Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources
2 Objectives Create and modify shared printer resources Set up and manage published resources in Active Directory Audit access to shared resources Manage data storage
3 Creating and Modifying Shared Printer Resources Print device –Actual hardware device that produces a printed document –Main types of print devices Local –Connected directly to a port on the print server or workstation Network –Connects to a print server through its own network adapter and connection to the network
4 Creating and Modifying Shared Printer Resources Printer –Configuration object in Windows Server 2003 that controls connection to the print device Print driver –Files containing information that Windows Server 2003 uses to convert raw print commands to a language that the printer understands Print server –Computer in which the printers and print drivers are located
5 Creating and Modifying Shared Printer Resources Hardware requirements for setting up an efficient printing environment –One or more computers to act as print servers –Sufficient space on the hard drive for the print server –Sufficient RAM beyond that of the minimum Windows Server 2003 requirements
6 Adding a Printer as a Local Print Device To add and share a local print device –Must have administrator privileges on the computer that will act as the print server Add Printer Wizard –Used to install and configure printers on systems running Windows Server 2003 –Accessed from the Printers and Faxes program on the Start menu
7 Adding a local printer
8 Adding a Printer as a Network Print Device Add Printer Wizard –Can be used to add network print devices to a network –To add a network print device A new TCP/IP port must be created to facilitate communication directly over the network
9 Configuring a network printer
10 Configuring an Existing Printer Some configuration options that may need to be modified after installing a printer –Sharing –Permissions –Other advanced settings To modify configurational options –Right-click the printer icon, and –Click Properties
11 Modifying printer properties
12 Configuring an Existing Printer (Continued) Some of the most important configuration options are found under –Sharing tab Allows you to –Enable or disable printer sharing and Active Directory publishing –Install additional drivers for other operating systems –Security tab Allows you to –Control printer permissions
13 Printer permissions
14 Printer Pools and Priorities Printer pool –Consists of a single printer that is connected to a number of print devices –Advantages Provides better document distribution in high- volume environments Reduces the time that users must wait for documents to print –Configured using the Ports tab of a printer’s properties window
15 Printer Pools and Priorities (Continued) Print priorities –Useful in cases where different groups of users need to have different levels of priority to a limited number of print devices –To configure printer priorities Install two printers on the print server and connect them both to the same print device Configure the priority of each printer by using the Advanced tab –Higher priority printers print first Only allow specific users to print to a specific printer
16 Setting Up and Updating Client Computers Clients which automatically download the print driver when they initially connect to the printer –Windows 2000 –Windows Server 2003 –Windows XP
17 Setting Up and Updating Client Computers (Continued) Clients which automatically download the print driver, but only if there is a copy of the appropriate driver on the print server –Windows 95 –Windows 98 –Windows ME –Windows NT 4.0
18 Setting Up and Updating Client Computers (Continued) To install additional print drivers –Use the Additional Drivers dialog box from the Sharing tab The necessary print driver must be manually installed on –Windows 3.x clients –Non-Microsoft clients, such as Macintosh clients UNIX clients
19 Troubleshooting Printers The two most common printing problems: –Print jobs become stuck in the print queue Documents may appear in the print queue, but they do not print, and they cannot be deleted –Failure of a print device A print device may fail because of –A paper jam –Hardware failure –A stuck print job
20 Publishing Resources in Active Directory When a shared resource is published into Active Directory –Active Directory contains an object that represents a link or direct information on how to use or connect to the shared resource Benefit of publishing a shared resource –Network users can query Active Directory to find the resource
21 Publishing Shared Folders into Active Directory Published folder –An Active Directory object that points to an associated folder share on a file server Clients can search the directory for a published folder by –The folder’s share name –Using preconfigured keywords Active Directory Users and Computers tool –Can be used to publish shared folders
22 Publishing Printers into Active Directory Publishing shared printers can help users find network printer resources A Windows Server or Windows compatible printer installed on a domain print server –Automatically published into Active Directory during installation Printer shares created on pre-Windows 2000 print servers –Not published into Active Directory by default –Can be added manually to the directory
23 Managing Published Printers When a print server is removed from the network, its Active Directory object is automatically removed from the database –Benefit Prevents users from trying to connect to print servers that are not actually running Publishing settings of a printer –Determine whether the printer is published into Active Directory –Controlled via a check box on the Sharing tab of a printer’s properties window
24 Searching for Objects in Active Directory Tools used by users to find published objects –Search tool from the Start menu –Find tool from the Start menu Tools used by administrators to find published objects –Active Directory Users and Computers Find command –Active Directory Users and Computers Saved Queries feature
25 Auditing Access to Shared Resources Monitoring network events –An important part of any network security strategy Helps detect potential threats Increases user accountability Provides evidence of security breaches if or when they occur –Can be used for resource planning
26 Auditing Access to Shared Resources (Continued) Auditing –Used to monitor and track activities on a network When an audited event occurs, a record of it is written to the security log Event Viewer –Used to view the audit entries stored in the security log
27 Auditing Access to Shared Resources (Continued) Audit policy –Defines the events that Windows Server 2003 records in the security log as they occur When implementing an audit policy, you need to determine –The events you want to track –Whether you want to track the successes and/or failures
28 Events that can be monitored
29 Configuring Auditing: Requirements Requirements for configuring an audit policy –You must be A member of the Administrators group, or Assigned the Manage auditing and security log user right –Files or folders being audited must reside on an NTFS volume
30 Setting Up an Audit Policy To set up an audit policy, you must –Choose the events you wish to monitor –Decide whether to monitor the successes and/or failures of these events To audit access to files, folders, printers, and Active Directory objects –The auditing settings must be configured on the specific resources
31 Configuring an audit policy
32 Auditing Object Access To configure auditing settings for specific files or folders –Access the Advanced Security Settings on the particular resource Auditing can also be configured for objects that are stored within Active Directory, such as –Computers –Users –Groups –OUs
33 Best Practices General guidelines for planning an audit policy –Only enable auditing for those events that can provide you with useful information –Review the audit entries in the security log on a regular basis –Enable auditing for sensitive and confidential information –Audit the Everyone group instead of the Users group –Audit the use of user rights assignment –Always audit the Administrators group
34 Analyzing Security Logs An entry is written to the security log each time an event defined within the audit policy occurs Event Viewer –Can be used to examine the contents of the security log –Successful events Represented by a key icon –Unsuccessful events Represented by a lock icon –Available tools Find option Filter option
35 The Event Viewer Security log
36 Configuring the Event Viewer If the security log become full, events may be overwritten depending on configured settings Options for avoiding this problem –Audit only those events that are essential –Change the default settings or properties of the security log –Review and archive the security log files on a regular basis Security Properties dialog box –Used to configure the properties of the security log
37 Configuring log properties
38 Security log configuration options
39 Managing Data Storage Features provided in Windows Server 2003 for managing data storage –Dynamic disk Overcomes many of the limitations and restrictions imposed by the traditional basic disk –Disk quotas Provide administrators with a way to track and limit the amount of disk space available to users
40 Basic versus Dynamic Disks: Basic Disks Basic disk –The traditional storage type –Divides physical disk space into primary partitions, extended partitions, and logical drives –All disks are automatically initialized as basic when Windows Server 2003 is installed
41 Dynamic Disks Divides physical disk space into volumes Some reasons for implementing dynamic disks –Volumes can be extended –RAID volumes can be configured –Missing or offline disks can be reactivated –Changes to disks can be made without having to restart the computer –Mirrored and RAID-5 volumes can be applied The Disk Management snap-in can be used to –Centrally configure and manage volumes –Convert a basic disk to a dynamic disk
42 Graphical view within Disk Management
43 Configuring Volumes Upgrading from a basic disk to a dynamic disk –Administrative privileges are needed –Disk must contain at least 1 MB of free space –Possible data loss When upgrading from basic to dynamic –No data is lost When reverting back to a basic disk –All volumes must be deleted, then –Data can be restored from backup
44 Configuring Volumes (Continued) –Once upgraded, the disk can only be locally accessed by operating systems that support dynamic disks –Converting to a dynamic disk does not affect network access to shared resources on the disk –Once upgraded, primary and extended partitions become simple volumes
45 Configuring Volumes (Continued) Windows Server 2003 volumes: –Simple volume –Spanned volume –Striped volume –RAID 5 volume –Mirrored volume
46 Disk Quotas Using disk quotas: –Prevents users from consuming all available disk space –Encourages users to delete old files as they reach their disk quota –Allows an administrator to track disk usage for future planning –Allows administrators to track when users are reaching their available limits To configure disk quotas –Access the properties of a volume, and –Click the Quota tab
47 Disk quota configuration parameters
48 Managing File and Folder Compression Data compression –Can reduce the amount of disk space that folders and files take up –Can only be used on volumes that are formatted with NTFS To configure compression –Enable or disable the compression attribute of a file or folder within Windows Explorer If a file is copied to another folder within the same NTFS volume –The file automatically inherits the compression attribute of the destination folder
49 Managing File and Folder Compression (Continued) If a file or folder is moved within the same NTFS volume –The file retains its compression attribute If a file or folder is copied between NTFS volumes –The file or folder inherits the compression attribute of the destination folder If a file or folder is moved between NTFS volumes –The file or folder inherits the compression attribute of the destination folder
50 Summary Two kinds of printer devices can be shared: –A local print device –A network print device Both printer and folder shares can be published into Active Directory to make it easy for clients to find the shared resources Auditing can be used in Windows Server 2003 to monitor and track activities on a network –When an event occurs, a record of it is written to the security log
51 Summary (Continued) Windows Server 2003 supports both basic and dynamic disks Basic and dynamic disks –You can convert basic disks to dynamic disks without losing any data –To revert back to a basic disk, you must delete all volumes and restore data from backup Windows Server 2003 uses disk quotas as a way of managing data storage Compression can be used to save disk space on server volumes and partitions