JustAnotherAdmin

Logo

This is my site for sharing back with the IT world.

View the Project on GitHub soccershoe/JustAnotherAdmin

14 February 2020

Self Service File Shares : Server Setup

by This Guy

Self-Service File Server : Server Setup Let’s start that server up so we can start pumping out data dumps (because we all know that file shares are where data goes to die)!

Please see my first posting overview if you haven’t already.

Also, please note that this isn’t a step-by-step install. This is an install for my environment. Please use this as a framework for getting yourself up and running. I’m assuming you have some basic knowledge of most of these topics. And I’m including my scripts as well for helping to make your magic happen.

Ok. Now the fun part. Building out the server.

You have your fresh server. Add all the Roles and Features necessary.

Roles and Features

  1. Roles Installed (add Features as required by the Role)
  2. File and Storage Services 1. File and iSCSI Services
    1. File Server
    2. BranchCache for Network Files
    3. Data Deduplication
    4. DFS Namespaces
    5. DFS Replication
    6. File Server Resource Manager
  3. Storage Services
  4. Features Installed (add additional Features as required by the Feature)
  5. Windows PowerShell 1. Windows PowerShell 2.0 Engine 2. Remote Server Administration Tools
    1. Role Administration Tools
    2. AD DS and AD LDS Tools

DNS Config

Give your new service a name. I named mine ‘Depot’. Like a file depot. I thought about ‘Stacks’, but stacks of files is terrible. I originally just wanted ‘Shares’, but that DNS name was already taken by some other service. So Depot it was, and I may be referring to ‘Depot’ during later writings.

Local Server Admins

Create a domain service account that we’ll use as an administrator on the file server. I named mine ‘filemonitor’. Add this account as a local admin group.

Enable WinRM

Run Powershell as Administrator and enable WinRM. Lifted from KB555966

  1. Write the command prompt : “WinRM quickconfig” and press on the “Enter” button.
  2. The following output should appear:
  3. ``` “WinRM is not set up to allow remote access to this machine for management. The following changes must be made:

Set the WinRM service type to delayed auto start. Start the WinRM service. Create a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine.

Make these changes [y/n]? y”


3. After pressing the "y" button, the following output should appear:
  1. 
``` "WinRM has been updated for remote management.
 
WinRM service type changed successfully.
WinRM service started.
Created a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine."

Disk Config

We will be creating two disks, D: and E:. One drive will be the data drive (D:) and the other will be the archival drive (E:).

  1. Prerequisites
  2. NOTE If using SAN storage, you cannot use Windows Storage Pools. Set up SAN storage as normal D: and E: drives and skip Storage Pools setup below.
  3. For using non-SAN storage, each data drive (D: and E:) is made up of at least two drives and will make two Storage Pools. Please continue with the steps below.
  4. In Computer Management, Disk Management, Online the drives.
  5. In Server Management, go to File and Storage Services. Then Volumes, then Storage Pools.
  6. In Storage Pools, select Tasks, then New Storage Pools
  7. Follow the Wizard 1. Name the Storage Pool ‘DataSP’. 2. Select two of the four primordial disks for the Pool (assuming that you are splitting the 4 disks equally between the Data and Archive drives).
  8. Create the second Storage Pool following the Wizard 1. Name the Storage Pool ‘ArchiveSP’. 2. Select the remaining disks.
  9. Right click the new ‘DataSP’ Storage Pool and select New Virtual Disk
  10. Follow the Wizard 1. Select the Storage Pool 2. Name the Virtual Disk ‘DataVD’ 3. Select ‘Simple’ layout 4. Select ‘Fixed’ provisioning 5. Select Maximum Size
  11. The New Volume Wizard will automatically pop up
  12. Follow the Wizard 1. Select Drive Letter “D” 2. Volume Label “Data” 3. Data Dedupe is “General File Server”
  13. Follow the same steps in step d. above to complete the config for the Archive drive.

Initial Folder Creation

Create the following folders:

Create these custom permissions. The default permissions inherited creates some funky permissions later on. No need for that CREATE permission to persist. It makes for some more difficult troubleshooting of permissions for the helpdesk, or yourself.

Initual Scripts Setup

FSRM Setup

  1. Open the FSRM MMC console
  2. Right-click File Services Resource Manager and select ‘Configure Options’
  3. Email Notifications Tab 1. Default From address
    1. filedepot@domain.com
      1. SMTP server
    2. smtphost.domain.com
      1. Default Administrator email
    3. fileadmin@domain.com
  4. Report Locations Tab 1. Incident
    1. D:\StorageReports\Incident
      1. Scheduled
    2. D:\StorageReports\Interactive
      1. On-Demand
    3. D:\StorageReports\Scheduled
  5. File Screen Audit Tab 1. Check the box
  6. Automatic Classification Tab 1. Check ‘Enable fixed schedule’ 2. Set a schedule for Midnight Weekly on Saturday
  7. Access-Denied Assistance Tab 1. Click “View assistance request settings”
    1. Check ‘Enable access-denied assistance’
    2. Edit the text in the box to the appropriate message. Example below.
    3. Click ‘Configure Email Requests
    4. Check ‘enable users to request assistance’
    5. Only check ‘Folder Owner’ and ‘Generate and eventlog entry’.
    6. Edit the email text with: ‘For general support, contact: helpdesk@domain.com’
  8. Creating the File Expiration Task
  9. Run Powershell ISE as Administrator
  10. Edit the ‘Create-FileExpiration.ps1’ to make sure that the –FolderDestination option points to E:\FileExpiration on line 5.
  11. Run the script
  12. Validate that the task has been created in the FSRM MMC console in the File Management Tasks section
  13. Edit Quota Templates
  14. Edit the template: 250 MB Extended Limit
    1. Rename it to ‘25GB Extended Limit’
    2. Space limit: 25GB
  15. Edit the template: 200 MB Limit with 50 MB Extension
    1. Rename it to ‘20GB Limit with 5GB Extension’
    2. Space limit: 20GB
    3. Edit “Warning (100%)
    4. Uncheck the send ‘send email to the following administrators’
    5. Select the ‘Command’ tab 1. Change Command Arguments to: “quota modify /path:[Quota Path] /sourcetemplate:”25GB Extended Limit””

Enable Data Dedupe

If you choose ‘0’ it’ll dedupe all files no matter their age. I don’t think this is a wrong choice, but of course choose for the load on your server. On Win 2012, the task runs as a single process on a single core. This can end up being CPU bound and affecting SMB performance. Consider choosing a schedule where it is off-hours. This process got upgraded in 2016 and not so much a worry then.

Enable Shadow Copies

  1. Right click on the Data drive and select “Configure Shadow Copies”.
  2. Click on the Settings button
  3. Change the Volume to the Archive drive
  4. Set Maximum Size to No Limit
  5. Change the Schedule to Once a day Snapshots
  6. Select the Data drive and click the Enable button
  7. Click “yes” to enable Shadow Copies
  8. Eg. The D: drive should be storing Snapshots on the E: drive with a daily schedule.

I think that’s enough for the server setup. Next steps for setting up the Script will be in the next posting. Woo!

tags:

comments powered by Disqus