WSA M03: Storage & File Services

← Course Home Start GUI Lab →

Module 03: Storage & File Services

Master disk management, volume configuration, and file sharing in Windows Server.

Learning Objectives

  • Understand disk types: Basic vs Dynamic, MBR vs GPT
  • Initialize, partition, and format disks using GUI and PowerShell
  • Configure Storage Spaces for resilient storage
  • Create and manage SMB file shares
  • Apply NTFS and share permissions correctly

AZ-800 Alignment

Domain: Manage storage and file services (15-20%)

This module covers physical disk management, Storage Spaces, SMB shares, and the permission model - all key exam topics.

Module Components

  • Presentation - Theory and concepts (you are here)
  • GUI Lab - Disk Management MMC hands-on
  • PS Lab - PowerShell storage cmdlets
  • Quiz - Knowledge validation
Storage: the foundation of file services File ServerFS01.corp.local Disk 0 Disk 1 Disk 2 Physical disks → partitioned, formatted, shared ● disks ● volumes ● shares ● permissions From raw blocks to user-facing folders

Disk Types: Basic vs Dynamic

Basic Disks

  • Default disk type in Windows
  • Uses partitions (primary, extended, logical)
  • MBR: Up to 4 primary partitions
  • GPT: Up to 128 partitions
  • Simple, well-understood
  • Compatible with all OS versions

Dynamic Disks

  • Uses volumes instead of partitions
  • Supports spanning across disks
  • Enables RAID (striping, mirroring)
  • Can resize without reboot
  • Not bootable on some systems
  • Being replaced by Storage Spaces

Best Practice

Use Basic Disks with GPT for most scenarios. For advanced storage features like redundancy and pooling, use Storage Spaces instead of Dynamic Disks.

Partition Styles

Feature MBR (Master Boot Record) GPT (GUID Partition Table)
Max Disk Size 2 TB 18 EB (exabytes)
Max Partitions 4 primary (or 3 + extended) 128
Boot Mode BIOS (Legacy) UEFI
Redundancy Single partition table Backup table at disk end
Two disk types Windows can manage Basic disk classic partitions (MBR or GPT) C: System 100 GB D: Data 200 GB unallocated free space Up to 4 primary partitions GPT raises that to 128 Default for new disks Dynamic disk advanced volumes (legacy) Spanned: D + E + F Mirrored: disk 1 + 2 Spanned, striped, mirrored RAID-style on a single host Storage Spaces is preferred now

Disk Management Console

The Disk Management MMC snap-in (diskmgmt.msc) is the primary GUI for managing storage.

Console Layout

┌─────────────────────────────────────────────────────────────────┐ │ Volume List (Top Pane) │ │ ┌───────┬────────┬──────┬────────┬────────┬──────────┬────────┐ │ │ │Volume │ Layout │ Type │ FS │ Status │ Capacity │ Free │ │ │ ├───────┼────────┼──────┼────────┼────────┼──────────┼────────┤ │ │ │(C:) │ Simple │ Basic│ NTFS │Healthy │ 256 GB │ 128 GB │ │ │ │(D:) │ Simple │ Basic│ NTFS │Healthy │ 500 GB │ 400 GB │ │ │ └───────┴────────┴──────┴────────┴────────┴──────────┴────────┘ │ ├─────────────────────────────────────────────────────────────────┤ │ Graphical View (Bottom Pane) │ │ ┌──────────────────────────────────────────────────────────────┐│ │ │ Disk 0 ┌─────┬────────────────────────┬──────┐ ││ │ │ GPT │ EFI │ Windows (C:) 256 GB │Recov.│ ││ │ │ 500 GB │100MB│ NTFS │500 MB│ ││ │ │ Online └─────┴────────────────────────┴──────┘ ││ │ └──────────────────────────────────────────────────────────────┘│ └─────────────────────────────────────────────────────────────────┘

Partition Color Coding

EFI
System
C:
Windows (Boot)
D:
Data
Recovery
Unallocated

Common Operations

  • Initialize Disk - Set partition style (GPT/MBR) for new disks
  • New Simple Volume - Create partition and format
  • Extend Volume - Grow into adjacent unallocated space
  • Shrink Volume - Reduce volume size to free space
  • Change Drive Letter - Assign/modify mount point
  • Format - Apply file system (NTFS, ReFS)
diskmgmt.msc, the GUI workhorse Disk Management File   Action   View   Help Volume     Layout     Type     File System     Status     Capacity C:         Simple      Basic     NTFS           Healthy     99.5 GB D: Data   Simple      Basic     NTFS           Healthy     199.9 GB Disk 0   Basic   500.00 GB   Online C: 100 GB NTFS D: 200 GB NTFS Healthy 200 GB unallocated Disk 1   Basic   1.00 TB   Online 1.00 TB unallocated, right-click to create volume Right-click any region for partition operations

Disk Cmdlets

PowerShell provides complete storage management through the Storage module.

List all physical disks attached to the server to see their status and partition style.

# List all physical disks and their current state PS C:\> Get-Disk
# Expected output: # ───────────────────────────────────────── Number Friendly Name Serial Number HealthStatus OperationalStatus Total Size Partition Style ────── ───────────── ───────────── ──────────── ───────────────── ────────── ─────────────── 0 Virtual HD WD-ABC123 Healthy Online 256 GB GPT 1 Virtual HD WD-DEF456 Healthy Online 500 GB GPT 2 Virtual HD WD-GHI789 Healthy Offline 1 TB RAW

Before a new disk can hold partitions, initialize it with a partition style.

# Initialize Disk 2 with GPT partition style PS C:\> Initialize-Disk -Number 2 -PartitionStyle GPT

Pipe a disk to Format-List to see every property, including bus type and firmware version.

# Display all properties for Disk 0 PS C:\> Get-Disk -Number 0 | Format-List *
Disk cmdlets: enumerate, initialize, online PowerShell, Storage module PS> Get-Disk Number FriendlyName Size PartStyle 0 Samsung SSD 970 500 GB GPT 1 WD Blue 1TB 1 TB RAW PS> Initialize-Disk -Number 1 -PartitionStyle GPT brings raw disk online, writes GPT header PS> Set-Disk -Number 1 -IsOffline $false toggle online/offline state PS> Clear-Disk -Number 1 -RemoveData -Confirm:$false wipes the disk, irreversible

Partition & Volume Cmdlets

Create a partition that fills the entire disk and automatically assigns a drive letter.

# Partition Disk 2 using all available space PS C:\> New-Partition -DiskNumber 2 -UseMaximumSize -AssignDriveLetter
# Expected output: # ───────────────────────────────────────── DiskNumber PartitionNumber DriveLetter Offset Size Type ────────── ─────────────── ─────────── ────── ──── ──── 2 1 E 1048576 1 TB Basic

Format the raw partition with NTFS and give it a descriptive label.

# Format the new volume as NTFS with a label PS C:\> Format-Volume -DriveLetter E -FileSystem NTFS -NewFileSystemLabel "Data"

Check all volumes on the system to verify drive letters, file systems, and free space.

# Display all volumes and their health PS C:\> Get-Volume
# Expected output: # ───────────────────────────────────────── DriveLetter FriendlyName FileSystemType DriveType HealthStatus SizeRemaining Size ─────────── ──────────── ────────────── ───────── ──────────── ───────────── ──── C Windows NTFS Fixed Healthy 128 GB 256 GB D Storage NTFS Fixed Healthy 400 GB 500 GB E Data NTFS Fixed Healthy 1 TB 1 TB
Partition + Volume cmdlets: carve and format create partition → format volume → mount PS> New-Partition -DiskNumber 1 -UseMaximumSize -AssignDriveLetter PS> Format-Volume -DriveLetter E -FileSystem NTFS -NewFileSystemLabel "Backups" -Confirm:$false PS> Get-Volume DriveLetter FileSystemLabel Size FileSystem HealthStatus C System 99.5GB NTFS Healthy D Data 199.9GB NTFS Healthy E Backups 999.0GB NTFS Healthy PS> _

Pipeline Magic - One-Liner

Chain the entire disk setup into a single pipeline -- initialize, partition, and format in one shot.

# Initialize, partition, and format a disk in one pipeline PS C:\> Get-Disk 2 | Initialize-Disk -PartitionStyle GPT -PassThru | New-Partition -UseMaximumSize -AssignDriveLetter | Format-Volume -FileSystem NTFS -NewFileSystemLabel "Backup"
# Expected output: # ───────────────────────────────────────── DriveLetter FriendlyName FileSystemType DriveType HealthStatus SizeRemaining Size ─────────── ──────────── ────────────── ───────── ──────────── ───────────── ──── E Backup NTFS Fixed Healthy 1 TB 1 TB

GUI vs PowerShell

Disk Management is great for one-off tasks. PowerShell shines when you need to:

  • Configure multiple servers identically
  • Automate disk provisioning
  • Script disaster recovery procedures
  • Work on Server Core (no GUI)
One pipeline from raw disk to mounted volume Get-Disk 1 raw disk object | Initialize -Disk -PartStyle GPT writes GPT | New-Partition -UseMaximumSize carve volume | Format-Volume -FileSystem NTFS ready to use # The one-line provisioning command PS> Get-Disk 1 | Initialize-Disk -PartitionStyle GPT -PassThru | New-Partition -AssignDriveLetter -UseMaximumSize | Format-Volume -FileSystem NTFS -NewFileSystemLabel "Data" # Each step produces an object the next step consumes

Storage Spaces: Architecture

Storage Spaces pools physical disks into virtual storage with built-in resilience.

┌─────────────────────────────────────────────────────────────────┐ │ Virtual Disk (Volume) │ │ "Documents" │ │ Mirror (2-way) │ └─────────────────────────────────────────────────────────────────┘ │ ┌─────────────────────────────────────────────────────────────────┐ │ Storage Pool │ │ "Primary Pool" │ │ Capacity: 8 TB │ └─────────────────────────────────────────────────────────────────┘ │ ┌─────────────┬───────┴───────┬─────────────┐ │ │ │ │ ┌────┴────┐ ┌────┴────┐ ┌─────┴────┐ ┌────┴────┐ │ Disk 1 │ │ Disk 2 │ │ Disk 3 │ │ Disk 4 │ │ 2 TB │ │ 2 TB │ │ 2 TB │ │ 2 TB │ └─────────┘ └─────────┘ └──────────┘ └─────────┘
Storage Spaces: pool, virtual disk, volume 3. Volume NTFS Volume, D: Data, 1.8 TB formatted, drive letter, mounted 2. Virtual Disk VDisk1, Mirror 2 TB, 2-way VDisk2, Parity 1 TB, dual VDisk3, Simple 500 GB, no resil. 1. Storage Pool Pool1, 6 disks, 6 TB total raw 1TB 1TB 1TB 1TB 1TB 1TB physical

Storage Spaces: Resiliency Types

Type Description Min Disks Efficiency
Simple Striping only (no redundancy) 1 100%
Mirror 2 or 3 copies of data 2 50%
Parity RAID 5/6 equivalent 3 67-88%

Pool all available physical disks into a single Storage Space for flexible provisioning.

# Create a storage pool from all available disks PS C:\> New-StoragePool -FriendlyName "DataPool" -StorageSubSystemFriendlyName "*Spaces*" ` -PhysicalDisks (Get-PhysicalDisk -CanPool $true)
# Expected output: # ───────────────────────────────────────── FriendlyName OperationalStatus HealthStatus IsPrimordial IsReadOnly Size ──────────── ───────────────── ──────────── ──────────── ────────── ──── DataPool OK Healthy False False 8 TB

Create a mirrored virtual disk within the pool for data redundancy.

# Create a 500GB mirrored virtual disk from the pool PS C:\> New-VirtualDisk -StoragePoolFriendlyName "DataPool" -FriendlyName "Mirrored" ` -ResiliencySettingName Mirror -Size 500GB
# Expected output: # ───────────────────────────────────────── FriendlyName ResiliencySettingName OperationalStatus HealthStatus Size ──────────── ───────────────────── ───────────────── ──────────── ──── Mirrored Mirror OK Healthy 500 GB
Three resiliency choices, trade-offs differ Simple stripe, no parity D1 D2 D3 100% usable 0 disks failure speed: ⚡⚡⚡ Best for: scratch + temp data Mirror 2-way or 3-way copies D1 D1' 50% usable 1 disk failure speed: ⚡⚡ Best for: hot data + general use Parity RAID-5 style D D P ~66% usable 1 disk failure speed: ⚡ (write) Best for: cold + archive

SMB File Shares: Creating Shares

Server Message Block (SMB) is the Windows file sharing protocol. SMB 3.x is the current standard.

GUI: Server Manager

  1. File and Storage Services
  2. Shares
  3. Tasks → New Share
  4. Select profile (Quick/Advanced)
  5. Set path and permissions

PowerShell

# Create a share with access control PS C:\> New-SmbShare ` -Name "Data" ` -Path "D:\Shared\Data" ` -FullAccess "Admins" ` -ChangeAccess "Users"
From local folder to network share Local on FS01 📁 D:\Sales a folder, not yet shared NTFS permissions only New-SmbShare Network-visible \\FS01\Sales Share + NTFS permissions accessible across the network PS> New-SmbShare -Name "Sales" -Path D:\Sales -FullAccess "Domain Admins" -ChangeAccess "Sales-RW" -ReadAccess "Auditors" PS> Get-SmbShare lists every share on this server

SMB File Shares: Share Types

Share Name Example Description
Standard \\Server\Data Visible in network browse
Hidden ($) \\Server\Data$ Must know exact name to access
Administrative \\Server\C$, \\Server\ADMIN$ Built-in admin shares

Enumerate every share on the server, including hidden administrative shares.

# List all SMB shares on this server PS C:\> Get-SmbShare
# Expected output: # ───────────────────────────────────────── Name ScopeName Path Description ──── ───────── ──── ─────────── ADMIN$ * C:\Windows Remote Admin C$ * C:\ Default share Data * D:\Shared\Data Company Data IPC$ * Remote IPC

Check active sessions to see which users are currently connected to your shares.

# Show active SMB sessions (connected users) PS C:\> Get-SmbSession

View which files are currently open over the network for troubleshooting locks.

# List files currently open by remote users PS C:\> Get-SmbOpenFile
Three flavors of shares Public share \\FS01\Sales ▶ visible in network browse Standard team data shares no special naming convention Hidden share \\FS01\HR$ ▶ hidden by trailing $ no browse Confidential team data access by UNC path only Admin share \\FS01\C$ ▶ auto-created by Windows admins only Remote admin + tooling C$, D$, ADMIN$, IPC$

Share Permissions

Windows uses two permission layers. Understanding how they interact is critical.

  • Apply only over network
  • Three levels: Read, Change, Full
  • Coarse-grained
  • Set on share properties
  • Don't affect local access

NTFS Permissions

  • Apply always (local + network)
  • Granular: Read, Write, Modify, Full, etc.
  • Inheritance from parent folders
  • Set on folder/file Security tab
  • The "real" permissions

The Golden Rule

Most restrictive wins! If share grants Full but NTFS grants Read, user gets Read. Best practice: Set share to "Everyone: Full Control" and control access via NTFS.

Permissions stack: most-restrictive wins Userjdoerequests file Share permission Change via SMB only NTFS permission Modify always applies Effective: most restrictive of the two Share: Change    NTFS: Modify    → effective: Change Local access bypasses share permission, NTFS only. Best practice: share = Everyone Full Control, control via NTFS.

PowerShell Permission Management

Inspect the NTFS access control list on a folder to see who has what level of access.

# Display NTFS permissions on the Data folder PS C:\> Get-Acl "D:\Data" | Format-List
# Expected output: # ───────────────────────────────────────── Path : Microsoft.PowerShell.Core\FileSystem::D:\Data Owner : BUILTIN\Administrators Group : HEXWORTH\Domain Users Access : BUILTIN\Administrators Allow FullControl HEXWORTH\Domain Users Allow ReadAndExecute

Grant Change-level access on a share to a specific group.

# Give the ITGroup Change access on the Data share PS C:\> Grant-SmbShareAccess -Name "Data" -AccountName "Domain\ITGroup" ` -AccessRight Change -Force

Build an NTFS access rule object and apply it to a folder to grant Modify rights.

# Add an NTFS Modify rule for Domain Users PS C:\> $acl = Get-Acl "D:\Data" $rule = New-Object System.Security.AccessControl.FileSystemAccessRule( "Domain\Users", "Modify", "Allow") $acl.AddAccessRule($rule) Set-Acl "D:\Data" $acl
Get-Acl / Set-Acl on the folder ACL = Access Control List on a file or folder PS> Get-Acl D:\Sales | Format-List Owner : BUILTIN\Administrators Access : CORP\Sales-RW Modify CORP\Auditors ReadAndExecute PS> # clone existing ACL into a variable PS> $acl = Get-Acl D:\Sales PS> $rule = New-Object Security.AccessControl. FileSystemAccessRule("CORP\HR", "Modify","ContainerInherit","None","Allow") PS> $acl.AddAccessRule($rule) PS> Set-Acl D:\Sales $acl

Module Summary

Key Takeaways

  • GPT over MBR - Use GPT for disks larger than 2TB or UEFI systems
  • Basic Disks - Preferred for most scenarios; use Storage Spaces for advanced features
  • Storage Spaces - Pool disks for resilience without hardware RAID
  • SMB 3.x - Modern file sharing with encryption and multichannel
  • NTFS Permissions - Use NTFS as primary access control; set shares to Full

Key Cmdlets

Task Cmdlet
List disksGet-Disk
Initialize diskInitialize-Disk -PartitionStyle GPT
Create partitionNew-Partition -UseMaximumSize
Format volumeFormat-Volume -FileSystem NTFS
List volumesGet-Volume
Create shareNew-SmbShare -Name X -Path Y

Ready for Labs!

You're now prepared to practice storage management in both the GUI Lab (Disk Management) and PowerShell Lab. Complete both to master the concepts!

Module 3 takeaways Disk typesBasic vs Dynamic PartitionMBR vs GPT Storage Spacespool + vdisk + vol ResiliencySimple/Mirror/Parity SMB sharespublic/hidden/admin PermissionsShare + NTFS PowerShellGet/Set-Acl, SmbShare Ready for Storage labs and quiz
1 / 8
GUI Lab PS Lab Quiz