MCTS 70-642 Cert Guide: Windows Server 2008 Network Infrastructure, Configuring ® Don Poulton 800 East 96th Street Indianapolis, Indiana 46240 USA MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring Associate Publisher Dave Dusthimer Copyright © 2012 by Pearson Education, Inc. Acquisitions Editor Betsy Brown All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, without written permission from the publisher. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein. Printed in the United States of America First Printing: February 2012 ISBN-978-0-7897-4830-0 ISBN-0-7897-4830-4 Library of Congress Cataloging-in-Publication data is on file. Trademarks All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Pearson cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark. Warning and Disclaimer Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information provided is on an “as is” basis. The author and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the CD or programs accompanying it. Bulk Sales Que Publishing offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales. For more information, please contact U.S. Corporate and Government Sales 1-800-382-3419 [email protected] For sales outside of the U.S., please contact International Sales [email protected] Development Editor Box Twelve Communications, Inc. Managing Editor Sandra Schroeder Project Editor Mandie Frank Copy Editor Sheri Cain Indexer Tim Wright Proofreader Leslie Joseph Technical Editors Chris Crayton Darril Gibson Publishing Coordinator Vanessa Evans Multimedia Developer Timothy Warner Interior Designer Gary Adair Page Layout Mark Shirar Contents at a Glance Introduction 3 CHAPTER 1 Configuring IPv4 and IPv6 Addressing 27 CHAPTER 2 Configuring Dynamic Host Configuration Protocol (DHCP) CHAPTER 3 Configuring Routing CHAPTER 4 Configuring Windows Firewall with Advanced Security 159 CHAPTER 5 Installing and Configuring Domain Name System (DNS) CHAPTER 6 Configuring DNS Zones and Replication CHAPTER 7 Configuring DNS Records CHAPTER 8 Configuring Client Computer Name Resolution CHAPTER 9 Configuring File Servers CHAPTER 10 Configuring Distributed File System (DFS) 429 CHAPTER 11 Configuring Backup and Restore 459 CHAPTER 12 Managing File Server Resources 495 CHAPTER 13 Configuring and Monitoring Print Services CHAPTER 14 Configuring Remote Access CHAPTER 15 Configuring Network Policy Server (NPS) CHAPTER 16 Configuring Network Access Protection (NAP) CHAPTER 17 Configuring DirectAccess CHAPTER 18 Windows Server Update Services (WSUS) Server Settings 719 CHAPTER 19 Configuring Performance Monitoring CHAPTER 20 Configuring Event Logs CHAPTER 21 Collecting Network Data 127 295 321 351 531 567 615 653 693 757 795 819 Answers to Practice Exam 921 APPENDIX A Answers to the “Do I Know This Already?” Quizzes 1003 CD-only Elements: APPENDIX B Memory Tables 2 APPENDIX C Memory Tables Answer Key Glossary 2 205 243 Practice Exam 853 Index 83 2 961 iv MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring Table of Contents Introduction 3 Chapter 1 Configuring IPv4 and IPv6 Addressing 27 “Do I Know This Already?” Quiz 28 Concepts of TCP/IP 33 TCP/IP History in Brief 33 TCP/IP Protocol Stack 34 OSI Reference Model 34 Four-Layer TCP/IP Model 35 Application Layer 36 Transport Layer 36 Internet Layer 37 Network Interface Layer 37 TCP/IP Component Protocols 38 Transmission Control Protocol 38 User Datagram Protocol 38 Internet Protocol 39 Address Resolution Protocol 39 Internet Control Message Protocol 39 Internet Group Management Protocol 40 Application Layer Protocols 40 IPv4 Addressing 41 Static IPv4 Addressing 42 Subnetting and Supernetting in IPv4 44 Using Subnetting to Divide a Network 44 Using Supernetting to Provide for Additional Hosts on a Network 47 Understanding Private IPv4 Networks 48 Dynamic IP Addressing 48 Configuring IPv4 Address Options 48 Using the Command Line to Configure IPv4 Addressing Options 52 IPv6 Addressing 54 IPv6 Address Syntax 56 IPv6 Prefixes 56 Types of IPv6 Addresses 56 Contents Connecting to a TCP/IP Version 6 Network 59 Interoperability Between IPv4 and IPv6 Addresses 62 Compatibility Addresses 63 ISATAP Addresses 63 6to4 Addresses 64 Teredo Addresses 65 Using Group Policy to Configure IPv6 Transition Technologies 66 Resolving IPv4 and IPv6 Network Connectivity Issues 67 Windows Server 2008 Network Diagnostics Tools 68 Using TCP/IP Utilities to Troubleshoot TCP/IP 70 ARP 70 FTP 70 ipconfig 71 Nbtstat 72 Netstat 72 Nslookup 73 ping 73 tracert 74 pathping 75 Troubleshooting IPv4 and IPv6 Problems 75 Suggested Response to a Connectivity Problem 75 Network Discovery 76 Incorrect IPv4 Address or Subnet Mask 77 Incorrect Default Gateway 78 Unable to Connect to a DHCP Server 78 Duplicate IP Address 78 Unable to Configure an Alternate TCP/IPv4 Configuration 78 Using Event Viewer to Check Network Problems 79 Additional Troubleshooting Hints When Using IPv6 79 Review All the Key Topics 80 Complete the Tables and Lists from Memory 81 Definition of Key Terms Chapter 2 81 Configuring Dynamic Host Configuration Protocol (DHCP) 83 “Do I Know This Already?” Quiz 83 How DHCP Works 89 v vi MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring Four-Phase DHCP IPv4 Leasing Process 89 IP Lease Request (DHCPDISCOVER) 90 IP Lease Offer (DHCPOFFER) 91 IP Lease Selection (DHCPREQUEST) 91 IP Lease Acknowledgment (DHCPACK) 92 Renewing an IPv4 Lease 92 How DHCPv6 Works 93 Installing and Configuring a DHCP Server 95 Using the Command Line to Install DHCP 100 DHCP Scopes and Options 101 Creating DHCP Scopes 101 Using the Command Line to Create Scopes 104 Superscopes 104 Multicast Scopes 105 Split Scopes 106 Exclusions 107 Configuring DHCP Scope Properties 107 Configuring DHCP Options 108 Server Options 110 Scope Options 111 Option Classes 112 Client Reservations and Options 114 Managing and Troubleshooting a DHCP Server 116 Authorizing a DHCP Server in Active Directory 116 Configuring DHCP Relay Agents 117 PXE Boot 120 Monitoring and Troubleshooting a DHCP Server 121 Review All the Key Topics 124 Complete the Tables and Lists from Memory 125 Definition of Key Terms Chapter 3 125 Configuring Routing 127 “Do I Know This Already?” Quiz 127 The Need for Routing and Routing Tables 132 Contents Routing Protocols 133 Routing Table 135 Routing and Remote Access Service (RRAS) in Windows Server 2008 R2 137 Configuring RRAS as a Router 140 Configuring RIP 142 Configuring Static Routing 145 Using the RRAS Snap-In to Create a Static Route 145 Using the route Command to Create a Static Route 146 Choosing a Default Gateway 147 Displaying the Static Routing Table 147 Managing and Maintaining Routing Servers 148 Demand-Dial Routing 148 Establishing a Demand-Dial Interface 148 Configuring Demand-Dial Interface Properties 150 Specifying Packet Filtering 151 IGMP Proxy 153 Review All the Key Topics 156 Complete the Tables and Lists from Memory 157 Definition of Key Terms 157 Chapter 4 Configuring Windows Firewall with Advanced Security 159 “Do I Know This Already?” Quiz 159 Configuring Windows Firewall 165 Basic Windows Firewall Configuration 167 Using the Windows Firewall with Advanced Security Snap-In 172 Configuring Multiple Firewall Profiles 174 Configuring New Firewall Rules 176 Configuring Inbound Rules or Outbound Rules 176 Configuring Connection Security Rules 180 Configuring Rule Properties 184 Authorizing Users and Computers 185 Modifying Rule Scope 187 Additional Rule Properties 188 Configuring Notifications 189 vii viii MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring Importing and Exporting Policies 190 Using IPSec to Secure Network Communications 191 IPSec Modes 191 IPSec Encryption 193 Using Group Policy to Create IPSec Policies 194 Using Group Policy to Configure Windows Firewall Policies 198 Creating Windows Firewall with Advanced Security Policies 198 Windows Firewall Group Policy Property Settings 200 Isolation Policies 201 Review All the Key Topics 202 Definition of Key Terms 203 Chapter 5 Installing and Configuring Domain Name System (DNS) 205 “Do I Know This Already?” Quiz 206 Introduction to DNS 210 Hierarchical Nature of DNS 211 Root-Level Domains 212 Top-Level Domains 212 Second-Level Domain Names 214 Host Names 214 DNS Name Resolution Process 215 Recursive Queries 215 Iterative Queries 216 Reverse Lookup Queries 217 Installing DNS in Windows Server 2008 R2 218 Using the Command Line to Install DNS 221 Using the Command-Line for DNS Server Administration 222 Configuring DNS Server Properties 223 Interfaces Tab 223 Forwarders Tab 224 Conditional Forwarders 227 Advanced Tab 228 Server Options 229 Disable Recursion 229 Name Checking 230 Contents Loading Zone Data 231 Root Hints Tab 231 Debug Logging Tab 233 Event Logging Tab 235 Trust Anchors Tab 235 Monitoring Tab 237 DNS Socket Pooling 238 DNS Cache Locking 239 Review All the Key Topics 241 Definition of Key Terms 241 Chapter 6 Configuring DNS Zones and Replication 243 “Do I Know This Already?” Quiz 243 Zone Types and Their Uses 249 DNS Zone Types 249 Primary Zones 249 Secondary Zones 250 Active Directory–Integrated Zones 250 Stub Zones 251 Forward and Reverse Lookup Zones 251 GlobalNames Zones 252 DNS Name Server Roles 253 Primary Name Servers 253 Secondary Name Servers 254 Caching-Only Servers 255 Forwarders 255 Slave Servers 256 Configuring DNS Zones 257 Creating New DNS Zones 257 Creating a Reverse Lookup Zone 259 Creating Secondary Zones 261 Creating Stub Zones 262 Creating a GlobalNames Zone 262 Configuring DNS Zone Properties 263 Configuring Zone Types 264 Adding Authoritative DNS Servers to a Zone 265 ix x MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring Dynamic DNS, Non-Dynamic DNS, and Secure Dynamic DNS 266 Zone Scavenging 267 Integrating DNS with WINS 269 Subdomains and Zone Delegation 270 Configuring DNS Zone Transfers and Replication 274 Active Directory DNS Replication 274 Application Directory Partitions 274 Replication Scope 275 Types of Zone Transfers 277 Full Zone Transfer 277 Incremental Zone Transfer 278 Configuring Zone Transfers 279 Configuring DNS Notify 281 Secure Zone Transfers 282 Auditing of DNS Replication 283 Troubleshooting DNS Zones and Replication 287 Using the ipconfig, ping, and nslookup Commands 288 Use of the DNSLint Tool 290 Review All the Key Topics 291 Complete the Tables and Lists from Memory 292 Definition of Key Terms Chapter 7 292 Configuring DNS Records 295 “Do I Know This Already?” Quiz 295 Resource Record Types and Their Uses 299 Creating New Resource Records 300 New Host (A or AAAA) Records 301 New Alias (CNAME) Records 302 New Mail Exchanger (MX) Records 303 Additional New Resource Records 304 Using the Command Line to Create Resource Records 307 Configuring Resource Record Properties 308 Configuring SOA Resource Record Properties 309 Time to Live 311 Contents Configuring Name Server Resource Record Properties 311 Registering Resource Records 314 Using the DnsUpdateProxy Group 314 Configuring Round Robin 316 Enabling Netmask Ordering 317 Configuring DNS Record Security and Auditing 317 Review All the Key Topics 319 Complete the Tables and Lists from Memory 319 Definition of Key Terms 319 Chapter 8 Configuring Client Computer Name Resolution 321 “Do I Know This Already?” Quiz 321 Configuring DNS Client Computer Settings 326 Specifying DNS Server Lists 326 Configuring DNS Suffix Search Order Lists 328 Configuring a Client Computer’s Primary DNS Suffix 330 Using Group Policy to Configure DNS Client Settings 331 Using the ipconfig Command to Update and Register DNS Records 334 Using the dnscmd Command to Update the DNS Server Cache 334 Other Types of Name Resolution 335 HOSTS Files 335 NetBIOS Name Resolution 337 NetBIOS Broadcasts 337 LMHOSTS Files 339 WINS Servers 340 Troubleshooting NetBIOS Problems 344 Link Local Multicast Name Resolution 345 Review All the Key Topics 348 Complete the Tables and Lists from Memory 349 Definition of Key Terms Chapter 9 349 Configuring File Servers 351 “Do I Know This Already?” Quiz 351 Shared Folders in Windows Server 2008 R2 358 Understanding the File Services Role in Windows Server 2008 R2 358 xi xii MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring Using the Network and Sharing Center to Configure File Sharing 360 Sharing Files, Folders, and Printers 362 Modifying Shared Folder Properties 363 Mapping a Drive 367 Using the net share Command to Manage Shared Folders 368 NTFS Permissions 369 NTFS File and Folder Permissions 369 Applying NTFS Permissions 371 Specifying Advanced Permissions 373 Configuring NTFS Permissions Inheritance 376 Taking Ownership of Files and Folders 377 Effective Permissions 379 Viewing a User’s Effective Permissions 380 Copying and Moving Files and Folders 381 Copying Files and Folders with NTFS Permissions 381 Moving Files and Folders with NTFS Permissions 382 Using the Mouse to Copy or Move Objects from One Location to Another 383 Practical Guidelines on Sharing and Securing Folders 383 Data Encryption 384 Encrypting File System 384 Encrypting File System Basics 385 Preparing a Disk for EFS 386 Encrypting Files 387 Backing Up EFS Keys 389 Decrypting Files 391 EFS Recovery Agents 392 EFS Group Policies 393 BitLocker Drive Encryption 395 Preparing Your Computer to Use BitLocker 397 Enabling BitLocker 397 Managing BitLocker 402 Configuring BitLocker Group Policies 403 Using Data Recovery Agents 405 Additional File Server Management Resources 408 Using Offline Files 408 Contents Configuring Servers for Offline Files 409 Configuring Client Computers 411 Configuring Offline File Policies 411 Configuring Transparent Caching of Offline Files 413 Configuring BranchCache 414 Using the netsh Command to Configure BranchCache 415 Using Group Policy to Enable BranchCache 417 Specifying BranchCache Firewall Rules 418 Understanding BranchCache Network Infrastructure Requirements 419 Using BranchCache across a Virtual Private Network 419 Managing Certificates with BranchCache 420 Using Share and Storage Management Console 421 Using Share and Storage Management to Provision Shared Resources and Volumes 422 Using Share and Storage Management to Manage Shared Resources 425 Review All the Key Topics 426 Complete the Tables and Lists from Memory 427 Definition of Key Terms Chapter 10 427 Configuring Distributed File System (DFS) 429 “Do I Know This Already?” Quiz 429 DFS Concepts 433 Improvements to DFS in Windows Server 2008 R2 434 Installing DFS on a Windows Server 2008 R2 Computer 435 Managing DFS Namespaces 438 Creating Additional DFS Namespaces 438 Managing Namespaces 439 Adding Folders to DFS Namespaces 440 Adding Namespace Servers 441 Configuring Referrals 441 Enabling Access-Based Enumeration of a DFS Namespace 443 Configuring Polling of Domain Controllers 444 Managing DFS Replication 445 Setting Up DFS Replication 447 xiii xiv MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring Replication Topologies 449 Working with Replication Groups 450 Adding New Connections 450 Adding Replicated Folders 451 Designating Read-Only Replicated Folders 451 Adding Members to Replication Groups 451 Sharing or Publishing Replicated Folders 451 Configuring Failover Cluster Support 452 Generating Replication Health Reports 454 Review All the Key Topics 456 Complete the Tables and Lists from Memory 457 Definition of Key Terms Chapter 11 457 Configuring Backup and Restore 459 “Do I Know This Already?” Quiz 459 Protecting Data with Windows Backup 464 Backup Permissions 466 Installing Windows Server Backup 466 Backing Up Your File Server 467 Performing a Bare Metal Backup 472 Scheduling a Backup 472 Using the wbadmin Command 474 Restoring the Backup Catalog 475 Managing Backups Remotely 476 Volume Shadow Copies 477 Using Windows Explorer to Manage Shadow Copies 478 Using the Command Line to Manage Shadow Copies 480 Using Volume Shadow Copies to Recover a File or Folder 480 Restoring Data from Backup 482 Using Windows Backup to Recover Data 482 Restoring User Profiles 485 Recovering System State 486 Performing a Full Server or Bare Metal Recovery of a Windows Server 2008 R2 Computer 488 Using the wbadmin Command to Recover Your Server 491 Review All the Key Topics 492 Contents Complete the Tables and Lists from Memory 493 Definition of Key Terms 493 Chapter 12 Managing File Server Resources 495 “Do I Know This Already?” Quiz 495 File Server Resource Manager 500 Installing FSRM 501 Managing File Screening 501 Using File Groups 502 Creating File Screens and Templates 503 Creating File Screen Exceptions 506 Monitoring File Screening 506 Managing Storage Reports 506 Specifying Report Parameters 507 Additional FSRM Options 508 Scheduling Report Generation 509 Managing File Classification 511 Configuring File-Management Tasks 514 Configuring Disk and Volume Quotas 516 Using Windows Explorer to Enable Disk Quotas 516 Using FSRM to Enable Quotas 519 Using FSRM to Create Quota Templates 520 Some Guidelines for Using Quotas 522 Storage Manager for SANs 523 Review All the Key Topics 527 Complete the Tables and Lists from Memory 528 Definition of Key Terms Chapter 13 528 Configuring and Monitoring Print Services 531 “Do I Know This Already?” Quiz 531 Printing Terminology in Windows Server 2008 R2 537 Printing Process 538 Installing, Sharing, and Publishing Printers 539 Installing the Print and Document Services Role 540 Installing Printers 541 Using Control Panel to Install a Printer 542 Using the Print Management Console to Install a Printer 544 xv xvi MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring Sharing Printers 545 Publishing Printers in Active Directory 546 Using Group Policy to Deploy Printer Connections 548 Managing and Troubleshooting Printers 549 Using the Printer Properties Dialog box 549 General Tab 549 Ports Tab and Printer Pooling 549 Advanced Tab 551 Security Tab and Printer Permissions 553 Migrating Print Queues and Printer Settings 556 Isolating Printer Drivers 557 Configuring Location-Aware Printer Settings 558 Delegating Print Management 559 Troubleshooting Printer Problems 561 Some Common Problems 561 Printer Port Problems 562 Enabling Notifications 562 Review All the Key Topics 564 Complete the Tables and Lists from Memory 565 Definition of Key Terms 565 Chapter 14 Configuring Remote Access 567 “Do I Know This Already?” Quiz 567 Remote Access Protocols 573 Remote Access Authentication Protocols 574 New Features of RRAS in Windows Server 2008 576 Configuring Dial-Up Connections 577 Configuring a RAS Server for Dial-Up 577 Configuring Dial-Up RAS Server Properties 579 Enabling Modems used by the Dial-Up RAS Server 581 Configuring Windows Server 2008 as a RAS Client 583 Network Address Translation 584 Enabling the NAT Server for DHCP 586 Enabling Addresses, Services, and Ports on the NAT Server 588 Configuring Internet Connection Sharing 589 Contents Virtual Private Networking 590 How VPNs Function 591 VPN Encapsulation 591 Authentication 591 Data Encryption 592 Configuring a RRAS Server for VPN 592 Creating and Authenticating VPN Connections 594 Configuring VPN Connection Security 596 Enabling VPN Reconnect 598 Configuring Advanced Security Auditing 599 Using Remote Access Policies 601 Configuring VPN Packet Filters 601 Connection Manager 603 Installing the Connection Manager Administration Kit 605 Using Connection Manager Administration Kit to Create a Profile 605 Using the Connection Manager Client Interface 610 Review All the Key Topics 612 Complete the Tables and Lists from Memory 613 Definition of Key Terms 613 Chapter 15 Configuring Network Policy Server (NPS) 615 “Do I Know This Already?” Quiz 615 Wireless Networking Protocols and Standards 619 Wireless Networking Standards 620 Planning the Authentication Methods for a Wireless Network 621 Planning the Encryption Methods for a Wireless Network 622 Wired Equivalent Privacy 622 802.1X 622 Use of IPSec with Wireless Networks 623 The IEEE 802.3 Wired Standard 623 Planning and Configuring Wireless Access Policies 623 Creating a Wireless Access Policy for Windows Vista/7 Clients 624 Creating a Wireless Access Policy for Windows XP Clients 628 Configuring IEEE 802.3 Wired Access Policies 630 RADIUS in Windows Server 2008 R2 633 Installing NPS on a Windows Server 2008 RRAS Server 634 xvii xviii MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring Configuring the NPS Server for Wireless Access 635 Configuring New RADIUS Clients 638 Creating RADIUS Proxies and Proxy Groups 639 Creating Connection Request Policies 641 Configuring RADIUS Accounting 644 Configuring NPS Templates 647 Review All the Key Topics 649 Complete the Tables and Lists from Memory 650 Definition of Key Terms 650 Chapter 16 Configuring Network Access Protection (NAP) 653 “Do I Know This Already?” Quiz 653 Concepts of NAP 658 Components of a Typical NAP Deployment 660 What’s New with NAP in Windows Server 2008 R2 662 NAP Enforcement 663 DHCP Enforcement 663 Enabling NAP on the DHCP Server’s Scopes 667 VPN Enforcement 668 IPSec Enforcement 670 Installing and Configuring an HRA Server 671 Configuring NAP for IPSec Enforcement 674 Configuring the HRA for Health Certificates 674 Using Group Policy to Specify IPSec Enforcement 675 802.1X Enforcement 676 RDS Enforcement 678 System Health Validation 680 Configuring the Windows Security Health Validator 681 Configuring Error Codes 683 Using Multi-Configuration SHV 683 Configuring NAP Policies 684 Review All the Key Topics 689 Definition of Key Terms 690 Chapter 17 Configuring DirectAccess 693 “Do I Know This Already?” Quiz 693 Contents Concepts of DirectAccess 698 DirectAccess Server Requirements 700 Using IPv6 with DirectAccess 701 Using Network Access Protection 701 DirectAccess Client Requirements 702 DirectAccess Connection Process 702 Configuring the DirectAccess Server 703 Installing and Configuring the DirectAccess Server Feature 703 DirectAccess and the Perimeter Network 707 Configuring Authentication 708 Group Policy and DirectAccess 708 Using Group Policy to Configure DirectAccess Clients 708 Name Resolution Policy Table 710 Using NRPT Exemptions 714 Review All the Key Topics 716 Complete the Tables and Lists from Memory 716 Definitions of Key Terms 716 Chapter 18 Windows Server Update Services (WSUS) Server Settings 719 “Do I Know This Already?” Quiz 719 Concepts of WSUS 724 Purposes of Windows Update and WSUS 724 New Features of WSUS 3.0 725 Installing and Configuring a WSUS Server 727 Installing WSUS on a Windows Server 2008 R2 Computer 728 Installing Microsoft Report Viewer Redistributable 2008 731 Getting Started with WSUS 731 Configuring WSUS Options 733 Testing Updates 738 Using Computer Groups 738 Configuring Client-Side Targeting 741 Approving Updates 742 Declining Updates 744 Viewing Reports 745 Using WSUS on a Disconnected Network 747 xix xx MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring Configuring Client Computers for WSUS 748 Review All the Key Topics 754 Complete the Tables and Lists from Memory 755 Definition of Key Terms 755 Chapter 19 Configuring Performance Monitoring 757 “Do I Know This Already?” Quiz 757 Performance Monitor 762 Using Performance Monitor to Collect Real-Time Data 764 Customizing Performance Monitor 766 Permissions Required to Run Performance Monitor 767 Data Collector Sets 768 System-Defined Data Collector Sets 768 Using System-Defined Data Collector Sets 769 Viewing Logged Performance Data 771 User-Defined Data Collector Sets 771 Creating a Custom Data Collector Set 774 Using Performance Monitor to Create a Data Collector Set 776 A Few Best Practices for Logging Server Performance 777 Command-Line Utilities 779 Monitoring Print Servers 779 Analyzing Performance Data 780 Optimizing and Troubleshooting Memory Performance 781 Optimizing and Troubleshooting Processor Utilization 783 Optimizing and Troubleshooting Disk Performance 784 Optimizing and Troubleshooting Network Performance 786 Reliability Monitor 787 Resource Monitor 789 Review All the Key Topics 792 Complete the Tables and Lists from Memory 793 Definition of Key Terms 793 Chapter 20 Configuring Event Logs 795 “Do I Know This Already?” Quiz 795 Event Viewer 799 Viewing Logs in Event Viewer 800 Contents Event Log Properties 802 Applications and Services Logs 804 Customizing Event Logs 805 Creating and Using Custom Views 807 Exporting and Importing Custom Views 808 Configuring Event Log Subscriptions 809 Configuring the Source Computers to Forward Events 810 Configuring the Collector Computer to Forward Receive Events 810 Configuring Event Log Subscriptions 811 Configuring Tasks from Events 814 Review All the Key Topics 816 Complete the Tables and Lists from Memory 817 Definitions of Key Terms 817 Chapter 21 Collecting Network Data 819 “Do I Know This Already?” Quiz 819 Simple Network Management Protocol 824 How SNMP Functions 824 Management Information Base 824 SNMP Messages 825 SNMP Communities 826 How SNMP Functions 827 Installing and Configuring SNMP 828 Network Monitor 833 Concepts of Protocol Analyzers 833 Placement of Protocol Analyzers 834 Installing and Running Microsoft Network Monitor 835 Using Network Monitor to Capture Network Data 837 Filtering Captured Network Data 839 Using a Capture Filter 841 Configuring Network Monitor Options 842 Using Aliases 844 Performing a Capture from the Command Prompt 845 Connection Security Rules Monitoring 846 Configuring Authentication Properties 848 xxi xxii MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring Review All the Key Topics 850 Complete the Tables and Lists from Memory 851 Definitions of Key Terms 851 Practice Exam 853 Answers to Practice Exam 921 APPENDIX A Answers to the “Do I Know This Already?” Quizzes Index 1003 CD-only Elements: APPENDIX B Memory Tables 2 APPENDIX C Memory Tables Answer Key Glossary 2 2 961 About the Author About the Author Don Poulton (A+, Network+, Security+, MCSA, MCSE) is an independent consultant who has been involved with computers since the days of 80-column punch cards. After a career of more than 20 years in environmental science, Don switched careers and trained as a Windows NT 4.0 MCSE. He has been involved in consulting with a couple of small training providers as a technical writer, during which time he wrote training and exam-prep materials for Windows NT 4.0, Windows 2000, and Windows XP. Don has written or contributed to several titles, including Security+ Lab Manual (Que, 2004), MCSA/MCSE 70-299 Exam Cram 2: Implementing and Administering Security in a Windows 2003 Network (Exam Cram 2) (Que, 2004), MCSE 70-294 Exam Prep: Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure (Que, 2006), MCTS 70-620 Exam Prep: Microsoft Windows Vista, Configuring (Que, 2008), MCTS 70-680 Exam Prep: Microsoft Windows 7, Configuring (Que, 2011), and MCTS 70-640 Exam Prep: Microsoft Windows Server 2008 Active Directory, Configuring (Que, 2011). In addition, Don has worked on programming projects, both in his days as an environmental scientist and, more recently, with Visual Basic to update an older statistical package used for multivariate analysis of sediment contaminants. When not working on computers, Don is an avid amateur photographer who has had his photos displayed in international competitions and published in magazines such as Michigan Natural Resources Magazine and National Geographic Traveler. Don also enjoys traveling and keeping fit. Don lives in Burlington, Ontario, with his wife, Terry. xxiii xxiv MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring Dedication I would like to dedicate this book to my wife, Terry, who has stood by my side and supported me throughout the days spent writing this book. This project would not have been possible without her love and support. Acknowledgments I would like to thank the staff at Pearson and, in particular, Betsy Brown for making this project possible. My sincere thanks goes out to Chris Crayton and Darril Gibson for their helpful technical suggestions, as well as Jeff Riley, development editor, and Sheri Cain, copy editor, for their improvements to the manuscript. —Don Poulton About the Technical Reviewers Christopher A. Crayton is an author, technical editor, technical consultant, security consultant, trainer, and SkillsUSA state-level technology competition judge. Formerly, he worked as a computer and networking instructor at Keiser College (2001 Teacher of the Year); as network administrator for Protocol, a global electronic customer relationship management (eCRM) company; and at Eastman Kodak Headquarters as a computer and network specialist. Chris has authored several print and online books, including The A+ Exams Guide, Second Edition (Cengage Learning, 2008), Microsoft Windows Vista 70-620 Exam Guide Short Cut (O’Reilly, 2007), CompTIA A+ Essentials 220-601 Exam Guide Short Cut (O’Reilly, 2007), The A+ Exams Guide, The A+ Certification and PC Repair Handbook (Charles River Media, 2005), and The Security+ Exam Guide (Charles River Media, 2003) and A+ Adaptive Exams (Charles River Media, 2002). He is also co-author of the How to Cheat at Securing Your Network (Syngress, 2007). As an experienced technical editor, Chris has provided many technical edits/reviews for several major publishing companies, including Pearson, McGraw-Hill, Cengage Learning, Wiley, O’Reilly, Syngress, and Apress. He holds MCSE, A+, and Network+ certifications. Darril Gibson has authored or coauthored more than a dozen books and contributed as a technical editor to many more. He holds several IT certifications, including CompTIA A+, Network+, Security+, CASP, (ISC)2 SSCP, CISSP, MCSA, MCSA Messaging (2000, 2003), MCSE (NT 4.0, 2000, 2003), MCDBA (SQL 7.0, 2000), MCITP (Vista, Windows 7, Server 2008, SQL 2005, SQL 2008), MCTS (Server 2008, SQL Server 2008), MCSD (6.0, .NET), and ITIL Foundations v 3.0. He is the CEO of Security Consulting and Training, LLC, and actively teaches, writes, and consults on a variety of IT topics. He regularly blogs at blogs.getcertifiedgetahead.com. Reader Services We Want to Hear from You! As the reader of this book, you are our most important critic and commentator. We value your opinion and want to know what we’re doing right, what we could do better, what areas you’d like to see us publish in, and any other words of wisdom you’re willing to pass our way. As an associate publisher for Pearson, I welcome your comments. You can e-mail or write me directly to let me know what you did or didn’t like about this book—as well as what we can do to make our books better. Please note that I cannot help you with technical problems related to the topic of this book. We do have a User Services group, however, where I will forward specific technical questions related to the book. When you write, please be sure to include this book’s title and author, as well as your name, e-mail address, and phone number. I will carefully review your comments and share them with the author and editors who worked on the book. E-mail: [email protected] Mail: Dave Dusthimer Associate Publisher Pearson Education 800 East 96th Street Indianapolis, IN 46240 USA Reader Services Visit our website and register this book at www.quepublishing.com/register for convenient access to any updates, downloads, or errata that might be available for this book. xxv This chapter covers the following subjects: ■ Printing Terminology in Windows Server 2008 R2: This section introduces key terminology and concepts you must be aware of to administer printers. It also reviews the actions that occur when a user submits a print job. ■ Installing, Sharing, and Publishing Printers: This section shows you how to install the Print and Document Services server role and then covers the installation, sharing, and publication of printers. ■ Managing and Troubleshooting Printers: Print servers and printers come with a large array of properties you must be aware of to effectively manage a corporate printing environment. This section introduces you to the management of these properties, as well as the topic of granting permissions to printers and print servers and troubleshooting common printer problems. CHAPTER 13 Configuring and Monitoring Print Services Resources on a Windows Server 2008 network go beyond the subject of files and folders that have been the subject of Chapter 9, “Configuring File Servers,” and subsequent chapters. An important component of any business network is the capability to print documents in a timely and accurate manner, and Windows Server 2008 R2 provides the Print and Document Services server role to assist administrators in setting up print servers and keeping printing capabilities operating properly. Typically, a print server is a computer to which you connect a print device and share so that many people across your network, and even across the Internet, can print to the printer. In any case, clients that print to the printer can be running a variety of platforms and not just Windows systems. Windows Server 2008 supports hundreds of print devices from a large number of printer manufacturers. This chapter introduces you to the management of printers, which is an important topic—both in real life and on the 70-642 exam. “Do I Know This Already?” Quiz The “Do I Know This Already?” quiz allows you to assess whether you should read this entire chapter or simply jump to the “Exam Preparation Tasks” section for review. If you are in doubt, read the entire chapter. Table 13-1 outlines the major headings in this chapter and the corresponding “Do I Know This Already?” quiz questions. You can find the answers in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes.” Table 13-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping Foundations Topics Section Questions Covered in This Section Printing Terminology in Windows Server 2008 R2 1–2 Installing, Sharing, and Publishing Printers 3–5 Managing and Troubleshooting Printers 6–12 532 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring 1. In Microsoft terminology, which of the following is the best definition of a printer? a. The program that converts graphic commands into instructions that the print device is able to understand. b. The physical (hardware) device that produces the printed output. c. The computer that handles the printing process on the network. d. The software (logical) interface between the operating system and the physical print device. 2. Your print server is configured so that print jobs are copied to a reserved area within the system root folder of the computer before being sent to the print device. What is this action called? a. Preprinting b. Spooling c. Creation of an enhanced metafile (EMF) d. Routing 3. You purchased a new print device for your company’s network. The print device is equipped with its own network adapter so that it can be directly connected to the network. You attached the print device to the network and are at the print server and want to install it. What program should you use? (Each correct answer represents a complete solution. Choose two answers). a. Print Management snap-in b. Add Roles Wizard in Server Manager c. Windows Explorer d. Device Manager e. Control Panel Devices and Printers 4. You installed and shared a new printer on your Windows Server 2008 R2 computer, which is configured with the Print and Document Service server role. Users printing documents from Windows 7 computers receive their documents properly, but users printing from Windows XP computers receive documents full of illegible characters. What should you do? a. From the Sharing tab of the Properties dialog box for the printer, select the Render print jobs on client computers option. b. From the Sharing tab of the Properties dialog box for the printer, click Additional Drivers. Then, select drivers for Windows XP from the Additional Drivers dialog box and click OK. Chapter 13: Configuring and Monitoring Print Services 533 c. From the Security tab of the Properties dialog box for the printer, add a group that contains the users of Windows XP computers and grant them the Manage Documents permission. d. Install a new printer from the Print Management snap-in. Configure this printer to point to the same print device and provide a unique share name that references users of Windows XP computers. 5. You are responsible for printers connected to Windows Server 2008 R2 print servers in you company’s AD DS domain. These servers are configured as member servers in the domain. You installed a printer that should be accessible to computers in the Graphics department, but not to computers in other departments. All resources in this department are located in the Graphics organizational unit (OU). What should you do? a. From the Sharing tab of the printer’s Properties dialog box, select the List in the directory option. b. Right-click this printer in the details pane of the Print Management snap-in and choose List in Directory. c. Right-click this printer in the details pane of the Print Management snap-in and choose Deploy with Group Policy. Choose a GPO that is linked to the Graphics OU and select the option labeled The users that this GPO applies to (per user). d. Right-click this printer in the details pane of the Print Management snap-in and choose Deploy with Group Policy. Choose a GPO that is linked to the Graphics OU and select the option labeled The computers that this GPO applies to (per machine). 6. You are responsible for the print servers and printers on your company’s net- work. You configured a shared printer (HP40001) on Server1. Server2 also has an identical shared printer (HP40002). HP40001 on Server1 experiences a catastrophic paper jam. Many jobs are waiting to be printed in Server1’s print queue. How can you ensure that these print jobs are printed without the need to ask the users to resubmit their print jobs to Server2? a. From the Ports tab of the HP40001 Properties dialog box, select En- able printer pooling. Include HP40002 and HP40001 in the pool. b. Rename the shared printer HP40001 to HP40002. c. In the Printers folder on the Server1, add a network printer called HP40003, pointing to HP40002 on Server2. Rename printer HP40001 to HP4000X. Then, rename HP40003 to HP40001. d. Select the Ports tab of the HP40001 Properties dialog box, click Add Port, choose Local Port, click New Port, and assign the UNC name \\ Server2\HP40002 to the new port. 534 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring 7. The boss is fed up with waiting for her documents to print and wants to be sure the account statement prints immediately when it is needed. What is the simplest thing to do so that this will happen properly? a. Ask her secretary to come in at 7 a.m. and print the account statement. b. When she needs to print the account statement, have her go to the printer properties and click Cancel All Documents, before printing the document. c. Configure a printer that points to the same print device and has the pri- ority set at 99. Configure this printer’s permissions so that only the boss has the Print permission and direct her to print the account statement on this printer. d. Configure her user account to have the Prioritize Documents permission. 8. You are responsible for managing the print servers and printers in your com- pany’s domain. A user calls and informs you that he has sent a large print job to the printer and has realized that he must make several changes to the document. So, he wants to delete the print job. What permission do you need to grant the user so that he can delete this job? a. Allow the user the Manage this printer permission. b. Allow the user the Manage documents permission. c. Allow the user the Special permissions permission, click Advanced, and then allow him the Delete permission. d. You don’t need to do anything; he can delete his print jobs without ad- ditional permissions. 9. You are responsible for maintaining the printers on your company’s AD DS network, which includes one domain with three print servers and 12 printers. You purchased a powerful new computer and installed Windows Server 2008 R2 and the Print and Document Management server role. You want to consolidate all the existing printers on the new server. What should you do to accomplish this task with the least amount of administrative effort? a. At each existing print server, select the Export printers to a file option. Complete the steps in the Printer Migration Wizard that starts to save printer export information to a file. Then, at the new server, select the Import printers from a file option. Then, use the Printer Migration Wizard to import the previously exported printer information. Chapter 13: Configuring and Monitoring Print Services 535 b. Use Windows Server Backup at each existing print server to back up the contents of the print server. Then, at the new server, use Windows Server Backup to restore the information that was backed up from each existing print server. c. Connect to the %systemroot%\system32\spool\printers folder on each existing print server and copy the contents of this folder to the same folder on the new print server. Repeat this task at each of the remaining print servers. d. At the new print server, run the Printer Installation Wizard to install each of the printers in turn, selecting the Search the network for printers option to ensure that you selected and installed the printers. 10. You are a tech-support specialist at your company. A Windows Server 2008 R2 computer is configured as a print server. This server supports several different types of printers, including color ink-jet and laser models. After updating the driver for the color ink-jet printers, users report that their print jobs printed at either the color ink-jet or laser printers contain unintelligible characters. Checking the website for the color ink-jet printer manufacturer, you notice that they have withdrawn the latest driver and will be issuing one within a few days. What action should you take to enable users to print from the laser printer with the least amount of delay? a. Install new printers for the laser print device at another server running Windows Server 2008 R2. b. Open Device Manager on the print server and access the Driver tab of the laser printer’s Properties dialog box. Then, click the Roll Back Driver button. c. From the Print Management snap-in at the print server, right-click the driver and choose Set Driver Isolation > None. d. From the Print Management snap-in at the print server, right-click the driver and choose Set Driver Isolation > Isolated. 536 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring 11. You are responsible for several printers installed on a Windows Server 2008 R2 print server on your network, which is configured as a workgroup. You want to allow a secretary named Evelyn to have the ability to view and manage print queues, but do not want her to have any other administrative capabilities on the network. What should you do? a. Access the Security tab of the Print Server Properties dialog box and add Evelyn to list of user or group names. Then, select the View Server, Print, Manage Documents, and Manage Printer permissions under the Allow column. b. Access the Security tab of the Print Server Properties dialog box and add Evelyn to list of user or group names. Then, select the View Server and Manage Server permissions under the Allow column. c. Open the Computer Management snap-in and select the Groups sub- node under the Local Users and Groups node. Then, add Evelyn’s user account to the Print Operators group. d. Open the Computer Management snap-in and select the Groups sub- node under the Local Users and Groups node. Then, add Evelyn’s user account to the Power Users group. 12. You are responsible for the printers installed on your Windows Server 2008 R2 print server named Server3. This server is a member server in your company’s AD DS domain. A user attempting to print to a printer named Printer2 discovers that he is unable to print. Checking with several other users, you discover that nobody has been able to print since yesterday afternoon. Attempting to print from your Windows 7 desktop computer, you discover that you are unable to print and receive the following message: Printer2 on Server3 is unable to connect. But, you are able to ping Server3 from your desktop computer. What should you do to re-enable printing? a. From the Sharing tab of the Printer2 Properties dialog box, select the option labeled Render print jobs on client computers. b. Restart the Print Spooler service on Server3. c. In the details pane of the Print Management snap-in on Server3, right- click Printer2 and choose List in Directory. d. Install a new printer on Server3, and configure this printer to print to the same print device. Then, instruct the users to resubmit their print jobs to this printer. Chapter 13: Configuring and Monitoring Print Services 537 Foundation Topics Printing Terminology in Windows Server 2008 R2 We are all used to thinking of a printer as the machine that spews out printed pages. But, Microsoft has its own terminology (which it has used ever since the days of Windows NT and 9x), which you need to be aware of. Table 13-2 describes the official Microsoft definitions. Table 13-2 Printing Terminology Used by Windows Computers Term Description Printer The software (logical) interface between the operating system and the print device. In other words, a printer is part of the software and a print device is hardware. What this means is that a printer is the way that Windows sees where it is sending print jobs. This is true for all Windows versions, client or server. Print device The physical (hardware) device that produces the printed output. This device can be connected directly to your computer using a parallel (LPT) port, a USB connection, or a wireless connection (such as infrared [IR]); or it can be attached to the network by means of its own network interface card (NIC). Print server The computer that controls the entire printing process on a Windows network. The print server handles printing requests from all its clients. It can be running either a server operating system such as Windows Server 2003 or 2008, or a client such as Windows XP, Vista, or 7; however, print servers on client operating systems are limited to 10 concurrent connections. Print driver The program that converts graphics commands into instructions a given type of print device can understand. Printer ports The software interface (such as LPT1) between the computer and the print device. Print queue A waiting area where print jobs are stored and sequenced as they await the print device. Jobs are sequenced according to the order in which they are received as well as priority settings that are discussed later in this chapter. Print spooling The act of writing the contents of a print job to disk before sending it on to the print device. This can improve performance by eliminating the print device as a bottleneck that ties up the operating system or an application until the entire print job is output by the print device. In Windows 7 and Windows Server 2008, the default folder for spooling is located at %systemroot%\system32\spool\ printers. You can change this location by altering the print server properties (Advanced tab) or the appropriate key in the Registry. 538 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring TIP Remember that Microsoft considers a “printer” to be the software interface between the print server and the physical print device, and a “print device” to be the actual hardware device that produces the printed output. This convention is used on Microsoft exams. Printing Process When a user selects File > Print from an application, a series of steps must be completed for the printed document to appear. These steps have remained much the same over all recent versions of Windows: 1. When the user selects File > Print, a new print job is created, which includes all the data, and eventually, the printer commands that the system requires to output a document. 2. The client computer queries the print server for a version of the print driver for the default or a selected printer. If necessary, the most recent version of the driver is downloaded to the client computer. 3. The graphics device interface (GDI) and the printer driver may convert the print job into a rendered Windows enhanced metafile (EMF). (The GDI is the component that provides network applications with a system for presenting graphical information.) The GDI actually does double duty by producing WYSIWYG (what you see is what you get) screen output and printed output. 4. It is possible for Windows to convert the application’s output (the print job) into either a metafile or a RAW format. (The RAW format is ready to print and requires no further rendering.) The driver then returns the converted print job to the GDI, which delivers it to the spooler. 5. The client side of the spooler (Winspool.drv) makes a remote procedure call (RPC) to the server side of the spooler (Spoolsv.dll). If a networkconnected server is managing the print device, the spooler hands off the print job to the spooler on the print server. Then, that spooler copies the print job to a temporary storage area on that computer’s hard disk. This step does not take place for locally managed print jobs. In that case, the job is spooled to disk locally. 6. The print server receives the job and passes it to the print router, Spoolss. dll. (You should not confuse a router in this context with the device that directs network packets from one subnetwork to another.) Chapter 13: Configuring and Monitoring Print Services 539 7. The router checks the kind of data it has received and passes it on to the ap- propriate print processor component of the local print provider, or the remote print server if the job is destined for a network printer. 8. The local print provider may request that the print processor perform addi- tional conversions as needed on the file, typically from EMF to RAW. (Print devices can only handle RAW information.) The print processor then returns the print job to the local print provider. 9. If a separator page is being used, the separator page processor on the local print provider adds a separator page to the print job and then passes the print job on to the appropriate print monitor. All recent versions of Windows support three types of print monitors: language, local port, and remote. ■ A language monitor provides the communications language used by the client and printer. In the case of bidirectional printers, this monitor allows you to monitor printer status and send notifications, such as paper tray empty. ■ The local port monitor (Localspl.dll) controls parallel, serial, and USB I/O ports where a printer may be attached, and sends print jobs to local devices on any of these ports. ■ The remote port monitor enables printing to remote printers. An example is the LPR port monitor, which can be used as an alternative to the standard port monitor for UNIX print servers. 10. The print monitor communicates directly with the print device and sends the ready-to-print print job to the print device. 11. The print device receives the data in the form it requires and translates it to a bitmap, producing printed output. Although it may seem complicated, this sequence is designed to make printing more efficient and faster in a networked environment. In particular, the burden of spooling is distributed between client and server computers. Installing, Sharing, and Publishing Printers By itself, Windows Server 2008 R2 is a very capable print server that provides a large range of capabilities for working with printers and documents, much like the capabilities that were included with previous Windows Server versions. The original version of Windows Server 2008 added the Print Services server role, which provided enhanced capabilities for sharing printers on the network and centralizing printer and print management tasks into its own Microsoft Management Console 540 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring (MMC) snap-in. In Windows Server 2008 R2 this role is replaced by the Print and Document Services role, which adds scanning management to the list of capabilities. For additional introductory information on the Print and Document Services server role, refer to “Print and Document Services” at http://technet.microsoft.com/ en-us/library/cc731636(WS.10).aspx. NOTE Installing the Print and Document Services Role Use the following procedure to install the Print and Document Services server role on a Windows Server 2008 R2 computer: 1. Open Server Manager and expand the Roles node. 2. Click Add Roles to start the Add Roles Wizard. 3. From the Select Server Roles page, select Print and Document Services (as shown in Figure 13-1) and click Next. Figure 13-1 Selecting the Print and Document Services role. 4. The Introduction to Print and Document Services page provides links to information on this service. To learn more, click the links provided. When you’re ready to proceed, click Next. Chapter 13: Configuring and Monitoring Print Services 541 5. The Select Role Services page shown in Figure 13-2 enables you to select ad- ditional role services. The Print Server role is included by default. Make any desired selections and click Next. Figure 13-2 You can select optional role services from the Select Role Services page. 6. On the Confirm Installation Selections page, click Install. 7. The Installation Progress page tracks the progress of installing the Print and Document services server role. When informed that the installation is complete, click Close. When finished, the Print Management snap-in is accessible from the Administrative Tools folder. This snap-in enables you to perform a large range of printer management tasks on printers installed on computers running any version of Windows from Windows 2000 or later. This chapter covers a large range of tasks you can perform from this snap-in. Installing Printers You can install a printer on your Windows Server 2008 R2 computer from Control Panel even without installing the Print and Document Services server role. If you installed this role, you can also install a printer from the Print Management snap-in. This section looks at both methods of installing a printer. 542 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring Using Control Panel to Install a Printer Use the following procedure to install a printer from Control Panel: 1. Click Start > Control Panel > Hardware. 2. Under Devices and Printers, select Add a printer. The Add Printer Wizard starts and provides two options, as shown in Figure 13-3. Figure 13-3 Windows Server 2008 enables you to choose between installing a local or network printer. 3. Select the appropriate option and click Next. 4. If you select the Add a network, wireless, or Bluetooth printer option, Windows searches for network printers. Select the desired printer and click Next. If you select the Add a local printer option, the Add Printer page asks you to choose a printer port. Select the port to which the printer is attached and click Next. 5. You receive the Install the printer driver page. Select the make and model of the print device for which you’re installing the printer (as shown in Figure 13-4) and click Next. To install a driver from an installation CD, click Have Disk and follow the instructions provided. Chapter 13: Configuring and Monitoring Print Services 543 Figure 13-4 Selecting the make and model for which you’re installing a printer. 6. The Type a Printer Name page provides a default name for the printer. Ac- cept this or type a different name, and then click Next. 7. The Printer Sharing page shown in Figure 13-5 enables you to share the printer. Accept the share name or type a different name if necessary. Optionally, type location and comment information in the text boxes provided. (This information helps users when selecting a network printer.) When finished, click Next. Figure 13-5 You are provided with options for sharing your printer. 8. You are informed that you successfully installed your printer. Click Print a test page to print a test page if desired to confirm printer installation. When done, click Finish. 544 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring If you are searching for a network printer at Step 4 of this procedure and the wizard is unable to locate the desired printer, click the link labeled The printer that I want isn’t listed. The wizard displays a page that enables you to locate the printer in the directory, browse the network for a shared printer, or locate a printer based on IP address or hostname. NOTE Using the Print Management Console to Install a Printer After you install the Print and Document Management server role as described earlier in this chapter, you can install a printer directly from this console. Use the following procedure: 1. Click Start > Administrative Tools > Print Management to open the Print Management console. 2. Expand the Print Server node to locate your print server. 3. Right-click your print server and choose Add Printer. The Network Printer Installation Wizard starts and displays options, as shown in Figure 13-6. Figure 13-6 network. The Network Printer Installation Wizard facilitates installation of printers on the 4. Select the appropriate option and click Next. 5. If you select the Add a TCP/IP or Web Services Printer by IP address or hostname option, specify the host name or IP address as well as the port name on the Printer Address page, and then click Next. If you select the Search the network for printers option, the Network Printer Search page appears and displays the printers it finds. Select the desired printer and click Next. Chapter 13: Configuring and Monitoring Print Services 545 6. On the Printer Driver page, select the make and model of the print device for which you’re installing the printer, and then click Next. 7. The Type a printer name page provides a default name for the printer. Accept this or type a different name, and then click Next. 8. The Printer Sharing page provides options similar to those previously shown in Figure 13-5 that are provided when installing from Control Panel. Specify the required options and click Next. 9. If you receive a page asking for printer-specific configuration options, select the required options and then click Next. Options provided depend on the make and model of the print device associated with the printer you’re installing. 10. You are informed that you successfully installed your printer. Click Finish. When you finish installing the printer (whether from the Print Management snapin or from Control Panel), the printer is displayed in the details pane of the Print Management snap-in when you select the Printers subnode under the node for your print server. From here, you can configure a series of management properties, as described in the sections to follow. Sharing Printers As indicated in the previous section, you can share a printer at the time you install it. You can configure printer sharing at any time. Use the following procedure: 1. In the console tree of the Print Management snap-in, expand your print server to reveal the Printers node. All printers configured for your server will appear in the details pane. 2. Right-click your desired printer and choose Manage Sharing. This opens the printer’s Properties dialog box to the Sharing tab. 3. Select the Share this printer check box. As shown in Figure 13-7, a default share name is provided automatically; accept this or type a different share name, as desired. 546 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring Figure 13-7 box. You can share your printer from the Sharing tab of the printer’s Properties dialog 4. If users connecting to this printer are running different versions of Windows (including 32-bit as opposed to 64-bit Windows versions), click Additional Drivers to install drivers required by these users. From the Additional Drivers dialog box that appears, select the required drivers and click OK. 5. If client computers have the processing power for handling the print rendering process, select the check box labeled Render print jobs on client computers. To have the print server handle this processing load, clear this check box. 6. Click OK. If you haven’t installed the Print and Document Services server role, you can perform the same task from the Devices and Printers applet in Control Panel. Right-click your printer and choose Printer Properties. This brings up the same Properties dialog box; select the Sharing tab, as shown previously in Figure 13-7, and follow the same procedure as outlined here. Publishing Printers in Active Directory If your print server is part of an Active Directory Domain Services (AD DS) domain, you can publish the printer to facilitate the task of users locating printers installed on the server. In the Print Management snap-in, right-click your printer Chapter 13: Configuring and Monitoring Print Services 547 and choose List in Directory, as shown in Figure 13-8. You can also publish your printer when configuring sharing (or from Control Panel if you have not installed the Print and Document Services server role), by selecting the List in the Directory check box, which was previously shown in Figure 13-7. Figure 13-8 Publishing a printer in Active Directory. If you want to remove your printer from AD DS, right-click it and choose Remove from Directory or clear the List in the Directory check box. You can also use the pubprn.vbs script to publish a printer in AD DS from the command line. The syntax is as follows: Cscript Pubprn.vbs {<ServerName> | <UNCPrinterPath>} "LDAP://CN=<Container>,DC=<Container>" In this command, <ServerName> specifies the name of the server hosting the printer to be published. If omitted, the local server is assumed. <UNCPrinterPath> represents the UNC path to the shared printer being published. "LDAP:// CN=<Container>,DC=<Container>" specifies the path to the AD DS container where the printer is to be published. For example, to publish a printer named HPLaserJ located at Server1 to the Printers container in the que.com domain, use the following command at Server1: Cscript Pubprn.vbs \\Server1\HPLaserJ LDAP:// CN=Printers,DC=Que,DC=com" 548 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring Using Group Policy to Deploy Printer Connections Group Policy enables you to deploy printers in an AD DS domain environment, automatically making printer connections available to users and computers in the domain or organizational unit (OU). Use the following procedure to add printer connections to a Group Policy object (GPO): 1. In the details pane of the Print Management snap-in, right-click the desired printer and choose Deploy with Group Policy. (This option is visible in Figure 13-8, which was previously shown.) 2. The Deploy with Group Policy dialog box shown in Figure 13-9 opens. Click Browse and locate an appropriate GPO. If necessary, you can also create a new GPO for storing the printer connections. Figure 13-9 Using Group Policy to deploy printer connections. 3. Select either or both of the following options for deploying printer connec- tions to users or computers, as required: ■ Select The users that this GPO applies to (per user) to deploy to groups of users, enabling these users to access the printer from any computer to which they log on. ■ Select The computers that this GPO applies to (per machine) to deploy to groups of computers, enabling all users of the computers to access your printer. 4. Click Add. 5. Repeat Steps 2 to 4 to deploy the printer connection settings to another GPO, if required. 6. Click OK. Chapter 13: Configuring and Monitoring Print Services 549 Managing and Troubleshooting Printers Several factors must be considered in administering printers. Like any other shared resource, they can be assigned permissions and their use can be audited. Also, special printing configurations, such as printer pools, can be set up. Multiple printers can be configured for one print device to handle different types of jobs. Furthermore, lots of things can go wrong with print jobs. Complaints from users that they cannot print or are denied access can make up a significant portion of a network administrator or support specialist’s job. For detailed information on printer management including sample procedures, refer to “Print Management Step-by-Step Guide” at http://technet.microsoft. com/en-us/library/cc753109(WS.10).aspx. NOTE Using the Printer Properties Dialog box Each printer has a Properties dialog box associated with it that enables you to perform a large quantity of management tasks. You already saw how to share a printer or publish it in AD DS. This section discusses several additional tasks that you can perform from this dialog box. Right-click the printer in the details pane of the Print Management snap-in and choose Properties, or right-click the printer in the Control Panel Devices and Printers applet and choose Printer Properties to bring up this dialog box. In addition to the tabs discussed here, some printers show additional tabs; for example, color printers possess a Color Management tab that enables you to adjust color profile settings. Some printers possess a Version Information tab, which merely displays version information and contains no configurable settings. General Tab Use the General tab to rename the printer or modify the Location and Comment fields you supplied when installing the printer. You can also print a test page or modify printer preferences from this tab; click Preferences to open a dialog box that enables you to adjust settings, such as print quality, paper source, type, and size, maintenance factors such as print head cleaning, and so on. Appearance of, and options included in, this dialog box vary according to print device make and model. Ports Tab and Printer Pooling As shown in Figure 13-10, the Ports tab enables you to select various available ports to which a document will be printed. Documents will print to the first available 550 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring selected port. Click Add Port to bring up a dialog box that displays available port types and enables you to add new ports. From here, you can add a new TCP/IP port for accessing a network printer; a wizard is provided to guide you through the required steps. Options for configuring port options and deleting unneeded ports are also available. Figure 13-10 The Ports tab of the printer’s Properties dialog box enables you to configure printer ports and printer pooling. The Ports tab also enables you to configure printer pooling. A printer pool is a group of print devices that are connected to a single printer through multiple ports on the print server. These print devices should be the same make and model so that they use the same printer driver. This method is useful because it allows pooling of similar print devices. In high volume print situations, if one print device is busy, print jobs directed to a printer can be spooled to another available print device that is part of the printer pool and printing jobs are completed more quickly. To configure printer pooling, specify a different port for each print device in the printer pool. Then, select the check box labeled Enable printer pooling and click OK. To client computers, the printer pool appears as though it were a single printer. When users submit print jobs to the printer pool, the jobs are printed on any available print device. You should position the physical print devices in close proximity to each other so that the user does not have to search for print jobs. Enabling separator pages is a best practice that you should follow so that the users can locate their print jobs rapidly and conveniently. Chapter 13: Configuring and Monitoring Print Services 551 This tab also enables you to redirect a printer should a problem occur with its print device and you need to take it offline for maintenance. Redirecting a printer on the print server redirects all documents sent to that printer. However, you cannot redirect individual documents. To do so, click Add Port, and on the Printer Ports dialog box, select Local Port, and then click New Port. In the Port Name dialog box that appears, enter the UNC or URL path to the other printer, and then click OK. Configuration changes to the available ports on any print server affect all printers set up on that server. Also note that it is a good idea to locate all the print devices that make up a printer pool in the same general area of your operation. People won’t need to roam the halls of your organization in search of printed out jobs. TIP Advanced Tab The Advanced tab enables you to control the availability of the printer and configure drivers and spool settings. Available settings on this tab are shown in Figure 13-11 and described in Table 13-3. Figure 13-11 The Advanced tab of the printer’s Properties dialog box enables you to control availability, priority, and spooler settings. 552 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring Table 13-3 Configurable Advanced Printer Properties Setting Description Always available and available from Enables you to specify the hours of the day when the printer is available. For example, you can configure a printer that accepts large jobs to print only between 6 p.m. and 8 a.m. so that shorter jobs can be printed rapidly. Jobs submitted outside the available hours are kept in the print queue until the available time. Priority Enables you to assign a numerical priority to the printer. This priority ranges from 1 to 99, with higher numbers receiving higher priority. The default priority is 1. For example, you can assign a printer for managers with a priority of 99 so that their print jobs are completed before those of other employees. Spool print documents so program finishes printing faster Enables spooling of print documents. Select from the following: ■ Start printing after last page is spooled: Prevents documents from printing until completely spooled. Prevents delays when the print device prints pages faster than the rate at which they are provided. ■ Start printing immediately: The default option causes documents to be printed as rapidly as possible. Print directly to the printer Sends documents to the print device without first writing them to the print server’s hard disk drive. Recommended only for non-shared printers. Hold mismatched documents The spooler holds documents that do not match the available form until this form is loaded. Other documents that match the form can print. Print spooled documents first Documents are printed in the order that they finish spooling, rather than in the order that they start spooling. Use this option if you selected the Start printing immediately option. Keep printed documents Retains printed jobs in the print spooler. Enables a user to resubmit a document from the print queue rather than from an application. Enable advanced printing features Turns on metafile spooling and presents additional options like page order and pages per sheet. This is selected by default and should be turned off only if printer compatibility problems arise. Printing Defaults command button Selects the default orientation and order of pages being printed. Users can modify this from most applications if desired. Additional print devicespecific settings may be present. Print Processor command button Specifies the available print processor, which processes a document into the appropriate print job. Available print processors are described in “Print Processor” at http://technet.microsoft.com/en-us/library/cc976744. aspx. Chapter 13: Configuring and Monitoring Print Services 553 Setting Description Separator Page command button Enables you to specify a separator page file, which is printed at the start of a print job to identify the print job and the user who submitted it. This is useful for identifying printed output when many users access a single print device. TIP Unreadable output indicates incorrect printer drivers. If the printer produces a series of unintelligible characters rather than the expected output, the problem lies in the printer driver. Check with the manufacturer of the print device and ensure that you have installed the correct printer drivers. TIP You can configure different printers associated with the same print device so that managers’ print jobs are printed before those of other users or so that long print jobs wait until after hours to prevent tying up a print device for an extended period of time. To do this, simply assign a priority of 99 to the managers’ printer and 1 to the printer used by all other users. Also, assign permissions so that only the managers can print to their printer. Security Tab and Printer Permissions Just as you can assign permissions to files and folders as you learned in Chapter 9, you can assign permissions to printers. Printers have access control lists (ACL) that you can modify in the same manner. Use the following steps to configure a printer’s permissions from the Security tab of its Properties dialog box: 1. Select the Security tab of the printer’s Properties dialog box, as shown in Figure 13-12. 554 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring Figure 13-12 The Security tab of the printer’s Properties dialog box enables you to configure printer permissions. 2. If you need to add users or groups to the ACL, click Add to open the Select Users, Computers, or Groups dialog box. 3. In this dialog box, click Advanced, and then click Find now to locate the re- quired users or groups. You may also use the fields in the Common Queries area of the dialog box to narrow the search for the appropriate object. 4. Select one or more users or groups in the list, and then click OK. This returns you to the Security tab of the printer’s Properties dialog box. 5. Select the permissions you want to allow or deny from the available list. Table 13-4 describes the available permissions. 6. If you need to assign special permissions or check the effective permissions granted to a specific user, click Advanced. The options available are similar to those discussed in Chapter 9 for files and folders. 7. When you finish, click OK or Apply to apply your settings. Chapter 13: Configuring and Monitoring Print Services 555 Table 13-4 Windows Server 2008 Printer Permissions Permission Description Print Enables users to connect to the printer to print documents and control settings for their own documents only. Users can pause, delete, and restart their own jobs only. Manage this Enables users to assign forms to paper trays and set a separator page. Users printer can also pause, resume, and purge the printer, change printer properties and permissions, and even delete the printer itself. Also enables users to perform the tasks associated with the Manage Documents permission. Manage documents Enables users to pause, resume, restart, and delete all documents. Users can also set the notification level for completed print jobs and set priority and scheduling properties for documents to be printed. Special Similar to NTFS security permissions discussed in Chapter 9, the three default permissions printer permissions are made up of granular permissions. Click Advanced to bring up the Advanced Security Settings dialog box, from which you can configure these permissions, if required. The act of managing print jobs includes the two actions of resuming and restarting print jobs. Resuming a print job means to restart the job from the point at which it was paused, for example to add more paper to the printer. Restarting a print job means to restart it from the beginning, for example when the print job is being printed on the wrong type of paper. You can perform either of these tasks by rightclicking the print job in the print queue and selecting the appropriate option. NOTE TIP Print permissions behave in much the same fashion as file and folder permissions. As with file and folder permissions, printer permissions are cumulative, with the user receiving the sum of all permissions granted to any groups to which he belongs. If you explicitly deny a permission to a user or group by selecting a check box in the Deny column, this denial overrides any other allowed permissions the user might have, in exactly the same manner as discussed in Chapter 9 for file and folder permissions. 556 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring Migrating Print Queues and Printer Settings The Print Management snap-in enables you to export print queues, printer settings, printer ports, and language monitors, and then import these settings to another print server. Doing so enables you to consolidate multiple print servers or replace an older server. Use the following procedure to perform a print migration: 1. In the console tree of the Print Management snap-in, expand the Print servers node, right-click the print server whose queues you want to export, and select Export printers to a file. The Printer Migration Wizard starts. 2. On the Review the list of items to be exported page, verify the objects listed that will be exported and click Next. 3. On the Select the file location page, type the path to the required file or click Browse to locate an appropriate file. The file you specified will be saved with a .printerExport extension. 4. The Exporting page tracks the progress of the export, and then displays an Export complete message. This page also informs you of any errors that might have occurred. You can obtain information on any errors from Event Viewer by clicking the Open Event Viewer command button provided on this page. This button opens Event Viewer to a Printer Migration Events subnode that displays events related to the migration process. For more information, refer to Chapter 20, “Configuring Event Logs.” When done, click Finish. Use the following steps to import the print queue to the new server: 1. In the console tree of the Print Management snap-in, expand the Print servers node, right-click the print server whose queues you want to import, and select Import printers from a file. The Printer Migration Wizard starts. 2. On the Select the file location page, type or browse to the location of the .printerExport file to be imported. 3. On the Review the list of items to be imported page, review the list of objects that will be imported, and then click Next. 4. On the Select import options page, select the following import options: ■ Import mode: Select Keep existing printers to maintain the settings on any existing printers that are installed on this print server, or select Overwrite existing printers to restore printer information from the backup file and overwrite the settings for existing printers on this print server. Chapter 13: Configuring and Monitoring Print Services 557 ■ List in the directory: Select List printers that previously existed to maintain the current listing of printers in AD DS; select List all printers to add newly imported printers to the listing in AD DS; or select Don’t list any printers to clear the listing of printers in AD DS. ■ Select the Convert LPR Ports to Standard Port Monitors check box to convert Line Printer Remote (LPR) printer ports to the faster Standard Port Monitor when performing the import operation. 5. Click Next. 6. The Importing page tracks the progress of the import operation and displays an Import Complete operation when finished. This page also informs you of any errors that might have occurred. You can obtain information on any errors from Event Viewer by clicking Open Event Viewer, as previously described for the export action. When done, click Finish. You can also migrate printer queues and settings from the command line by using the Printbrm.exe command. For more information on exporting and importing print queues and settings, refer to “Migrate Print Servers” at http://technet. microsoft.com/en-us/library/cc722360.aspx. NOTE Isolating Printer Drivers Windows Server 2008 R2 introduces the capability to configure printer driver components to run in a process that is isolated from other processes including the spooler process. Doing so improves the reliability of the Windows print service by preventing a faulty printer driver from stopping all print operations on the print server. In previous Windows Server versions, including the original version of Windows Server 2008, printer drivers ran in the same process as the spooler; if a driver component were to fail, all print operations from the server would be halted. Driver isolation is specified by an INF file that installs the printer driver. If this file indicates that the driver being installed supports driver isolation, the installer automatically configures the driver to run in an isolated process. This is specified by a DriverIsolation keyword in the INF file. If this variable is set to 2, the driver supports driver isolation; if it is omitted or set to 0, the driver does not support driver isolation. To configure driver isolation, select the Drivers subnode under the print server in the Print Management snap-in. Right-click the driver and choose Set Driver Isolation 558 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring > Isolated, as shown in Figure 13-13. To disable driver isolation, choose None or Shared. Figure 13-13 Configuring printer driver isolation. For more information on printer driver isolation, refer to “Printer Driver Isolation” at http://msdn.microsoft.com/en-us/library/ff560836(VS.85). aspx. NOTE Sometimes, you might have a server on which you’ve installed different types of printers, such as laser, color laser, or color inkjet. Enabling printer driver isolation enables you to ensure that should a driver problem be encountered with one printer type, users can continue to use other printers of a different type on the same server. TIP Configuring Location-Aware Printer Settings Windows Server 2008 R2 introduces a location-aware default printer settings. Users with mobile computers running Windows 7 Professional, Enterprise, or Ultimate can configure a different default printer according to the network to which they are connected. For example, a user can specify a default printer when in the office, and a different default printer set for home. The laptop automatically selects the correct default printer according to the current location of the user. Chapter 13: Configuring and Monitoring Print Services 559 Use the following procedure on a Windows 7 computer to configure location-aware printing: 1. Click Start > Devices and Printers. The Control Panel Devices and Printers applet opens. 2. Select a printer from those displayed under Printers and Faxes, and then click the Manage Default Printers option on the menu bar. 3. From the Manage Default Printers dialog box that appears, select the Change my default printer when I change networks radio button. 4. Select a printer for each network to which you connect, click Add, and then click OK when finished. Delegating Print Management New to Windows Server 2008 R2 and Windows 7 is the ability to delegate printmanagement tasks directly to users who are not members of a group with built-in print-management capabilities, such as the Administrators, Server Operators, or Print Operators groups. This capability enables you to balance administrative workloads across users without the need to grant excessive administrative capabilities; it also enables you to configure default printer security settings on print servers so that new printers inherit these settings automatically as you install them. The Security tab of the print server’s Properties dialog box introduces the following new permissions, which enable you to delegate print management tasks: ■ View Server: Enables users to view the print server, including the printers that are managed by the server. By default, the Everyone group is granted this permission. ■ Manage Server: Enables users to create and delete print queues with already installed drivers, add or delete ports, and add or delete forms. By default, administrators and the Interactive group are granted this permission. A user who has been granted this permission is referred to as a “delegated print administrator.” You need to be a member of the Administrators group or running with administrative privileges to create a delegated print administrator. Use the following procedure: 1. In the console tree of the Print Management snap-in, right-click the print server and choose Properties. 560 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring 2. Select the Security tab to display the default permissions, as shown in Figure 13-14. Figure 13-14 The Security tab of the print server’s Properties dialog box enables you to delegate administrative control of printers attached to the server. 3. Click Add to add the user or group to which you want to delegate users, type the required user or group name, and then click OK. The user or group is added to the list in the Security tab. 4. Select this user or group and then select the check box under the Allow col- umn for Manage Server. (This also selects the View Server permission.) 5. Also, select the Print, Manage Documents, and Manage Printers permis- sions in the Allow column. 6. To delegate just the ability to add printers, follow Step 3 to add the user or group, and then select the Manage Server and Print permissions only. (This also selects the View Server permission.) 7. To delegate just the ability to manage existing print queues, follow Step 3, and then select the View Server, Print, Manage Documents, and Manage Printer permissions. 8. When finished, click OK to apply the permissions and close the Security tab of the Print Server Properties dialog box. Chapter 13: Configuring and Monitoring Print Services 561 For more information on delegating administrative control of printers, refer to “Assigning Delegated Print Administrator and Printer Permission Settings in Windows Server 2008 R2” at http://technet.microsoft.com/en-us/ library/ee524015(WS.10).aspx. Included in this reference are tables that describe the tasks that users granted the various permissions in the print server’s Security tab are entitled to perform. NOTE Troubleshooting Printer Problems Lots of things can go wrong in a print job’s journey from an application to a print device, with stops in between at the operating system and its print drivers. By having reviewed the printing process described at the beginning of this chapter, you can often locate the source of printing problems. Some Common Problems When a user complains that he cannot print, the first thing to do is check the physical aspects of the print device, such as the cable, power, and paper. If you need to check more advanced print device-related problems, refer to CompTIA A+ Cert Guide, 220-701 and 220-702 (by Mark Edward Soper, Scott Mueller, and David L. Prowse) for more suggestions. Access Denied errors usually indicate that printer permissions are not configured correctly or that they are not configured to the user’s liking. If the printed document comes out garbled, someone has installed an incorrect print driver. You should ensure that the correct driver for the problematic client is installed. (Click Additional Drivers on the Sharing tab of the printer’s Properties dialog box to add a driver.) Occasionally, this problem can result from a resource conflict with the parallel port or a damaged printer cable. Check the printer cable for damage; also check for conflicts using Device Manager. Occasionally, print jobs get stuck in the spooler. You might notice that no print jobs are coming out and the hard drive on the print server appears to be thrashing. If this should happen, you need to stop and restart the spooler service. Use the following procedure: 1. In the console tree of Server Manager, expand the Configuration node and select Services. This displays the list of services in the details pane. 2. Right-click Print Spooler and choose Stop. 562 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring 3. Right-click it again and choose Start. This clears the jammed print job from the queue and allows other print jobs to print. You can modify spool settings on a per-printer basis, making the printing process more efficient. The Advanced tab of the printer’s Properties dialog box contains several settings previously shown in Figure 13-11 and described in Table 13-3 that you can modify to optimize the spool process if necessary. Printer Port Problems Improperly configured printer ports can cause printing failures. Errors can occur if a user configures a computer to print directly to the printer or to use bidirectional printing when the print device does not support these functions. TCP/IP printing, like the protocol itself, is subject to connectivity problems that require a good grounding in the TCP/IP protocol, as provided in Chapter 1, “Configuring IPv4 and IPv6 Addressing.” If TCP/IP port problems occur, try configuring the standard TCP/IP port monitor for your printer. You may need to reconfigure the standard port monitor port from the printer’s Properties dialog box. On the Ports tab of this dialog box (previously shown in Figure 13-10), click Configure Port. You may need to check with the manufacturer of the print device to see if it supports Simple Network Management Protocol (SNMP). Printers use SNMP to return print status. On print devices that support SNMP, printer status is returned to the user, including errors that occur during printing. If a print device does not support SNMP, you will either receive a generic printing error message or no error message when a printing error occurs. You may need to add an additional TCP/IP port using the procedure described earlier in this chapter. You may also need to verify the port name and the printer name or IP address in the Ports tab of the printer’s Properties dialog box. To do so, click Configure Port, and make the required modifications in the Configure Standard TCP/IP Port Monitor dialog box that appears. Then, click OK and click Close to close the printer’s Properties dialog box. Enabling Notifications The Print Management snap-in enables you to set up filters that can respond to printers encountering problem conditions such as paper jams or running out of paper. Such a filter can perform an action such as sending an e-mail to an administrator, running a script, or so on. Use the following procedure to set up a filter for notification purposes: Chapter 13: Configuring and Monitoring Print Services 563 1. In the console tree of the Print Management snap-in, right-click Custom Filters and choose Add New Printer Filter. This starts the New Printer Filter Wizard. 2. On the Printer Filter Name and Description page, type a name and optional description, and then click Next. 3. On the Define a filter page shown in Figure 13-15, specify values for the filter criteria, as follows: ■ Field: Specify a characteristic for the print server, queue, or status. By specifying Queue Status, you can evaluate a printer’s current status. ■ Condition: Specify a Boolean characteristic, such as “is exactly,” “begins with,” “contains,” or several others. Available conditions depend on the Field value. ■ Value: The value to be matched for the criteria to be met. Figure 13-15 Defining a filter that alerts you to an out of paper condition on any printer attached to a server named Server1. 4. When finished specifying the appropriate criteria, click Next to display the Set Notifications (Optional) page. 5. On this page, select Send e-mail notification and type one or more e-mail addresses of individuals to be notified in the format [email protected] Also type the e-mail address of the sender, the name or IP address of the SMTP server that will relay the message, and message text to be included in the email. If you want to run a script, select Run script and type the path to the required script or click Browse to locate the script. Use the Additional arguments field to include any required script parameters. 6. When done, click Finish. 564 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring Exam Preparation Tasks Review All the Key Topics Review the most important topics in this chapter, noted with the key topics icon in the outer margin of the page. Table 13-5 lists a reference of these key topics and the page numbers on which each is found. Table 13-5 Key Topics for Chapter 13 Key Topic Element Description Page Number Table 13-2 Describes important terms that you might otherwise confuse with regard to printing. 537 List Shows you how to install the Print and Document Services server role. 540 List Shows you how to install a printer from Control Panel. 542 List Shows you how to install a printer from the Print Management snap-in. 544 Figure 13-7 Sharing a printer. 546 Figure 13-9 Deploying a printer connection using Group Policy. 548 Table 13-3 Describes configurable advanced printer properties. 552 Table 13-4 Describes printer permissions. 555 Paragraph Describes printer driver isolation. 557 List Shows you how to delegate print management tasks. 559 Chapter 13: Configuring and Monitoring Print Services 565 Complete the Tables and Lists from Memory Print a copy of Appendix B, “Memory Tables,” (found on the CD), or at least the section for this chapter, and complete the tables and lists from memory. Appendix C, “Memory Tables Answer Key,” also on the CD, includes the completed tables and lists to check your work. Definition of Key Terms Define the following key terms from this chapter, and check your answers in the Glossary. local printer, location-aware printing, network printer, print device, print driver, print driver isolation, print pooling, print queue, print server, print spooler, printer, printer pool, printer priority Index Numerics 6to4 addresses, 64-65 128-bit addressing. See IPv6 addressing 802.1X, 622, 676-678 802.3 standard, 623, 630-632 A access policies configuring for 802.3 networks, 630-632 for wireless networks, 623-628 access-based enumeration, enabling for DFS namespaces, 443-444 accounting, configuring RADIUS, 644-647 activating Pearson IT Certification Practice Test engine, 9 active study strategies, 7 AD (Active Directory) DHCP servers, authorizing, 116-117 DNS replication, 274-277 application directory partition, 274-275 replication scope, 275-277 printer connections, deploying, 548 printers, publishing, 546-547 adding connections to replication groups, 450-451 folders to DFS namespaces, 440-441 members to replication groups, 451 servers to DFS namespaces, 441-443 address classes IPv4, 41 IPv4 addresses, 41 IPv6 addressing, 58 AD-integrated zones, 250 administrative event logs, 804 advanced NTFS permissions, applying, 373-375 Advanced tab, configuring DNS server properties, 228-231 Advanced tab (Printer Properties dialog box), 551-552 AES (Advanced Encryption Standard), 193 alias resource records, creating, 302 analytic event logs, 804 anycast IPv6 addresses, 57 Application and Services Logs node (Event Viewer), 804-805 application directory partition, 274-275 application layer, 34 application layer (TCP/IP model), 36, 40-41 1004 applying NTFS permissions applying NTFS permissions, 371-373 approving updates (WSUS), 742-744 ARP (Address Resolution Protocol), 39, 70 ARPANET, 33 ATMA resource records, 305 auditing DNS replication, 283-287 authentication Connection Security Rules subnode (Windows Firewall with Advanced Security), configuring, 848-849 DirectAccess, configuring, 708 EAP, 621-622 remote access authentication protocols, 574-575 VPNs, 591-592 for wireless networking, planning, 621-622 authorizing DHCP servers in AD, 116-117 autoconfiguration flags (DHCP) v6, 94 B backing up data bare metal backups, performing, 472 EFS keys, 389-391 file servers, 467-472 to removable media, 472 with VSS, 477-482 with wbadmin command, 474-475 Windows Server Backup, backup permissions, 466 backup catalog, restoring, 475-476 backups managing remotely, 476-477 scheduling, 472-474 bare metal backups, performing, 472 bare metal recoveries, performing, 488-491 benefits of DirectAccess, 698 of IPv6 addressing, 55-56 best practices for EFS management, 385-386 for file sharing, 383-384 for quotas, 522-523 BitLocker, 395-408 data recovery agents, 405-408 enabling, 397-402 fixed data drive policies, 404-405 group policies, configuring, 403 managing, 402 operating system drives, 403 preparing computer for, 397 TPM, 395 BITS (Background Intelligent Transfer Service), 414 bitwise logical AND operation, 45 BranchCache configuring, 414-419 with Group Policy, 417-418 with netsh command, 415-416 deploying across VPNs, 419-420 firewall rules, specifying, 417-418 broadcasts (NetBIOS), 337 C cache locking, 239-240 caching-only servers, 255 candidates for MCITP/MCTS certification, 12 canonical names, 302 configuring 1005 capturing network data, 837-839 certification (MCITP/MCTS), candidates for, 12 CHAP (Challenge Handshake Authentication Protocol), 576 CIDR (Classless Interdomain Routing), 47 client computers, configuring WSUS, 748-753 client interface (Connection Manager), 610-611 client requirements, DirectAccess, 702-703 client-side targeting, configuring (WSUS), 741-742 CMAK (Connection Manager Administration Kit), 604-610 collecting real-time data with Performance Monitor, 764-766 collector initiated Event Subscriptions, configuring, 810-811 command line DHCP installing, 100 scopes, creating, 104-105 DNS, installing on Windows Server 2008 R2, 221 IPv4 addressing, configuring, 52-54 network data, capturing, 845-846 performance monitoring commands, 779 resource records, creating, 307 shadow copies, managing, 480 common-sense strategies communities, SNMP, 826-828 component protocols (TCP/IP) ARP, 39 ICMP, 39-40 IGMP, 40 IP, 39 TCP, 38 UDP, 38-39 components of DirectAccess, 699 of routing tables, 137 computer groups, 738-740 configuring BitLocker, group policies, 403 BranchCache, 414-419 with Group Policy, 417-418 with netsh command, 415-416 Connection Security Rules subnode, authentication, 848-849 DFS, domain controller polling, 444-445 DFS Replication, 447-448, 452-454 DHCP relay agents, 117-120 scope options, 108-116 scope properties, 107 DirectAccess authentication, 708 clients, 708-709 DirectAccess server feature, 703-706 DNS Advanced tab, 228-231 cache locking, 239-240 Debug Logging tab, 233-234 DnsUpdateProxy groups, 314-315 Event Logging tab, 235 Forwarders tab, 224-228 Interfaces tab, 223-224 Monitoring tab, 237-238 Root Hints tab, 231-233 socket pooling, 238-239 1006 configuring Trust Anchors tab, 235-237 zone transfers, 279-280 DNS Notify, 281 event logs, 806-807 Event Subscriptions, 809-814 subscriptions, 811-814 Event Subscriptions collector initiated, 810-811 source initiated, 810 events, tasks, 814-816 file sharing, 360-369 IPv4 addressing, 48-52 IPv6 addressing, 59-61 NAP policies, 684-688 WSHV, 681-684 NAT, 588-590 NAT server for DHCP, 586-587 NPS templates, 647-648 for wireless access, 635-638 NTFS permissions, inheritance, 375-377 Offline Files feature, 409-411 client computers, 411 transparent caching, 413 printers, location-aware settings, 558-559 RADIUS accounting, 644-647 resource records Name Server resource records, 311-314 security, 317-318 SOA resource records, 309-311 round robin, 316 RRAS, 140-141 demand-dial routing, 148-151 for dial-up connections, 577-581 IGMP proxy, 153-155 packet filtering, 151-153 RIP, 142-144 static routing, 145-147 secure zone transfers, 282-283 shared folder properties, 363-367 SNMP, 829-833 VPNs packet filtering, 601-603 on RRAS, 592-594 security, 595-598 Windows Firewall, 165-172 Windows Firewall with Advanced Security connection security rules, 180-184 inbound/outbound rules, 176-180 multiple firewall profiles, 174-176 notifications, 189 rule properties, 184-189 wireless networking, access policies, 623-628 WSUS, 733-737 client computers, 748-753 client-side targeting, 741-742 server-side targeting, 740 zones properties, 263-270 Connection Manager, 603-611 connection request policies configuring, 180-184 creating, 641-644 Connection Security Rules subnode (Windows Firewall with Advanced Security), 847-848 authentication, configuring, 848-849 connections, adding to replication groups, 450-451 DFS (Distributed File System) copying files and folders with NTFS permissions, 381-382 creating connection request policies, 641-644 delegated subdomains, 272-274 DHCP scopes, 101-104 file screens, 503-505 IPsec policies with Group Policy, 194-198 namespaces, 438-439 proxy groups, 639-640 quota templates, 520-522 resource records alias resource records, 302 with command line, 307 host resource records, 301 mail exchange resource records, 303 VPN connections, 594-596 zones GlobalNames zones, 262-263 reverse lookup zones, 259-261 secondary zones, 261-262 custom views creating for event logs, 807-808 importing and exporting, 808-809 customizing event logs, 805-809 Performance Monitor, 766 D DARPA (Advanced Research Projects Agency of the U.S. Department of Defense), 33 Data Collector Sets, 768-780 system-defined, 768-771 user-defined, 771-777 data link layer, 34 data recovery agents, BitLocker, 405-408 DDNS (Dynamic DNS), 266 debug event logs, 804 Debug Logging tab, configuring DNS server properties, 233-234 declining updates (WSUS), 744 decrypting EFS files, 391-392 default gateway, 42 delegated subdomains, creating, 272-274 delegating print management, 559-561 demand-dial routing, configuring, 148-151 denial of permission, 379 deploying BranchCache across VPNs, 419-420 printer connections with AD, 548 WSUS on disconnected networks, 747-748 DES (Data Encryption Standard), 193 designating read-only replicated folders, 451 development of TCP/IP, 33-34 DFS (Distributed File System), 358, 433-437. See also DFS Replication domain controller polling configuring, 444-445 improvements in Windows Server 2008 R2, 434-435 installing on Windows Server 2008 R2, 435-437 namespaces, 433 access-based enumeration, enabling, 443-444 creating, 438-439 folders, adding, 440-441 1007 1008 DFS (Distributed File System) managing, 438-445 servers, adding, 441-443 replication, 433 DFS Replication configuring, 447-448 failover cluster support, configuring, 452-454 health reports, generating, 454-455 managing, 445-455 RDC, 445 replication groups, 445, 451 DHCP (Dynamic Host Configuration Protocol), 89-95 DnsUpdateProxy groups, 314-315 four-phase leasing process, 89 lease acknowledgment, 92 lease offer, 91 lease request, 90-91 lease selection, 91-92 IPv4 leases, renewing, 92-93 NAP enforcement, 663-668 NAT server, configuring, 586-587 PXE boot, 120 relay agents, configuring, 117-120 scopes creating, 101-104 exclusions, 107 multicast scopes, 105-106 options, configuring, 108-116 properties, configuring, 107 split scopes, 106 superscopes, 104-105 servers authorizing in AD, 116-117 installing, 96-100 monitoring, 121-123 troubleshooting, 121-123 DHCPOFFER packets, 91 DHCPv6 autoconfiguration flags, 94 IPv6 leases, extending, 95 operation, 93-95 dial-up connections, configuring RRAS, 577-581 DirectAccess, 698-699 authentication, configuring, 708 benefits of, 698 client requirements, 702-703 clients, configuring, 708-709 components of, 699 server feature configuring, 703-706 installing, 703-706 server requirements, 700-701 disconnected networks, deploying WSUS on, 747-748 disk performance, troubleshooting, 784-786 disk quotas, enabling with FSRM, 516-519 disks, preparing for EFS, 386-387 distance-vector routing protocols, RIP, 133-135, 142-144 Distributed Cache mode (BranchCache), 415 DNS client settings, configuring, 331-334 delegated subdomains, creating, 272-274 DNSLint tool, 290 DnsUpdateProxy groups, 314-315 forwarders, 255-256 hierarchical nature of, 211-215 host names, 213-215 root-level domains, 212 effective permissions second-level domains, 213 top-level domains, 212-213 history of, 210 installing on Windows Server 2008 R2, 218-222 integrating with WINS, 269-270 name resolution process, 215 iterative queries, 216-217 recursive queries, 215-216 reverse lookup queries, 217-218 name servers, 253-257 namespaces, 210 NDDNS, 266 netmask ordering, 317 resource records, 299-307 ATMA, 305 Name Server resource records, configuring, 311-314 pointer resource records, 305 properties, configuring, 308-318 registering, 314 security, configuring, 317-318 SRV resource records, 305 round robin, configuring, 316 secure zone transfers, configuring, 282-283 server administration, 222-223 server lists, 326-328 server cache, updating, 334-335 server properties, configuring Advanced tab, 228-231 cache locking, 239-240 Debug Logging tab, 233-234 Event Logging tab, 235 Forwarders tab, 224-228 Interfaces tab, 223-224 Monitoring tab, 237-238 Root Hints tab, 231-233 source port randomization, 238-239 Trust Anchors tab, 235-237 slave servers, 256-257 split-brain configuration, 714 suffix search order lists, 328-330 zone scavenging, 267-269 zone transfers full zone transfers, 277-278 incremental zone transfers, 278-279 zones AD-integrated zones, 250 configuring, 257-263 forward lookup zones, 251-252 GlobalNames zones, 252-253 primary zones, 249 properties, configuring, 263-270 reverse lookup zones, 251-252 secondary zones, 250 stub zones, 251 troubleshooting, 287-290 DNS Notify, configuring, 281 DNS replication, 274-277 application directory partition, 274-275 auditing, 283-287 DNSLint tool, 290 DnsUpdateProxy groups, 314-315 domain controller polling (DFS), configuring, 444-445 domain isolation, 201 downloading DNSLint tool, 290 drives, mapping, 367-369 dynamic IPv4 addressing, 48 E EAP (Extensible Authentication Protocol), 576, 621-622 effective permissions, 379-381 denial of permission, 379 viewing, 380-381 1009 1010 EFS (Encrypting File System) EFS (Encrypting File System), 384-395 files decrypting, 391-392 encrypting, 387-389 group policies, 393-395 keys, backing up, 389-391 preparing disks for, 386-387 recovery agents, 392-393 enabling access-based enumeration for DFS namespaces, 443-444 BitLocker, 397-402 disk quotas with FSRM, 516-519 modems for RRAS dial-up connections, 581-583 notifications on printers, 562-563 encapsulation, VPNs, 591 encryption BitLocker, 395-396 data recovery agents, 405-408 enabling, 397-402 fixed data drive policies, 404-405 managing, 402 operating system drives, 403 preparing computer for, 397 TPM, 395 EFS, 384-385 files, encrypting, 387-389 group policies, 393-395 keys, backing up, 389-391 preparing disks for, 386-387 VPNs, 592 encryption methods IPsec, 193 planning for wireless networks, 622-623 enforcement options NAP, 659 802.1X enforcement, 676-678 DHCP enforcement, 663-668 IPsec enforcement, 670-676 RDS enforcement, 678-680 VPN enforcement, 668-670 Event Logging tab, configuring DNS server properties, 235 event logs custom views, 807-808 importing and exporting, 808-809 customizing, 805-809 subscriptions configuring, 811-814 subscriptions, configuring, 809-814 Event Subscriptions collector initiated configuring, 810-811 event logs, configuring, 809-814 source initiated, configuring, 810 event tasks, configuring, 814-816 Event Viewer, 799-805 Application and Services Logs node, 804-805 event logs, customizing, 805-809 logs properties, 802-803 viewing, 800-802 Task Scheduler, 814-816 exam preparing for, 4 self-assessment, 12 topics, 18 exceptions (file screens), creating, 506 exemptions, NRPTS, 714 Forwarders tab, configuring DNS server properties exporting custom views for event logs, 808-809 Windows Firewall with Advanced Security policies, 190-191 extending IPv6 leases, 95 F failover cluster support, configuring for DFS Replication, 452-454 features of Windows Server Backup, 465 File Classification, managing, 511-514 file groups, 502-503 File Management Tasks node (FSRM), 514-516 file screening, 501-506 exceptions, creating, 506 file groups, 502-503 monitoring, 506 File Server Resource Manager, 358 file servers, backing up with Windows Server Backup, 467-472 File Services installing, 359-360 role of, 358-360 file sharing, 362-363 configuring, 360-369 network discovery, 361 password protected sharing, 361 public folder sharing, 361 file systems DFS, 433-437 namespaces, 433 replication, 433 DFS (Distributed File System), managing namespaces, 438-445 NTFS permissions, 369-384 transactional NTFS, 359 files EFS decryption, 391-392 EFS encryption, 387-389 permissions, NTFS permissions, 369-384 recovering with shadow copies, 480-482 securing, 383-384 sharing, 358, 383-384 Offline Files feature, 408-413 filtering captured network data, 839-844 event logs, 806 fixed data drive policies, BitLocker, 404-405 folders adding to DFS namespaces, 440-441 permissions, NTFS permissions, 369-384 read-only replicated folders, designating, 451 recovering with shadow copies, 480-482 securing, 383-384 shared folders managing, 368-369 properties, modifying, 363-367 removing, 363 sharing, 358, 383-384 public folder sharing, 361 WindowsImageBackup, 471 forward lookup zones, 251-252 forwarders, 255-256 Forwarders tab, configuring DNS server properties, 224-228 1011 1012 four-layer TCP/IP model four-layer TCP/IP model, 35-37 application layer, 40-41 four-phase leasing process (DHCP), 89 lease acknowledgment, 92 lease offer, 91 lease request, 90-91 lease selection, 91-92 FRS (File Replication Service), 445 FSRM (File Server Resource Manager), 500 disk quotas, enabling with Windows Explorer File Classification, managing, 511-514 File Management Tasks node, 514-516 file screening managing, 501-506 monitoring, 506 installing, 501 Quota Management node, 516-523 storage reports, 506-511 options, 508-509 parameters, specifying, 507-508 report generation, scheduling, 509-511 FTP (File Transfer Protocol), troubleshooting IPv4/IPv6 connectivity, 70 full mesh replication topology, 449 full server recoveries performing with Windows Server Backup, 488-491 with wbadmin command, 491-492 full zone transfers, 277-278 G gateways, 137 GDI (graphics device interface), 538 General tab (Printer Properties dialog box), 549 generating DFS Replication health reports, 454-455 global unicast addresses, 58 GlobalNames zones, 252-253, 262-263 group policies BitLocker, configuring, 403 EFS, 393-395 Group Policy BranchCache, configuring, 417-418 DirectAccess clients, configuring, 708-709 IPsec policies, creating, 194-198 migrating IPv4 to IPv6, 66-67 Offline Files feature, configuring, 411-412 printer connections, deploying, 548 Windows Firewall with Advanced Security policies, creating, 198-199 H hard quotas, 519 health policies, configuring NAP, 684-688 health reports, generating for DFS Replication, 454-455 hierarchical nature of DNS, 211 host names, 213-215 root-level domains, 212 second-level domains, 213 top-level domains, 212-213 history of DNS, 210 of TCP/IP, 33-34 hops, 133 host names, 213-215 IPsec host resource records, creating, 301 Hosted Cache mode (BranchCache), 415 HOSTS file, name resolution, 335-337 hub and spoke replication topology, 449 Hyper-V failover cluster, 707 I ICMP (Internet Control Message Protocol), 39-40 ICS (Internet Connection Sharing), configuring, 589-590 IEEE 802.3 standard, 623 access policies, configuring, 630-632 IGMP (Internet Group Management Protocol), 40 IGMP proxy, configuring on RRAS, 153-155 IKEv2 (Internet Key Exchange version 2), 574 importing custom views for event logs, 808-809 Windows Firewall with Advanced Security policies, 190-191 improvements to DFS in Windows Server 2008 R2, 434-435 inbound rules, configuring for Windows Firewall with Advanced Security, 176-180 incremental zone transfers, 278-279 infrastructure networks, 620 inheritance, configuring NTFS permissions, 375-377 installing CMAK, 605-610 DFS on Windows Server 2008 R2, 435-437 DHCP server, 96-100 DirectAccess server feature, 703-706 DNS on Windows 2008 R2, 218-222 File Services, 359-360 FSRM, 501 Network Monitor, 835-837 practice test, 8 Print and Document Services server role on Windows Server 2008, 540-541 printers, 541-545 RRAS, 138-140 SNMP, 828-829 Windows Server Backup, 466-467 WINS servers, 340 WSUS, 728-731 integrating DNS with WINS, 269-270 interface list, 137 Interfaces tab, configuring DNS server properties, 223-224 Internet layer (TCP/IP model), 37 interoperability IPv4 and IPv6, 62-65 interoperability, IPv4 and IPv6 6to4 addresses, 64-65 ISATAP addresses, 63 Teredo addresses, 65 IP (Internet Protocol), 39 ipconfig command, 288-290 troubleshooting IPv4/IPv6 connectivity, 71-72 IPsec, 623 encryption, 193 isolation policies, 201 NAP enforcement, 670-676 policies, creating with Group Policy, 194-198 1013 1014 IPsec Transport mode, 191 Tunnel mode, 191 IPv4 addressing components, 42 configuring, 48-54 connectivity, troubleshooting, 68-75 DHCP, NAP enforcement options, 663-668 dynamic addressing, 48 four-phase leasing process (DHCP), 89 lease acknowledgment, 92 lease request, 90-91 lease selection, 91-92 interoperability with IPv6, 62-65 leases, renewing, 92-93 migrating to IPv6 with Group Policy, 66-67 name resolution HOSTS file, 335-337 LLMNR, 345-347 NetBIOS, 337-345 NAT, 584-590 configuring, 588-589 ICS, configuring, 589-590 private addressing, 48 static addressing, 41-44 subnet masks, 44 subnetting, 44-46 bitwise logical AND operation, 45 netmask, 137 supernetting, 47 CIDR, 47 troubleshooting, 75-80 IPv6 addressing, 54-67 address classes, 58 benefits of, 55-56 configuring, 59-61 connectivity, troubleshooting, 68-75 interoperability with IPv4, 62-65 leases, extending, 95 prefixes, 56 syntax, 56-59 troubleshooting, 75-80 ISATAP addresses, 63 isolating print drivers, 557-558 isolation policies, 201 iterative queries, 216-217 J-K-L keys (EFS), backing up, 389-391 L2TP (Layer 2 Tunneling Protocol), 574 layers of OSI Reference model, 34 of TCP/IP model, 35-37 learning styles,5 link-local unicast addresses, 58 LLMNR (Link Local Multicast Name Resolution), 345-347 LMHOSTS file, name resolution, 339-340 load balancing, configuring round robin, 316 location-aware printer settings, configuring, 558-559 logs Application and Services Logs node (Event Viewer), 804-805 properties, 802-803 viewing in Event Viewer, 800-802 LUNs (logical unit numbers), 523-524 Name Server resource records M M flag, 94 macro study strategy, 6 mail exchange resource records, creating, 303 managing backups on remote server, 476-477 BitLocker, 402 DFS Replication, 445-455 EFS, best practices, 385-386 file screening, 501-506 exceptions, creating, 506 file groups, 502-503 file screens, creating, 503-505 FSRM, File Classification, 511-514 namespaces, 438-445 quotas with FSRM, 516-523 shadow copies with command line, 480 with Windows Explorer, 478-479 shared folders, 368-369 shared resources, 425 storage reports (FSRM), 506-511 mapping drives, 367-369 MCITP exam, preparing for, 4 MCTS exam, preparing for, 4 members, adding to replication groups, 451 memory performance, troubleshooting, 781-783 messages, SNMP, 825-826 metrics, 133 MIB (Management Information Base), 824-825 micro study strategy, 6 migrating print queues, 556-557 migrating IPv4 to IPv6, Group Policy, 66-67 modems, enabling for RRAS dial-up connections, 581-583 monitoring DHCP servers, 121-123 file screening, 506 print servers, 779-780 Monitoring tab, configuring DNS server properties, 237-238 moving files and folders with NTFS permissions, 382 MS-CHAPv2 (Microsoft Challenge Handshake Protocol version 2), 576 multicast IPv6 addresses, 57 multicast scopes, 105-106 multiple firewall profiles, configuring on Windows Firewall, 174-176 N name resolution DNS iterative queries, 216-217 recursive queries, 215-216 reverse lookup queries, 217-218 HOSTS file, 335-337 LLMNR, 345-347 NetBIOS broadcasts, 337 LMHOSTS file, 339-340 troubleshooting, 344-345 WINS servers, 340-344 Name Server resource records, configuring properties, 311-314 1015 1016 name servers name servers, 253-257 namespaces, 210, 433 access-based enumeration, enabling, 443-444 creating, 438-439 folders, adding, 440-441 managing, 438-445 servers, adding, 441-443 NAP (Network Access Protection), 658-663 components, 660-662 enforcement options 802.1X enforcement, 676-678 DHCP enforcement, 663-668 IPSec enforcement, 670-676 RDS enforcement, 658, 678-688 VPN enforcement, 668-670 policies, configuring, 684-688 SHVs, 658, 680-688 WSHV, configuring, 681-684 NAT (Network Address Translation), 584-590 configuring, 588-589 ICS, configuring, 589-590 Nbstat utility, troubleshooting IPv4/ IPv6 connectivity, 72 NDDNS (non-dynamic DNS), 266 need for routing, 132-133 net share command, 368-369 NetBIOS name resolution broadcasts, 337 LMHOSTS file, 339-340 WINS servers, 340-344 troubleshooting, 344-345 netmask, 137 netmask ordering, 317 netsh command, 53 BranchCache, configuring, 415-416 Netstat command-line tool, troubleshooting IPv4/IPv6 connectivity, 72-73 Network and Sharing Center file sharing, configuring, 360-369 network drives, mapping, 367-369 opening, 361 shared folders, configuring properties, 363-367 network data capturing, 837-839 filtering, 839-844 network discovery, 361 network drives, mapping, 367-369 network interface layer (TCP/IP model), 37 network layer, 34 Network Monitor aliases, 844-845 captured network data, filtering, 839-844 installing, 835-837 network data, capturing, 837-839 network performance, optimizing, 786-787 NFS (Network File System), 358 non-delegated subdomains, creating, 271 notifications, enabling on printers, 562-563 NPS (Network Policy Server), 633 installing on Windows Server 2008 R2, 634-635 proxy groups, creating, 639-640 templates, configuring, 647-648 wireless access, configuring, 635-638 Performance Monitor NRPTs (Name Resolution Policy Tables) exemptions, 714 split-brain DNS configuration, 714 nslookup command, 288-290 Nslookup command-line tool, troubleshooting IPv4/IPv6 connectivity, 73 NTFS (New Technology File System) permissions, 369-384 advanced permissions, specifying, 373-375 applying, 371-373 effective permissions, 379-381 files and folders, copying with, 381-382 inheritance, configuring, 375-377 moving files and folders with, 382 Take Ownership permission, 377-379 transactional NTFS, 359 O O flag, 94 Offline Files feature, 408-413 client computers, configuring, 411 configuring, 409-411 transparent caching, configuring, 413 opening Network and Sharing Center, 361 operational event logs, 804 optimizing disk performance, 784-786 network performance, 786-787 processor utilization, 783-784 OSI Reference model, 34 outbound rules, configuring for Windows Firewall with Advanced Security, 176-180 ownership of files/folders, transferring with Take Ownership permissions, 377-379 P packet filtering configuring on RRAS, 151-153 VPNs, configuring, 601-603 PAP (Password Authentication Protocol), 576 parameters for FSRM storage reports, specifying, 507-508 password protected sharing, 361 pathping command, troubleshooting IPv4/IPv6 connectivity, 75 PEAP (Protected EAP), 622 Pearson IT Certification Practice Test engine activating, 9 installing, 8 Premium Edition, 10 Performance Monitor, 762-768 customizing, 766 Data Collector Sets system-defined, 768-771 user-defined, 771-777 disk performance, troubleshooting, 784-786 memory performance, troubleshooting, 781-783 network performance, troubleshooting, 786-787 processor utilization, troubleshooting, 783-784 real-time data, collecting, 764-766 required permissions, 767-768 1017 1018 performing performing bare metal backups, 472 bare metal recoveries, 488-491 full server recoveries with wbadmin command, 491-492 perimeter networks, DirectAccess installation, 707 permissions NTFS, 369-384 applying, 371-373 applying advanced permissions, 373-375 copying files and folders with, 381-382 effective permissions, 379-381 inheritance, configuring, 375-377 moving files and folders with, 382 Take Ownership permission, 377-379 Performance Monitor requirements, 767-768 persistent routes, 137 physical layer, 34 ping command, 288-290 troubleshooting IPv4/IPv6 connectivity, 73-74 planning encryption methods for wireless networks, 622-623 wireless networking, authentication, 621-622 pointer resource records, 305 Ports tab (Printer Properties dialog box), 549-551 PPP (Point-to-Point Protocol), 574 PPTP (Point-to-Point Tunneling Protocol), 574 practice exam answers, 920 questions, 852 practice test activating, 9 installing, 8 Premium Edition, 10 preparing for, 10 prefixes, IPv6 addressing, 56 preparing computer for BitLocker, 397 for exam active study strategies, 7 common-sense strategies, 7 macro study strategy, 6 micro study strategy, 6 pretesting, 7 self-assessment, 12 presentation layer, 34 pretesting for exam, 7 primary name servers, 253-254 primary zones, 249 Print and Document Services server role, installing on Windows Server 2008 R2, 540-541 print devices, 537 print drivers, 537 isolating, 557-558 Print Management Console, installing printers, 544-545 print management, delegating, 559-561 print queues, 537 migrating, 556-557 print servers, 537, 779-780 print spooling, 537 printers, 537 installing, 541-545 location-aware settings, configuring, 558-559 recursive queries notifications, enabling, 562-563 printing process, 538-539 publishing in AD, 546-547 sharing, 362-363, 545-546 troubleshooting, 561-563 private IPv4 addresses, 48 processor utilization, troubleshooting, 783-784 properties of demand-dial routing, configuring, 150-151 of DNS servers, configuring Forwarders tab, 224-228 Interfaces tab, 223-224 Root Hints tab, 231-233 of event logs, 802-803, 806-807 of resource records, configuring, 309-311 of shared folders, configuring, 363-367 Properties dialog box (printers) Advanced tab, 551-552 General tab, 549 Ports tab, 549-551 Security tab, 552-555 protocol analyzers, 833-834 placement of, 834-835 provisioning shared resources with Share and Storage Manager, 422-424 proxy groups, creating, 639-640 public folder sharing, 361 public key cryptography, 385-386 publishing printers in AD, 546-547 PXE boot, 120 Q Quota Management node (FSRM), 516-523 quota templates, creating, 520-522 quotas, best practices, 522-523 R RADIUS accounting, configuring, 644-647 clients, configuring, 638-639 connection request policies, creating, 641-644 NPS, 633 configuring for wireless access, 635-638 installing on Windows Server 2008 R2, 634-635 proxy groups, creating, 639-640 RDC (remote differential compression), 445 RDS (Remote Desktop Services), NAP enforcement, 678-680 read-only replicated folders, designating, 451 Reconnect feature (VPNs), 598-599 recovering files/folders with shadow copies, 480-482 with Windows Server Backup system state, 486-488 recovering data full server recoveries, 488-491 with Windows Server Backup, 482-486 recovery agents (EFS), 392-393 recursive queries, 215-216 1019 1020 registering resource records registering resource records, 314 relay agents (DHCP), configuring, 117-120 Reliability Monitor, 787-789 remote access protocols, 573-577 remote access authentication protocols, 574-575 remote servers, managing backups, 476-477 removable media, backing up data to, 472 removing shared folders, 363 renewing IPv4 leases, 92-93 replication, 433 replication groups, 445 connections, adding, 450-451 members, adding, 451 replication partners, 342 replication topologies, 449-450 reports (WSUS), viewing, 745-747 Resource Monitor, 789-791 resource records, 299-300 alias, creating, 302 ATMA resource records, 305 creating with command line, 307 host, creating, 301 mail exchange, creating, 303 Name Server resource records, configuring properties, 311-314 pointer resource records, 305 registering, 314 SOA resource records, configuring properties, 309-311 SRV resource records, 305 restoring backup catalog, 475-476 reverse lookup queries, 217-218 reverse lookup zones, 251-252, 259-261 RFCs, 34 RIP (Routing Information Protocol), 133-135, 142-144 RIPv2, 134-135 role of File Services in Windows Server 2008 R2, 358-360 Root Hints tab, configuring DNS server properties, 231-233 root-level domains, 212 round robin, configuring, 316 routing. See also routing protocols; routing tables demand-dial routing, configuring, 148-151 hops, 133 metrics, 133 need for, 132-133 static routing, configuring, 145-147 routing protocols, 133-135 RIP, 133-135, 142-144 routing tables, 135-136 RRAS (Routing and Remote Access Service), 136-147, 575-577 configuring, 140-141 demand-dial routing, configuring, 148-151 dial-up connections configuring, 577-581 modems, enabling, 581-583 IGMP proxy, configuring, 153-155 installing, 138-140 packet filtering, configuring, 151-153 RIP, configuring, 142-144 static routing, configuring, 145-147 VPNs, configuring, 592-594 sharing 1021 S SANs (storage area networks), Storage Manager for SANs, 523-526 scheduling backups, 472-474 FSRM storage report generation, 509-511 scopes (DHCP) creating, 101-104 exclusions, 107 multicast scopes, 105-106 options, configuring, 108-116 properties, configuring, 107 split scopes, 106 superscopes, 104-105 secondary name servers, 254-255 secondary zones, 250 creating, 261-262 second-level domains, 213 secure zone transfers, configuring, 282-283 security authentication remote access authentication protocols, 574-575 VPNs, 591-592 encryption, EFS, 384-395 NAP, 658-663 components, 660-662 enforcement options, 659 policies, configuring, 684-688 SHVs, 658, 680-688 password protected sharing, 361 resource records, configuring, 317-318 VPNs audit policies, 599-600 configuring, 595-598 Windows Firewall, configuring, 165-172 Security tab (Printer Properties dialog box), 552-555 self-assessment, 12 server cache (DNS), updating, 334-335 server feature (DirectAccess), installing, 703-706 server isolation, 201 server lists, 326-328 server requirements, DirectAccess, 700-701 server-side targeting, configuring (WSUS), 740 servers, adding to DFS namespaces, 441-443 session layer, 34 SHA (system health agent), 680 shadow copies folders, recovering, 480-482 managing with command line, 480 managing with Windows Explorer, 478-479 Share and Storage Management Console, 421-425 shared resources managing, 425 provisioning, 422-424 sharing, 358 best practices, 383-384 files, Offline Files feature, 408-413 folders, 362-363 properties, modifying, 363-367 public folder sharing, 361 password protected sharing, 361 printers, 362-363, 545-546 shared folders, managing, 368-369 1022 SHVs (system health validators) SHVs (system health validators), 658, 680-688 WSHV, configuring, 681-684 slave servers, 256-257 smart cards, 576 SNMP (Simple Network Management Protocol) communities, 826-828 configuring, 829-833 installing, 828-829 messages, 825-826 MIB, 824-825 SOA resource records, configuring properties, 309-311 socket pooling (DNS), 238-239 soft quotas, 519 source initiated Event Subscriptions, configuring, 810 source port randomization, 238-239 specifying aliases, 844-845 BranchCache firewall rules, 417-418 storage report parameters, 507-508 split scopes, 106 split-brain DNS configuration, 714 SRV resource records, 305 standards for wireless networking, 620 static addressing, IPv4, 41-44 static routing, configuring, 145-147 Storage Manager for SANs, 523-526 LUNs, 523-524 storage reports (FSRM), 506-511 options, 508-509 parameters, specifying, 507-508 report generation, scheduling, 509-511 strategies for studying, 6 stub zones, 251 study strategies, 6 styles of learning, 5 subnet masks, 42, 44 netmasks, 137 subnetting, 44-46 bitwise logical AND operation, 45 suffix search order lists, 328-330 supernetting, 47 superscopes, 104-105 syntax, IPv6 addressing, 56-59 System State recovering, 486-488 Windows Server Backup, 464-465 system-defined Data Collector Sets, 768-771 T Take Ownership permission, 377-379 Task Scheduler, 814-816 TCP (Transmission Control Protocol), 38 TCP/IP, component protocols, 38-40 connectivity, troubleshooting, 70-75 four-layer model, 35-37, 40-41 history of, 33-34 IPv4 addressing address classes, 41 components, 42 configuring, 48-52-54 dynamic addressing, 48 four-phase leasing process (DHCP), 89-92 updates (WSUS) interoperability with IPv6, 62-65 leases, renewing, 92-93 migrating to IPv6 with Group Policy, 66-67 NAT, 584-590 private addressing, 48 static addressing, 41-44 subnet masks, 44 subnetting, 44-46 supernetting, 47 troubleshooting, 75-80 IPv6 addressing, 54-67 address classes, 58 benefits of, 55-56 configuring, 59-61 interoperability with IPv4, 62-65 prefixes, 56 syntax, 56-59 troubleshooting, 75-80 templates NPS, configuring, 647-648 quota templates, creating, 520-522 templates (file screens), creating, 503-505 Teredo addresses, 65 testing updates, 738-742 topics for exam, 4 top-level domains, 212-213 TPM (Trusted Platform Module), 395 tracert command, troubleshooting IPv4/IPv6 connectivity, 74 transactional NTFS, 359 transferring ownership of files/folders, 377-379 transparent caching, configuring Offline Files feature, 413 transport layer OSI Reference model, 34 TCP/IP model, 36-37 Transport mode (IPsec), 191 Triple DES, 193 troubleshooting DHCP servers, 121-123 disk performance, 784-786 IPv4 addressing, 75-80 IPv4/IPv6 connectivity TCP/IP utilities, 70-75 Windows Server 2008 diagnostics tools, 68-75 IPv6 addressing, 75-80 memory performance, 781-783 NetBIOS, 344-345 network performance, 786-787 printers, 561-563 processor utilization, 783-784 zones, 287-290 Trust Anchors tab, configuring DNS server properties, 235-237 Tunnel mode (IPsec), 191 U UDP (User Datagram Protocol), 38-39 UNC (universal naming convention) path, 433 unicast IPv6 addresses, 56-57 unique local IPv6 unicast addresses, 58 updates (WSUS) approving, 742-744 declining, 744 testing, 738-742 1023 1024 updating with WSUS updating with WSUS, 724-727 user profiles, restoring with Windows Server Backup, 486 user-defined Data Collector Sets, 771-777 V viewing effective permissions, 380-381 logs in Event Viewer, 800-802 WSUS reports, 745-747 volume quotas, managing with FSRM, 516-523 VPNs (virtual private networks), 590 audit policies, 599-600 authentication, 591-592 configuring on RRAS, 592-594 connections, creating, 594-596 data encryption, 592 deploying BranchCache on, 419-420 encapsulation, 591 NAP enforcement, 668-670 packet filters, configuring, 601-603 Reconnect feature, enabling, 598-599 remote access policies, 601 security, configuring, 595-598 VSS (Volume Shadow Copy Service), 477-482 shadow copies folders, recovering, 480-482 managing with command line, 480 managing with Windows Explorer, 478-479 W wbadmin command data backups, performing, 474-475 full server recoveries, performing, 491-492 WEP (Wired Equivalent Privacy), 622 Windows Explorer, managing shadow copies, 478-479 Windows Firewall, configuring. See also Windows Firewall with Advanced Security Windows Firewall with Advanced Security, 172-191, 848-849 connection security rules, configuring, 180-184 Connection Security Rules subnode, 847-848 inbound/outbound rules, configuring, 176-180 multiple firewall profiles, configuring, 174-176 notifications, configuring, 189 policies, creating with Group Policy, 198-199 policies, importing/exporting, 190-191 rule properties, configuring, 184-189 Windows Search Service, 359 Windows Server 2008 connectivity, troubleshooting, 68-70 DFS improvements to, 434-435 installing, 435-437 DHCP server installation, 96-100 DNS, installing, 218-222 File Services, installing, 359-360 NPS, installing, 634-635 WSUS (Windows Server Update Service) Offline Files feature, 408-413 Print and Document Services server role, installing, 540-541 RAS client, configuring, 583 RRAS, 136-147 configuring, 140-141 installing, 138-140 Storage Manager for SANs, 523-526 WSUS, installing, 728-731 Windows Server Backup, 464-477 backup catalog, restoring, 475-476 backups permissions, 466 scheduling, 472-474 bare metal backups, performing, 472 bare metal recoveries, performing, 488-491 features, 465 file server, backing up, 467-472 installing, 466-467 recovering data, 482-486 removable media, backing up data to, 472 System State, 464-465 system state, recovering, 486-488 user profiles, recovering, 486 Windows Update, 724-727 Windows XP clients, creating wireless access policies, 628-630 WindowsImageBackup folder, 471 WINS (Windows Internet Naming Service) address, 42 WINS servers installing, 340 integrating with DNS, 269-270 name resolution, 340-344 wireless networking access policies, configuring, 623-628 authentication EAP, 621-622 planning, 621-622 encryption methods, planning, 622-623 standards, 620 WSHV (Windows Security Health Validator), configuring, 681-684 WSUS (Windows Server Update Service), 724-727 client computers, configuring, 748-753 client-side targeting, configuring, 741-742 computer groups, 738-740 configuring, 733-737 on disconnected networks, 747-748 installing, 728-731 reports, viewing, 745-747 server-side targeting, configuring, 740 updates approving, 742-744 declining, 744 testing, 738-742 1025 1026 zone scavenging X-Y-Z zone scavenging, 267-269 zone transfers full zone transfers, 277-278 incremental zone transfers, 278-279-280 zones, 249-253 AD-integrated zones, 250 forward lookup zones, 251-252 GlobalNames zones, 252-253, 262-263 primary zones, 249 properties, configuring, 263-270 reverse lookup zones, 251-252, 259-261 secondary zones, 250, 261-262 stub zones, 251 troubleshooting, 287-290
* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project
advertisement
© 2021