Hands-On Microsoft Windows Server 2003

Administration

Chapter 6

Managing Printers, Publishing, Auditing, and Desk Resources

2

Objectives

• Create and modify shared printer resources• Set up and manage published resources in

Active Directory• Audit access to shared resources• Manage data storage

3

Creating and Modifying Shared Printer Resources

• Print device– Actual hardware device that produces a printed

document

– Main types of print devices• Local

– Connected directly to a port on the print server or workstation

• Network– Connects to a print server through its own network

adapter and connection to the network

4

Creating and Modifying Shared Printer Resources

• Printer– Configuration object in Windows Server 2003 that

controls connection to the print device

• Print driver– Files containing information that Windows Server

2003 uses to convert raw print commands to a language that the printer understands

• Print server– Computer in which the printers and print drivers

are located

5

Creating and Modifying Shared Printer Resources

• Hardware requirements for setting up an efficient printing environment– One or more computers to act as print servers

– Sufficient space on the hard drive for the print server

– Sufficient RAM beyond that of the minimum Windows Server 2003 requirements

6

Adding a Printer as a Local Print Device

• To add and share a local print device– Must have administrator privileges on the

computer that will act as the print server

• Add Printer Wizard– Used to install and configure printers on systems

running Windows Server 2003

– Accessed from the Printers and Faxes program on the Start menu

7

Adding a local printer

8

Adding a Printer as a Network Print Device

• Add Printer Wizard– Can be used to add network print devices to a

network

– To add a network print device• A new TCP/IP port must be created to facilitate

communication directly over the network

9

Configuring a network printer

10

Configuring an Existing Printer

• Some configuration options that may need to be modified after installing a printer– Sharing

– Permissions

– Other advanced settings

• To modify configurational options– Right-click the printer icon, and

– Click Properties

11

Modifying printer properties

12

Configuring an Existing Printer (Continued)

• Some of the most important configuration options are found under– Sharing tab

• Allows you to– Enable or disable printer sharing and Active

Directory publishing

– Install additional drivers for other operating systems

– Security tab• Allows you to

– Control printer permissions

13

Printer permissions

14

Printer Pools and Priorities

• Printer pool– Consists of a single printer that is connected to a

number of print devices– Advantages

• Provides better document distribution in high-volume environments

• Reduces the time that users must wait for documents to print

– Configured using the Ports tab of a printer’s properties window

15

Printer Pools and Priorities (Continued)• Print priorities

– Useful in cases where different groups of users need to have different levels of priority to a limited number of print devices

– To configure printer priorities• Install two printers on the print server and connect

them both to the same print device• Configure the priority of each printer by using the

Advanced tab– Higher priority printers print first

• Only allow specific users to print to a specific printer

16

Setting Up and Updating Client Computers

• Clients which automatically download the print driver when they initially connect to the printer– Windows 2000– Windows Server 2003– Windows XP

17

Setting Up and Updating Client Computers (Continued)

• Clients which automatically download the print driver, but only if there is a copy of the appropriate driver on the print server– Windows 95

– Windows 98

– Windows ME

– Windows NT 4.0

18

Setting Up and Updating Client Computers (Continued)

• To install additional print drivers– Use the Additional Drivers dialog box from the

Sharing tab

• The necessary print driver must be manually installed on– Windows 3.x clients

– Non-Microsoft clients, such as• Macintosh clients• UNIX clients

19

Troubleshooting Printers

• The two most common printing problems:– Print jobs become stuck in the print queue

• Documents may appear in the print queue, but they do not print, and they cannot be deleted

– Failure of a print device• A print device may fail because of

– A paper jam

– Hardware failure

– A stuck print job

20

Publishing Resources in Active Directory

• When a shared resource is published into Active Directory– Active Directory contains an object that

represents a link or direct information on how to use or connect to the shared resource

• Benefit of publishing a shared resource– Network users can query Active Directory to find

the resource

21

Publishing Shared Folders into Active Directory

• Published folder– An Active Directory object that points to an

associated folder share on a file server• Clients can search the directory for a published

folder by – The folder’s share name– Using preconfigured keywords

• Active Directory Users and Computers tool– Can be used to publish shared folders

22

Publishing Printers into Active Directory

• Publishing shared printers can help users find network printer resources

• A Windows Server 2003- or Windows 2000-compatible printer installed on a domain print server– Automatically published into Active Directory during

installation• Printer shares created on pre-Windows 2000 print

servers – Not published into Active Directory by default– Can be added manually to the directory

23

Managing Published Printers

• When a print server is removed from the network, its Active Directory object is automatically removed from the database– Benefit

• Prevents users from trying to connect to print servers that are not actually running

• Publishing settings of a printer– Determine whether the printer is published into Active

Directory– Controlled via a check box on the Sharing tab of a

printer’s properties window

24

Searching for Objects in Active Directory

• Tools used by users to find published objects– Search tool from the Start menu

– Find tool from the Start menu

• Tools used by administrators to find published objects– Active Directory Users and Computers Find

command

– Active Directory Users and Computers Saved Queries feature

25

Auditing Access to Shared Resources

• Monitoring network events– An important part of any network security strategy

• Helps detect potential threats• Increases user accountability• Provides evidence of security breaches if or when

they occur

– Can be used for resource planning

26

Auditing Access to Shared Resources (Continued)

• Auditing– Used to monitor and track activities on a network

• When an audited event occurs, a record of it is written to the security log

• Event Viewer– Used to view the audit entries stored in the

security log

27

Auditing Access to Shared Resources (Continued)

• Audit policy– Defines the events that Windows Server 2003

records in the security log as they occur

• When implementing an audit policy, you need to determine– The events you want to track

– Whether you want to track the successes and/or failures

28

Events that can be monitored

29

Configuring Auditing: Requirements

• Requirements for configuring an audit policy– You must be

• A member of the Administrators group, or• Assigned the Manage auditing and security log

user right

– Files or folders being audited must reside on an NTFS volume

30

Setting Up an Audit Policy

• To set up an audit policy, you must– Choose the events you wish to monitor

– Decide whether to monitor the successes and/or failures of these events

• To audit access to files, folders, printers, and Active Directory objects– The auditing settings must be configured on the

specific resources

31

Configuring an audit policy

32

Auditing Object Access

• To configure auditing settings for specific files or folders– Access the Advanced Security Settings on the

particular resource

• Auditing can also be configured for objects that are stored within Active Directory, such as– Computers

– Users

– Groups

– OUs

33

Best Practices

• General guidelines for planning an audit policy– Only enable auditing for those events that can

provide you with useful information

– Review the audit entries in the security log on a regular basis

– Enable auditing for sensitive and confidential information

– Audit the Everyone group instead of the Users group

– Audit the use of user rights assignment

– Always audit the Administrators group

34

Analyzing Security Logs• An entry is written to the security log each time an

event defined within the audit policy occurs• Event Viewer

– Can be used to examine the contents of the security log

– Successful events• Represented by a key icon

– Unsuccessful events• Represented by a lock icon

– Available tools• Find option• Filter option

35

The Event Viewer Security log

36

Configuring the Event Viewer• If the security log become full, events may be

overwritten depending on configured settings• Options for avoiding this problem

– Audit only those events that are essential

– Change the default settings or properties of the security log

– Review and archive the security log files on a regular basis

• Security Properties dialog box– Used to configure the properties of the security

log

37

Configuring log properties

38

Security log configuration options

39

Managing Data Storage

• Features provided in Windows Server 2003 for managing data storage– Dynamic disk

• Overcomes many of the limitations and restrictions imposed by the traditional basic disk

– Disk quotas • Provide administrators with a way to track and limit

the amount of disk space available to users

40

Basic versus Dynamic Disks: Basic Disks

• Basic disk– The traditional storage type

– Divides physical disk space into primary partitions, extended partitions, and logical drives

– All disks are automatically initialized as basic when Windows Server 2003 is installed

41

Dynamic Disks

• Divides physical disk space into volumes• Some reasons for implementing dynamic disks

– Volumes can be extended– RAID volumes can be configured– Missing or offline disks can be reactivated– Changes to disks can be made without having to

restart the computer– Mirrored and RAID-5 volumes can be applied

• The Disk Management snap-in can be used to– Centrally configure and manage volumes– Convert a basic disk to a dynamic disk

42

Graphical view within Disk Management

43

Configuring Volumes

• Upgrading from a basic disk to a dynamic disk– Administrative privileges are needed– Disk must contain at least 1 MB of free space– Possible data loss

• When upgrading from basic to dynamic– No data is lost

• When reverting back to a basic disk– All volumes must be deleted, then– Data can be restored from backup

44

Configuring Volumes (Continued)

– Once upgraded, the disk can only be locally accessed by operating systems that support dynamic disks

– Converting to a dynamic disk does not affect network access to shared resources on the disk

– Once upgraded, primary and extended partitions become simple volumes

45

Configuring Volumes (Continued)

• Windows Server 2003 volumes:– Simple volume

– Spanned volume

– Striped volume

– RAID 5 volume

– Mirrored volume

46

Disk Quotas• Using disk quotas:

– Prevents users from consuming all available disk space

– Encourages users to delete old files as they reach their disk quota

– Allows an administrator to track disk usage for future planning

– Allows administrators to track when users are reaching their available limits

• To configure disk quotas– Access the properties of a volume, and – Click the Quota tab

47

Disk quota configuration parameters

48

Managing File and Folder Compression• Data compression

– Can reduce the amount of disk space that folders and files take up

– Can only be used on volumes that are formatted with NTFS

• To configure compression– Enable or disable the compression attribute of a

file or folder within Windows Explorer• If a file is copied to another folder within the same

NTFS volume– The file automatically inherits the compression

attribute of the destination folder

49

Managing File and Folder Compression (Continued)• If a file or folder is moved within the same NTFS

volume– The file retains its compression attribute

• If a file or folder is copied between NTFS volumes– The file or folder inherits the compression

attribute of the destination folder• If a file or folder is moved between NTFS

volumes– The file or folder inherits the compression

attribute of the destination folder

50

Summary

• Two kinds of printer devices can be shared: – A local print device

– A network print device

• Both printer and folder shares can be published into Active Directory to make it easy for clients to find the shared resources

• Auditing can be used in Windows Server 2003 to monitor and track activities on a network– When an event occurs, a record of it is written to

the security log

51

Summary (Continued)

• Windows Server 2003 supports both basic and dynamic disks

• Basic and dynamic disks– You can convert basic disks to dynamic disks

without losing any data– To revert back to a basic disk, you must delete all

volumes and restore data from backup• Windows Server 2003 uses disk quotas as a

way of managing data storage• Compression can be used to save disk space on

server volumes and partitions