Module 10Configuring and Troubleshooting

Network File and Print Services

Module Overview• Configuring and Troubleshooting File Shares• Encrypting Network Files with EFS• Encrypting Partitions with BitLocker• Configuring and Troubleshooting Network Printing

Lesson 1: Configuring and Troubleshooting File Shares• What Is a File Share?• Demonstration: How to Create a File Share• What Are NTFS Permissions?• Demonstration: How to Configure NTFS Permissions• Troubleshooting Network File Access Permissions• What Is Access-Based Enumeration?• File Access Enhancements in Windows Server 2008

What Is a File Share?A file share is a folder on a server that has been configuredfor access over the network

• File share permissions are:• Full Control• Change• Read

• Access file shares by using:• A UNC path• Mapped drive letter

Demonstration: How to Create a File ShareIn the demonstration, you will see how to:• Create a file share by using simplified interface• Create a file share by using advanced sharing• Configure advanced sharing for a file share

What Are NTFS Permissions?

The basic NTFS permissions are:

• Read & Execute

NTFS permissions control which users or groups can access or modify files and folders on NTFS formatted partitions

• List folder contents

• Modify

• Full Control

• Read

• Write

Demonstration: How to Configure NTFS PermissionsIn this demonstration, you will see how to:• Configure NTFS permissions• View advanced NTFS permissions• View inherited permissions

Troubleshooting Network File Access PermissionsThe troubleshooting steps are:

• Check effective NTFS permissions• Deny permission overrides allow permission

• Verify share permissions• Assigning Full Control to the Everyone group

simplifies permission assignment

What Is Access-Based Enumeration?

Access-based enumeration:

• Hides files and folder that you do not have read access to

• Simplifies file browsing for users

• Is enabled automatically when sharing is enabled using the simplified sharing interface

• Can be enabled and disabled in Share and Storage Management

File Access Enhancements in Windows Server 2008Windows Server 2008 includes SMB 2.0:

Windows Server 2008 R2 includes SMB 2.1:

• Enhances performance over slow networks

• Combines multiple commands into a single request

• Large MTU support

• Better support for sleep modes

• Combines multiple commands into a single request

• Client oplock leasing

Lesson 2: Encrypting Network Files with EFS• What Is EFS?• How EFS works• Recovering EFS Encrypted Files• Demonstration: How to Encrypt a File by Using EFS

What Is EFS?

• EFS is a feature that can encrypt files stored on an NTFS formatted partition

• EFS Encryption acts as an additional layer of security

• EFS can be used with no configuration

How EFS works

• Symmetric encryption is used to protect the file data• File Encryption Key (FEK)

• Public key encryption is used to protect the symmetric key• User certificate with public key and private key• Also certificate of recovery agent

EFS

Recovering EFS Encrypted FilesTo ensure you can recover EFS encrypted files:

• Back up user certificates

• Configure a recovery agent

Demonstration: How to Encrypt a File by Using EFSIn this demonstration, you will see how to:• Verify that a computer account supports EFS on a network

share• Use EFS to encrypt a file on a network share• View the certificate used for encryption• Test access to an encrypted file

Lesson 3: Encrypting Partitions with BitLocker• What Is BitLocker?• How BitLocker Works• Recovering BitLocker Encrypted Drives• Demonstration: How to Encrypt a Partition by Using

BitLocker

What Is BitLocker?A feature in Windows Server 2008 that allows you to encrypt entire partitions

Benefits for BitLocker are:

• Data protection for stolen drives

• Safe shipping of preconfigured servers

• Easier decommissioning of drives

• Maintaining system integrity

How BitLocker Works

• A Volume Master Key encrypts each partition

• A Full Volume Encryption Key encrypts the Volume Master Keys

• The Full Volume Encryption Key is stored in a TPM

• To use BitLocker there must be two partitions:• System – with boot files• Boot – with operating system files (C:)

Recovering BitLocker Encrypted DrivesBitLocker encrypted drives can be recovered by using:

• A recovery key from USB flash drive• Saved immediately after encryption

• A data recovery agent• Configured by using Group Policy

• A recovery password• In Active Directory• Saved or printed immediately after encryption

Demonstration: How to Encrypt a Partition by Using BitLockerIn this demonstration, you will see how to:• Install the BitLocker feature• Configure Bitlocker to not require a TPM• Enable BitLocker when a TPM is unavailable• Access the recovery password

Lesson 4: Configuring and Troubleshooting Network Printing• Benefits of Network Printing• Security Options for Network Printing • Demonstration: How to Create Multiple Configurations for

a Print Device• What Is Printer Pooling?• Deploying Printers to Clients• Discussion: Troubleshooting Network Printing

Benefits of Network Printing

• Simplified troubleshooting

• Lower total cost of ownership

• Centralized management

• Listing in Active Directory

Security Options for Network Printing

• The available permissions are:• Print• Manage this printer• Manage documents

• The default security allows:• Everyone to print• Everyone to manage their own

Demonstration: How to Create Multiple Configurations for a Print DeviceIn this demonstration, you will see how to:• Create a shared printer• Create a second printer using the same port• Increase the priority of the second printer

What Is Printer Pooling?

A printer pool:

• Requires all printers be the same model

• Requires all printers in the same location

• Increases availability and scalability

Printer pooling is a way to combine multiple physical printers into a single logical unit

Deploying Printers to ClientsYou can deploy printers to clients by using:

• Group Policy objects created by Print Management

• Manual installation

• Group Policy preferences

Discussion: Troubleshooting Network Printing

What are some common network printing problems and their resolution?

5 min

Lab: Configuring and Troubleshooting Network File and Print Services• Exercise 1: Creating and Configuring a File Share • Exercise 2: Encrypting and Recovering Files• Exercise 3: Creating and Configuring a Printer Pool

Logon information

Virtual machine6421B-NYC-DC16421B-NYC-CL1

User name Contoso\AdministratorPassword Pa$$w0rd

Estimated time: 75 minutes

Lab Scenario• You are configuring a new file server that will hold files shared by

multiple departments. The first two departments to move their files to this location are the Marketing and Production departments. You need to configure the file share so that each department has access to view and modify only their own files. In addition, users should not see files and folder that they do not have access to.

• Your organization would like to allow users to start encrypting files by using EFS. However, there are concerns about recoverability. To enhance the management of the certificates used for EFS, you are going to configure an internal certification authority to issue certificates to users. You will also configure a recovery agent for EFS and verify that the recovery agent can recover files.

• The Marketing department has a single central copy room that stores the printer for the entire floor. Over the last year, the capacity of your printer has become a concern. In particular, when a user prints a large job, it prevents other users from obtaining their print jobs for 10 or 15 minutes. To resolve this problem, you have purchased two new identical printers to configure as a printer pool for the Marketing department.

Lab Review• In Exercise 1, why did Adam only see the Marketing folder?• In Exercise 2, why was the Administrator account able to

open the encrypted file?• When two ports are enabled for a printer, how do you

know where a print job will be directed?

Module Review and Takeaways• Review Questions• Tools