WSA M03: Storage & File Services

← Course Home Start GUI Lab →

Module 03: Storage & File Services

From raw disks to user-facing shares — partition, pool, share, secure.

What you'll learn

  • Disk types & partitions — Basic vs Dynamic, MBR vs GPT
  • Disk management — GUI + PowerShell cmdlets side by side
  • Storage Spaces ★ — modern resilient pool (mirror / parity)
  • SMB shares — create, secure, audit file shares
  • NTFS + share ACLs — how the two permission layers combine
Where this fits: Foundation #3 — storage. Maps to CTS1328C Objective #2. AZ-800 domain: Storage & file services (15-20%). Storage Spaces (★) is the modern resilient-pool stack.
Module 03 — your journey 1Disk Types 2Partition Styles 3Disk Mgmt GUI 4Disk Cmdlets 5Storage Spaces ★ 6Resiliency 7SMB Shares 8Permissions 9PowerShell ACL → next: M04 — Hyper-V

Disk Types: Basic vs Dynamic

Best Practice: Use Basic Disks with GPT for most scenarios. For advanced storage features like redundancy and pooling, use Storage Spaces instead of Dynamic Disks.

Basic Disks

  • Default disk type in Windows
  • Uses partitions (primary, extended, logical)
  • Compatible with all OS versions

Dynamic Disks

  • Uses volumes instead of partitions
  • Supports spanning across disks
  • Enables RAID (striping, mirroring)
  • Being replaced by Storage Spaces
Two disk types Windows can manage Basic disk classic partitions (MBR or GPT) C: System 100 GB D: Data 200 GB unallocated free space Up to 4 primary partitions GPT raises that to 128 Default for new disks Dynamic disk advanced volumes (legacy) Spanned: D + E + F Mirrored: disk 1 + 2 Spanned, striped, mirrored RAID-style on a single host Storage Spaces is preferred now

Partition Styles: MBR vs GPT

Feature MBR (Master Boot Record) GPT (GUID Partition Table)
Max Disk Size 2 TB 18 EB (exabytes)
Max Partitions 4 primary (or 3 + extended) 128
Boot Mode BIOS (Legacy) UEFI
Redundancy Single partition table Backup table at disk end
How the partition table sits on the disk MBR single 512-byte boot sector at LBA 0 Boot 512B Partition 1 Partition 2 Partition 3 Partition 4 If the MBR sector is lost, the whole table is lost GPT header + entry tables at start AND end of disk Prot MBR GPT Header Entries (128) … user data partitions … Backup Entries Bkup Hdr Backup table at disk end protects against header corruption

Disk Management Console

The Disk Management MMC snap-in (diskmgmt.msc) is the primary GUI for managing storage.

Partition Color Coding

EFI
System
C:
Windows (Boot)
D:
Data
Recovery
Unallocated

Common Operations

  • Initialize Disk - Set partition style (GPT/MBR) for new disks
  • New Simple Volume - Create partition and format
  • Extend Volume - Grow into adjacent unallocated space
  • Shrink Volume - Reduce volume size to free space
  • Change Drive Letter - Assign/modify mount point
  • Format - Apply file system (NTFS, ReFS)
diskmgmt.msc, the GUI workhorse Disk Management File   Action   View   Help Volume     Layout     Type     File System     Status     Capacity C:         Simple      Basic     NTFS           Healthy     99.5 GB D: Data   Simple      Basic     NTFS           Healthy     199.9 GB Disk 0   Basic   500.00 GB   Online C: 100 GB NTFS D: 200 GB NTFS Healthy 200 GB unallocated Disk 1   Basic   1.00 TB   Online 1.00 TB unallocated, right-click to create volume Right-click any region for partition operations

Disk Cmdlets

PowerShell's Storage module manages disks end-to-end. Output table shown in the right-panel demo.

# List all physical disks and their current state PS C:\> Get-Disk

Initialize a new (RAW) disk before it can hold partitions.

# Initialize Disk 2 with GPT partition style PS C:\> Initialize-Disk -Number 2 -PartitionStyle GPT
Disk cmdlets: enumerate, initialize, online PowerShell, Storage module PS> Get-Disk Number FriendlyName Size PartStyle 0 Samsung SSD 970 500 GB GPT 1 WD Blue 1TB 1 TB RAW PS> Initialize-Disk -Number 1 -PartitionStyle GPT brings raw disk online, writes GPT header PS> Set-Disk -Number 1 -IsOffline $false toggle online/offline state PS> Clear-Disk -Number 1 -RemoveData -Confirm:$false wipes the disk, irreversible

Disk Cmdlets — full property inspection

Get-Disk by default shows the columns Microsoft picked. To see EVERY property of a disk — bus type, firmware, serial, partition style, alignment — pipe it to Format-List with the wildcard.

Pipe a disk to Format-List to see every property, including bus type and firmware version.

# Display all properties for Disk 0 PS C:\> Get-Disk -Number 0 | Format-List *
→ continued — context from prev slide Disk cmdlets: enumerate, initialize, online PowerShell, Storage module PS> Get-Disk Number FriendlyName Size PartStyle 0 Samsung SSD 970 500 GB GPT 1 WD Blue 1TB 1 TB RAW PS> Initialize-Disk -Number 1 -PartitionStyle GPT brings raw disk online, writes GPT header PS> Set-Disk -Number 1 -IsOffline $false toggle online/offline state PS> Clear-Disk -Number 1 -RemoveData -Confirm:$false wipes the disk, irreversible

Partition & Volume Cmdlets

Carve a partition from the disk, then format the resulting volume. Right panel shows the resulting table.

# Partition Disk 2 using all available space PS C:\> New-Partition -DiskNumber 2 -UseMaximumSize -AssignDriveLetter
# Format the new volume as NTFS with a label PS C:\> Format-Volume -DriveLetter E -FileSystem NTFS -NewFileSystemLabel "Data"
Partition + Volume cmdlets: carve and format create partition → format volume → mount PS> New-Partition -DiskNumber 1 -UseMaximumSize -AssignDriveLetter PS> Format-Volume -DriveLetter E -FileSystem NTFS -NewFileSystemLabel "Backups" -Confirm:$false PS> Get-Volume DriveLetter FileSystemLabel Size FileSystem HealthStatus C System 99.5GB NTFS Healthy D Data 199.9GB NTFS Healthy E Backups 999.0GB NTFS Healthy PS> _

Volume cmdlets — list and inspect

Once partitions exist and are formatted, Get-Volume gives you the system-wide view: drive letters, file systems, free space — one cmdlet, all of it. Right panel shows the output table.

# Display all volumes and their health PS C:\> Get-Volume
→ continued — context from prev slide Partition + Volume cmdlets: carve and format create partition → format volume → mount PS> New-Partition -DiskNumber 1 -UseMaximumSize -AssignDriveLetter PS> Format-Volume -DriveLetter E -FileSystem NTFS -NewFileSystemLabel "Backups" -Confirm:$false PS> Get-Volume DriveLetter FileSystemLabel Size FileSystem HealthStatus C System 99.5GB NTFS Healthy D Data 199.9GB NTFS Healthy E Backups 999.0GB NTFS Healthy PS> _

Pipeline Magic - One-Liner

Chain the entire disk setup into a single pipeline — initialize, partition, and format in one shot. Each step produces an object the next consumes.

# Initialize, partition, and format a disk in one pipeline PS C:\> Get-Disk 2 | Initialize-Disk -PartitionStyle GPT -PassThru | New-Partition -UseMaximumSize -AssignDriveLetter | Format-Volume -FileSystem NTFS -NewFileSystemLabel "Backup"
One pipeline from raw disk to mounted volume Get-Disk 1 raw disk object | Initialize -Disk -PartStyle GPT writes GPT | New-Partition -UseMaximumSize carve volume | Format-Volume -FileSystem NTFS ready to use # The one-line provisioning command PS> Get-Disk 1 | Initialize-Disk -PartitionStyle GPT -PassThru | New-Partition -AssignDriveLetter -UseMaximumSize | Format-Volume -FileSystem NTFS -NewFileSystemLabel "Data" # Each step produces an object the next step consumes

When to Use PowerShell vs the GUI

Disk Management is great for one-off tasks. PowerShell shines when you need to:

PowerShell Wins When

  • Configure multiple servers identically
  • Automate disk provisioning
  • Script disaster recovery procedures
  • Work on Server Core (no GUI)

Storage Spaces: Architecture

Storage Spaces pools physical disks into virtual storage with built-in resilience. Three layers stack on top of each other — right panel shows the relationship:

  • Storage Pool — raw disks combined into one logical container
  • Virtual Disk — carved from the pool with a chosen resiliency mode (mirror / parity / simple)
  • Volume — formatted, assigned a drive letter, ready for use
Storage Spaces: pool, virtual disk, volume 3. Volume NTFS Volume, D: Data, 1.8 TB formatted, drive letter, mounted 2. Virtual Disk VDisk1, Mirror 2 TB, 2-way VDisk2, Parity 1 TB, dual VDisk3, Simple 500 GB, no resil. 1. Storage Pool Pool1, 6 disks, 6 TB total raw 1TB 1TB 1TB 1TB 1TB 1TB physical

Storage Spaces: Resiliency Types

Type Description Min Disks Efficiency
Simple Striping only (no redundancy) 1 100%
Mirror 2 or 3 copies of data 2 50%
Parity RAID 5/6 equivalent 3 67-88%
Three resiliency choices, trade-offs differ Simple stripe, no parity D1 D2 D3 100% usable 0 disks failure speed: ⚡⚡⚡ Best for: scratch + temp data Mirror 2-way or 3-way copies D1 D1' 50% usable 1 disk failure speed: ⚡⚡ Best for: hot data + general use Parity RAID-5 style D D P ~66% usable 1 disk failure speed: ⚡ (write) Best for: cold + archive

Storage Spaces — pool and virtual disk creation

Two-step process: first pool the physical disks (this slide), then carve resilient virtual disks from that pool (next slide). The resiliency choice happens at virtual-disk creation, not at the pool.

# Create a storage pool from all available disks PS C:\> New-StoragePool -FriendlyName "DataPool" -StorageSubSystemFriendlyName "*Spaces*" ` -PhysicalDisks (Get-PhysicalDisk -CanPool $true)
→ continued — context from prev slide Three resiliency choices, trade-offs differ Simple stripe, no parity D1 D2 D3 100% usable 0 disks failure speed: ⚡⚡⚡ Best for: scratch + temp data Mirror 2-way or 3-way copies D1 D1' 50% usable 1 disk failure speed: ⚡⚡ Best for: hot data + general use Parity RAID-5 style D D P ~66% usable 1 disk failure speed: ⚡ (write) Best for: cold + archive

Storage Spaces — virtual disk from the pool

Once the pool exists, virtual disks come out of it. ResiliencySettingName is where the Simple / Mirror / Parity choice gets applied. Size can be smaller than the pool — one pool, many virtual disks.

# Create a 500GB mirrored virtual disk from the pool PS C:\> New-VirtualDisk -StoragePoolFriendlyName "DataPool" -FriendlyName "Mirrored" ` -ResiliencySettingName Mirror -Size 500GB
→ continued — context from prev slide Three resiliency choices, trade-offs differ Simple stripe, no parity D1 D2 D3 100% usable 0 disks failure speed: ⚡⚡⚡ Best for: scratch + temp data Mirror 2-way or 3-way copies D1 D1' 50% usable 1 disk failure speed: ⚡⚡ Best for: hot data + general use Parity RAID-5 style D D P ~66% usable 1 disk failure speed: ⚡ (write) Best for: cold + archive

SMB File Shares: Creating Shares

Server Message Block (SMB) is the Windows file sharing protocol. SMB 3.x is the current standard.

GUI: Server Manager

  1. File and Storage Services
  2. Shares
  3. Tasks → New Share
  4. Select profile (Quick/Advanced)
  5. Set path and permissions

PowerShell

# Create a share with access control PS C:\> New-SmbShare ` -Name "Data" ` -Path "D:\Shared\Data" ` -FullAccess "Admins" ` -ChangeAccess "Users"
From local folder to network share Local on FS01 📁 D:\Sales a folder, not yet shared NTFS permissions only New-SmbShare Network-visible \\FS01\Sales Share + NTFS permissions accessible across the network PS> New-SmbShare -Name "Sales" -Path D:\Sales -FullAccess "Domain Admins" -ChangeAccess "Sales-RW" -ReadAccess "Auditors" PS> Get-SmbShare lists every share on this server

SMB File Shares: Share Types

Share Name Example Description
Standard \\Server\Data Visible in network browse
Hidden ($) \\Server\Data$ Must know exact name to access
Administrative \\Server\C$, \\Server\ADMIN$ Built-in admin shares
Three flavors of shares Public share \\FS01\Sales ▶ visible in network browse Standard team data shares no special naming convention Hidden share \\FS01\HR$ ▶ hidden by trailing $ no browse Confidential team data access by UNC path only Admin share \\FS01\C$ ▶ auto-created by Windows admins only Remote admin + tooling C$, D$, ADMIN$, IPC$

SMB Share inspection cmdlets

Get-SmbShare enumerates every share, including hidden administrative shares. Output table shown in the right-panel demo.

# List all SMB shares on this server PS C:\> Get-SmbShare
→ continued — context from prev slide Three flavors of shares Public share \\FS01\Sales ▶ visible in network browse Standard team data shares no special naming convention Hidden share \\FS01\HR$ ▶ hidden by trailing $ no browse Confidential team data access by UNC path only Admin share \\FS01\C$ ▶ auto-created by Windows admins only Remote admin + tooling C$, D$, ADMIN$, IPC$

SMB runtime inspection — sessions and open files

For who is connected and which files are open right now — two more cmdlets. Essential for debugging a stuck lock or quota issue.

# Show active SMB sessions (connected users) PS C:\> Get-SmbSession
# List files currently open by remote users PS C:\> Get-SmbOpenFile
→ continued — context from prev slide Three flavors of shares Public share \\FS01\Sales ▶ visible in network browse Standard team data shares no special naming convention Hidden share \\FS01\HR$ ▶ hidden by trailing $ no browse Confidential team data access by UNC path only Admin share \\FS01\C$ ▶ auto-created by Windows admins only Remote admin + tooling C$, D$, ADMIN$, IPC$

Share Permissions

Windows uses two permission layers. Understanding how they interact is critical.

Share Permissions

  • Apply only over network
  • Three levels: Read, Change, Full
  • Coarse-grained
  • Set on share properties

NTFS Permissions

  • Apply always (local + network)
  • Granular: Read, Write, Modify, Full, etc.
  • Inheritance from parent folders
  • The "real" permissions

Golden Rule — most restrictive wins. Share=Full + NTFS=Read → user gets Read. Best practice: share Everyone:Full, control via NTFS.

Permissions stack: most-restrictive wins Userjdoerequests file Share permission Change via SMB only NTFS permission Modify always applies Effective: most restrictive of the two Share: Change    NTFS: Modify    → effective: Change Local access bypasses share permission, NTFS only. Best practice: share = Everyone Full Control, control via NTFS.

PowerShell Permission Management

Inspect the NTFS ACL on a folder and grant Change-level access on a share to a group. Right panel walks the ACL workflow end-to-end.

# Display NTFS permissions on the Data folder PS C:\> Get-Acl "D:\Data" | Format-List
# Give the ITGroup Change access on the Data share PS C:\> Grant-SmbShareAccess -Name "Data" -AccountName "Domain\ITGroup" ` -AccessRight Change -Force
Get-Acl / Set-Acl on the folder ACL = Access Control List on a file or folder PS> Get-Acl D:\Sales | Format-List Owner : BUILTIN\Administrators Access : CORP\Sales-RW Modify CORP\Auditors ReadAndExecute PS> # clone existing ACL into a variable PS> $acl = Get-Acl D:\Sales PS> $rule = New-Object Security.AccessControl. FileSystemAccessRule("CORP\HR", "Modify","ContainerInherit","None","Allow") PS> $acl.AddAccessRule($rule) PS> Set-Acl D:\Sales $acl

PowerShell Permissions — programmatic ACL edits

Grant-SmbShareAccess is the easy path for share permissions. For NTFS, you build an access-rule object yourself, add it to the ACL, and write it back. More steps, more control.

Build an NTFS access rule object and apply it to a folder to grant Modify rights.

# Add an NTFS Modify rule for Domain Users PS C:\> $acl = Get-Acl "D:\Data" $rule = New-Object System.Security.AccessControl.FileSystemAccessRule( "Domain\Users", "Modify", "Allow") $acl.AddAccessRule($rule) Set-Acl "D:\Data" $acl
→ continued — context from prev slide Get-Acl / Set-Acl on the folder ACL = Access Control List on a file or folder PS> Get-Acl D:\Sales | Format-List Owner : BUILTIN\Administrators Access : CORP\Sales-RW Modify CORP\Auditors ReadAndExecute PS> # clone existing ACL into a variable PS> $acl = Get-Acl D:\Sales PS> $rule = New-Object Security.AccessControl. FileSystemAccessRule("CORP\HR", "Modify","ContainerInherit","None","Allow") PS> $acl.AddAccessRule($rule) PS> Set-Acl D:\Sales $acl

Module Summary

Key Takeaways

  • GPT over MBR — disks > 2TB or UEFI systems
  • Basic Disks — preferred; use Storage Spaces for advanced
  • Storage Spaces — pool + virtual disk + volume, no hardware RAID
  • SMB 3.x + NTFS — share Everyone:Full, control via NTFS

Key Cmdlets

TaskCmdlet
List disks / volumesGet-Disk / Get-Volume
Init + partition + formatInitialize-Disk | New-Partition | Format-Volume
Create shareNew-SmbShare -Name X -Path Y
Module 3 takeaways Disk typesBasic vs Dynamic PartitionMBR vs GPT Storage Spacespool + vdisk + vol ResiliencySimple/Mirror/Parity SMB sharespublic/hidden/admin PermissionsShare + NTFS PowerShellGet/Set-Acl, SmbShare Ready for Storage labs and quiz