. You can also configure the setting from Appearance and Themes | Folder Options in the new Control Panel interface.

    Figure 19.6. Folder Options showing the Offline Files tab.

    graphics/19fig06.gif

    When you select the Enable Offline Files option, the client becomes aware of any shares that have been configured for automatic caching, so be sure you have sufficient disk space. By default, the offline file cache can take up to 10 percent of the drive. Users are not warned if the cache gets full. Older files are pushed out of the cache when the cache size reaches its limit.

    The default location of the offline file cache is a hidden folder called \Windows\CSC. If you prefer not to have this folder on the C drive, you can move it to another location using the Cachemov utility that comes in the Resource Kit. This is a GUI application that presents a pick list of the fixed disks on your system and their free space. You cannot move the cache to a removable media disk.

    Registry Tip: Client-Side Caching

    The Registry entries that control client-side caching are as follows:

    
    Key:    HKLM | Software | Microsoft | Windows | CurrentVersion | 
    graphics/ccc.gifNetCache
    Values: DefCacheSize (REG_DWORD) - Contains cache size in hex
      Enabled (Dword) - flag is 1 for enabled, 0 for disabled
      EncryptCache (Dword) - flag is 1 to encrypt entire cache, 0 to 
    graphics/ccc.gifleave clear
    

    Synchronization Manager

    Keeping offline files at a client in sync with the files on a server, and doing so in a way that doesn't confuse a user, is a trick that took Microsoft years to master. After a series of almost-but-not-quite solutions, the job of keeping files in sync falls on the Synchronization Manager, or Mobsync.exe.

    In addition to managing offline files, Synchronization Manager also handles offline web pages in Internet Explorer 5.0 and later. (You get a copy of Mobsync.exe when you install IE on a Win9x or NT machine.)

    Synchronization Manager Registry Settings

    You'll find the Registry settings for Synchronization Manager in the following:

    
    Key:  HKLM | Software | Microsoft | Windows | CurrentVersion | 
    graphics/ccc.gifSyncMgr
    

    There are very few user-serviceable parameters. All known parameters have a setting in the User Interface (UI).

    Synchronization Manager Options

    Synchronization Manager does not run continuously. It performs its duties only when told to do so. By default, this is when the user logs on and off. You can configure it to synchronize at other times using one of three interfaces:

    • Folder Options

    • Synchronization Manager

    • Group policies

    We've already seen the Folder Options settings. Figure 19.7 shows the Synchronization Manager interface. Open this via START | PROGRAMS | ACCESSORIES | SYNCHRONIZE.

    Figure 19.7. Synchronization Manager interface.

    graphics/19fig07.gif

    Click Setup to open the Synchronization Settings window shown in Figure 19.8.

    Figure 19.8. Synchronization Settings options.

    graphics/19fig08.gif

    The When I Am Using This Network Connection option will only list one LAN interface, even if you have multiple network cards in the machine. The remaining entries in the pick list, if any, represent dial-up connections. You can use these settings to configure special synchronization settings for slow connections. Ordinarily, no synchronization occurs for lines that run slower than 500Kbps.

    Client-Side Cache Database Corruption

    Offline files stored at the client are cataloged in a CSC (Client-Side Caching) database. This database can become corrupted. Symptoms include inability to open files, files that appear only when offline, and Event log entries warning of corruption.

    If these or other symptoms occur, you can try deleting files out of the client-side cache using the Folder Options | Offline Folders window then resynchronizing.

    If this fails, initiate a full resync in the Folder Options | Offline Folders window by pressing the Ctrl+Shift keys then clicking Delete. This will cause a complete loss of any locally cached files, so make sure the server copies are up-to-date or make copies of the cached files. The computer must be restarted to complete this evolution.

    Conflict Resolution

    If the server copy of a file changes while a user is offline, Synchronization Manager must figure out what to do when the user reconnects. There are three potential scenarios:

    • Client copy did not change. In this case, the server copy overwrites the local copy with no notice given to the user.

    • Server copy was deleted. In this case, the local copy at the client is retained but only displayed when the user is offline. This "phantom" copy can be disconcerting to users. If the file is no longer needed, you can walk the user through deleting the file while offline. If the file is needed, make a copy of it into another location while offline and delete the original. Then, resync online and copy the file back into the folder.

    • Client copy also changed file changed. In this scenario, the user is given a Resolve File Conflicts window to help Synchronization Manager decide what to do. Figure 19.9 shows an example.

      Figure 19.9. Resolve File Conflicts window.

      graphics/19fig09.gif

    The user resolves the conflict by selecting which copy to retain or by choosing to retain both copies by renaming the local copy. The user can view the files before making the decision. A savvy user can generally resolve a file conflict correctly. Less sophisticated users might be thrown off by the file location, which uses a UNC path. Don't be surprised if you get Help Desk calls with lots of forward-slash/back-slash conversations.

    Offline Files and File Encryption

    The files stored on a laptop often have more value than the laptop itself. Protecting those files with NTFS permissions won't stop a criminal. If the person who steals your laptop doesn't know how to hack the admin password, you can bet the fence knows how, or at least knows someone who knows how. The best protection is file encryption.

    In Windows 2000, users were not able to encrypt the files in the offline file cache. This exposed server-based information to prying eyes. It was a critical deficiency and prevented many organizations from implementing offline folders.

    In Windows Server 2003/XP, users can encrypt the contents of the offline cache. The local encryption status is completely independent of the encryption status at the server. This makes offline files a secure medium for transporting files on laptops.

    To enable offline file encryption, select the Offline Files tab in the Folder Properties window and select Encrypt Offline Files to Secure Data. Make sure the laptop is a member of a domain and that you are logged on to the domain and not the local SAM. This ensures that the domain Administrator account is the Data Recovery Agent. See Chapter 17, "Managing File Encryption," for details.

    Offline Files and Group Policies

    Rather than configure the offline file settings at each client, you can use group policies. The policy settings are located under Computer Configuration | Administrative Templates | Network | Offline Files. In broad terms, these policies control the following:

    • Enabling/disabling offline folders at clients and client-side caching at servers

    • Setting synchronization events (logon/logoff/suspend)

    • Disabling offline folder configuration items in Folder Options and Control Panel

    • Disabling the user's ability to pin offline files

    • Controlling the reminder balloons popped up by Synchronization Manager

    • Encrypting offline files

    • Set a different slow link speed (the default is 500Kbps)

    • Set the default offline cache size (in percentage of disk space)

    • Select file extensions that are not permitted to be stored in offline files

    When setting group policies for offline files, keep in mind that your target audience uses laptops, which may not be online when you set the policy. Users who dial in from home receive Administrative Template policies and will see your policy changes but any new synchronization actions you prescribe will not take effect until the user connects to the network.

    You may want to create a group called Laptop Users and target the group policy at that group. This avoids potentially creating offline file policies that affect desktop users.

    Offline Files Operational Checklist

    Here are a few key points to remember when working with offline files:

    • All server-based shares are configured for Manual Caching of Documents by default. This requires the users to pin any files they want to keep offline.

    • If you want to use automatic caching, select the Automatic Caching for Documents option rather than Automatic Caching for Documents and Programs to assure proper file locking.

    • Files in a share point configured for automatic caching are not cached locally until they are opened. Train your users accordingly.

    • When working with cached data files on the network, the local copy is always used for read access. Writes go to both copies at the same time.

    • If a server file is modified and the user modifies the same file offline, a Resolve File Conflicts window walks the user through the corrective actions.

      Previous Section Next Section