Posts Tagged “FSRM”

16 07 2009

Windows Quota’s based on Group Membership

Posted by Benno Zelders in General, tags: , , ,

I noticed that is currently is impossible or at least difficult to apply Disk Quota’s based on Security Groups instead on Folder location / users. In this article I will try to explain a solution for this problem.

 

To successfully apply quota’s to groups, you need the following things:

  • Windows 2008 Domain Controllers for Group Policy Preferences
  • File Server Resource Manager (available on Windows Server 2003 R2 and Server 2008)
  • A single file server
  • Security Groups
  • Vb Scripts

  • Event triggered tasks

 

In this situation, there are 3 quota templates defined in the File Server Resource Manager:

  • Bronze (100 MB), applied to the share \\SERVER1\HOME$\BRONZE
  • Silver (200 MB), applied to the share \\SERVER1\HOME$\SILVER
  • Gold (500 MB), applied to the share \\SERVER1\HOME$\GOLD

  

Ok here we go! This how-to is pretty straight forward, so if I am going to fast plz let me know!

 

1: Create the required QUOTA templates in FSRM (BRONZE, SILVER, GOLD)

2: Create a HOME$ share on a fileserver (in this example SERVER1)

3: For every QUOTA template, create a separate subfolder with the Quota name (BRONZE, SILVER and GOLD).

4: Apply the QUOTA templates on the in step 3 created folders (BRONZE -> BRONZE. SILVER -> SILVER etc)

5: Create three security Groups (in this example BRONZE, SILVER and GOLD)

6: Create a folder redirection policy for Desktop and Documents and configure it as show in the pictures below:

(pictures only show the BRONZE part, also add the SILVER and GOLD Groups\locations)

(configure redirection based on Security Groups and make sure the “Move the contents of ….. to the new location” is not checked!)

 

7: Create a VBS for every QUOTA as shown below and place them on a centrally accessible share (\\DOMAINNAME.LOCAL\NETLOGON\SCRIPTS for example):

 

The script moves the user files to the correct ‘quota’ location. If the user is member of the group “BRONZE”, all the files are moved from the \\SERVER1\HOME$\SILVER and \\SERVER1\HOME$\GOLD share to the BRONZE location.

 

8: For every QUOTA, create shortcuts using Group Policy Preferences (User Configurarion\Preferences\Windows Settings\Shortcuts) and target them as shown in the third picture (example is for the BRONZE quota, they also have to be created for SILVER and GOLD):

!!IT IS VERY IMPORTANT TO USE IDENTICAL NAMES FOR THE SHORTCUTS!!!

 

The reason is that the appropriate shortcut is created based on group membership. If the user is added to a different group, the shortcut is overwritten.

 
 

Target path is the location of the VBS files. In this example it is \\DOMAINNAME\NETLOGON\SCRIPTS\BRONZE.VBS

 

As you can see, this shortcut is only updated for users that are member of the BRONZE group. If they are also member of the SILVER / GOLD group, nothing will be changed.

 

Now the final part (optional, but highly recommended)

 

Create a event triggered tasks to:
  • Remove the user from the groups SILVER and GOLD if added to BRONZE
  • Remove the user from the groups BRONZE and GOLD if added to SILVER
  • Remove the user from the groups BRONZE and SILVER if added to GOLD

How to do this can be found in the following blogpost http://www.buit.org/2009/07/16/event-based-triggered-tasks/.

 

Et Voila! Quota’s can be applied to Groups instead of users :)

 

Regards,

 

Benno Zelders

Comments 2 Comments »