MCTS 70-642 Cert Guide

MCTS 70-642 Cert Guide
MCTS 70-642 Cert Guide:
Windows Server 2008
Network Infrastructure,
Configuring
®
Don Poulton
800 East 96th Street
Indianapolis, Indiana 46240 USA
MCTS 70-642 Cert Guide: Windows Server® 2008 Network
Infrastructure, Configuring
Associate Publisher
Dave Dusthimer
Copyright © 2012 by Pearson Education, Inc.
Acquisitions Editor
Betsy Brown
All rights reserved. No part of this book shall be reproduced, stored in
a retrieval system, or transmitted by any means, electronic, mechanical,
photocopying, recording, or otherwise, without written permission from
the publisher. No patent liability is assumed with respect to the use of the
information contained herein. Although every precaution has been taken in
the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages
resulting from the use of the information contained herein.
Printed in the United States of America
First Printing: February 2012
ISBN-978-0-7897-4830-0
ISBN-0-7897-4830-4
Library of Congress Cataloging-in-Publication data is on file.
Trademarks
All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Pearson cannot attest to
the accuracy of this information. Use of a term in this book should not be
regarded as affecting the validity of any trademark or service mark.
Warning and Disclaimer
Every effort has been made to make this book as complete and as accurate
as possible, but no warranty or fitness is implied. The information provided
is on an “as is” basis. The author and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss or
damages arising from the information contained in this book or from the
use of the CD or programs accompanying it.
Bulk Sales
Que Publishing offers excellent discounts on this book when ordered in
quantity for bulk purchases or special sales. For more information, please
contact
U.S. Corporate and Government Sales
1-800-382-3419
[email protected]
For sales outside of the U.S., please contact
International Sales
[email protected]
Development Editor
Box Twelve
Communications, Inc.
Managing Editor
Sandra Schroeder
Project Editor
Mandie Frank
Copy Editor
Sheri Cain
Indexer
Tim Wright
Proofreader
Leslie Joseph
Technical Editors
Chris Crayton
Darril Gibson
Publishing Coordinator
Vanessa Evans
Multimedia Developer
Timothy Warner
Interior Designer
Gary Adair
Page Layout
Mark Shirar
Contents at a Glance
Introduction 3
CHAPTER 1
Configuring IPv4 and IPv6 Addressing 27
CHAPTER 2
Configuring Dynamic Host Configuration Protocol (DHCP)
CHAPTER 3
Configuring Routing
CHAPTER 4
Configuring Windows Firewall with Advanced Security 159
CHAPTER 5
Installing and Configuring Domain Name System (DNS)
CHAPTER 6
Configuring DNS Zones and Replication
CHAPTER 7
Configuring DNS Records
CHAPTER 8
Configuring Client Computer Name Resolution
CHAPTER 9
Configuring File Servers
CHAPTER 10
Configuring Distributed File System (DFS) 429
CHAPTER 11
Configuring Backup and Restore
459
CHAPTER 12
Managing File Server Resources
495
CHAPTER 13
Configuring and Monitoring Print Services
CHAPTER 14
Configuring Remote Access
CHAPTER 15
Configuring Network Policy Server (NPS)
CHAPTER 16
Configuring Network Access Protection (NAP)
CHAPTER 17
Configuring DirectAccess
CHAPTER 18
Windows Server Update Services (WSUS) Server Settings 719
CHAPTER 19
Configuring Performance Monitoring
CHAPTER 20
Configuring Event Logs
CHAPTER 21
Collecting Network Data
127
295
321
351
531
567
615
653
693
757
795
819
Answers to Practice Exam
921
APPENDIX A Answers to the “Do I Know This Already?” Quizzes
1003
CD-only Elements:
APPENDIX B Memory Tables
2
APPENDIX C Memory Tables Answer Key
Glossary
2
205
243
Practice Exam 853
Index
83
2
961
iv
MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring
Table of Contents
Introduction 3
Chapter 1
Configuring IPv4 and IPv6 Addressing 27
“Do I Know This Already?” Quiz 28
Concepts of TCP/IP 33
TCP/IP History in Brief 33
TCP/IP Protocol Stack 34
OSI Reference Model 34
Four-Layer TCP/IP Model 35
Application Layer 36
Transport Layer 36
Internet Layer 37
Network Interface Layer 37
TCP/IP Component Protocols 38
Transmission Control Protocol 38
User Datagram Protocol 38
Internet Protocol 39
Address Resolution Protocol 39
Internet Control Message Protocol 39
Internet Group Management Protocol 40
Application Layer Protocols 40
IPv4 Addressing 41
Static IPv4 Addressing 42
Subnetting and Supernetting in IPv4 44
Using Subnetting to Divide a Network 44
Using Supernetting to Provide for Additional Hosts on a Network 47
Understanding Private IPv4 Networks 48
Dynamic IP Addressing 48
Configuring IPv4 Address Options 48
Using the Command Line to Configure IPv4 Addressing Options 52
IPv6 Addressing 54
IPv6 Address Syntax 56
IPv6 Prefixes 56
Types of IPv6 Addresses 56
Contents
Connecting to a TCP/IP Version 6 Network 59
Interoperability Between IPv4 and IPv6 Addresses 62
Compatibility Addresses 63
ISATAP Addresses 63
6to4 Addresses 64
Teredo Addresses 65
Using Group Policy to Configure IPv6 Transition Technologies 66
Resolving IPv4 and IPv6 Network Connectivity Issues 67
Windows Server 2008 Network Diagnostics Tools 68
Using TCP/IP Utilities to Troubleshoot TCP/IP 70
ARP
70
FTP
70
ipconfig 71
Nbtstat 72
Netstat 72
Nslookup 73
ping
73
tracert 74
pathping 75
Troubleshooting IPv4 and IPv6 Problems 75
Suggested Response to a Connectivity Problem 75
Network Discovery 76
Incorrect IPv4 Address or Subnet Mask 77
Incorrect Default Gateway 78
Unable to Connect to a DHCP Server 78
Duplicate IP Address 78
Unable to Configure an Alternate TCP/IPv4 Configuration 78
Using Event Viewer to Check Network Problems 79
Additional Troubleshooting Hints When Using IPv6 79
Review All the Key Topics 80
Complete the Tables and Lists from Memory 81
Definition of Key Terms
Chapter 2
81
Configuring Dynamic Host Configuration Protocol (DHCP) 83
“Do I Know This Already?” Quiz 83
How DHCP Works 89
v
vi
MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring
Four-Phase DHCP IPv4 Leasing Process 89
IP Lease Request (DHCPDISCOVER) 90
IP Lease Offer (DHCPOFFER) 91
IP Lease Selection (DHCPREQUEST) 91
IP Lease Acknowledgment (DHCPACK) 92
Renewing an IPv4 Lease 92
How DHCPv6 Works 93
Installing and Configuring a DHCP Server 95
Using the Command Line to Install DHCP 100
DHCP Scopes and Options 101
Creating DHCP Scopes 101
Using the Command Line to Create Scopes 104
Superscopes 104
Multicast Scopes 105
Split Scopes 106
Exclusions 107
Configuring DHCP Scope Properties 107
Configuring DHCP Options 108
Server Options 110
Scope Options 111
Option Classes 112
Client Reservations and Options 114
Managing and Troubleshooting a DHCP Server 116
Authorizing a DHCP Server in Active Directory 116
Configuring DHCP Relay Agents 117
PXE Boot 120
Monitoring and Troubleshooting a DHCP Server 121
Review All the Key Topics 124
Complete the Tables and Lists from Memory 125
Definition of Key Terms
Chapter 3
125
Configuring Routing 127
“Do I Know This Already?” Quiz 127
The Need for Routing and Routing Tables 132
Contents
Routing Protocols 133
Routing Table 135
Routing and Remote Access Service (RRAS) in Windows
Server 2008 R2 137
Configuring RRAS as a Router 140
Configuring RIP 142
Configuring Static Routing 145
Using the RRAS Snap-In to Create a Static Route 145
Using the route Command to Create a Static Route 146
Choosing a Default Gateway 147
Displaying the Static Routing Table 147
Managing and Maintaining Routing Servers 148
Demand-Dial Routing 148
Establishing a Demand-Dial Interface 148
Configuring Demand-Dial Interface Properties 150
Specifying Packet Filtering 151
IGMP Proxy 153
Review All the Key Topics 156
Complete the Tables and Lists from Memory 157
Definition of Key Terms 157
Chapter 4
Configuring Windows Firewall with Advanced Security 159
“Do I Know This Already?” Quiz 159
Configuring Windows Firewall 165
Basic Windows Firewall Configuration 167
Using the Windows Firewall with Advanced Security Snap-In 172
Configuring Multiple Firewall Profiles 174
Configuring New Firewall Rules 176
Configuring Inbound Rules or Outbound Rules 176
Configuring Connection Security Rules 180
Configuring Rule Properties 184
Authorizing Users and Computers 185
Modifying Rule Scope 187
Additional Rule Properties 188
Configuring Notifications 189
vii
viii
MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring
Importing and Exporting Policies 190
Using IPSec to Secure Network Communications 191
IPSec Modes 191
IPSec Encryption 193
Using Group Policy to Create IPSec Policies 194
Using Group Policy to Configure Windows Firewall Policies 198
Creating Windows Firewall with Advanced Security Policies 198
Windows Firewall Group Policy Property Settings 200
Isolation Policies 201
Review All the Key Topics 202
Definition of Key Terms 203
Chapter 5
Installing and Configuring Domain Name System (DNS) 205
“Do I Know This Already?” Quiz 206
Introduction to DNS 210
Hierarchical Nature of DNS 211
Root-Level Domains 212
Top-Level Domains 212
Second-Level Domain Names 214
Host Names 214
DNS Name Resolution Process 215
Recursive Queries 215
Iterative Queries 216
Reverse Lookup Queries 217
Installing DNS in Windows Server 2008 R2 218
Using the Command Line to Install DNS 221
Using the Command-Line for DNS Server Administration 222
Configuring DNS Server Properties 223
Interfaces Tab 223
Forwarders Tab 224
Conditional Forwarders 227
Advanced Tab 228
Server Options 229
Disable Recursion 229
Name Checking 230
Contents
Loading Zone Data 231
Root Hints Tab 231
Debug Logging Tab 233
Event Logging Tab 235
Trust Anchors Tab 235
Monitoring Tab 237
DNS Socket Pooling 238
DNS Cache Locking 239
Review All the Key Topics 241
Definition of Key Terms 241
Chapter 6
Configuring DNS Zones and Replication 243
“Do I Know This Already?” Quiz 243
Zone Types and Their Uses 249
DNS Zone Types 249
Primary Zones 249
Secondary Zones 250
Active Directory–Integrated Zones 250
Stub Zones 251
Forward and Reverse Lookup Zones 251
GlobalNames Zones 252
DNS Name Server Roles 253
Primary Name Servers 253
Secondary Name Servers 254
Caching-Only Servers 255
Forwarders 255
Slave Servers 256
Configuring DNS Zones 257
Creating New DNS Zones 257
Creating a Reverse Lookup Zone 259
Creating Secondary Zones 261
Creating Stub Zones 262
Creating a GlobalNames Zone 262
Configuring DNS Zone Properties 263
Configuring Zone Types 264
Adding Authoritative DNS Servers to a Zone 265
ix
x
MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring
Dynamic DNS, Non-Dynamic DNS, and Secure Dynamic DNS 266
Zone Scavenging 267
Integrating DNS with WINS 269
Subdomains and Zone Delegation 270
Configuring DNS Zone Transfers and Replication 274
Active Directory DNS Replication 274
Application Directory Partitions 274
Replication Scope 275
Types of Zone Transfers 277
Full Zone Transfer 277
Incremental Zone Transfer 278
Configuring Zone Transfers 279
Configuring DNS Notify 281
Secure Zone Transfers 282
Auditing of DNS Replication 283
Troubleshooting DNS Zones and Replication 287
Using the ipconfig, ping, and nslookup
Commands 288
Use of the DNSLint Tool 290
Review All the Key Topics 291
Complete the Tables and Lists from Memory 292
Definition of Key Terms
Chapter 7
292
Configuring DNS Records 295
“Do I Know This Already?” Quiz 295
Resource Record Types and Their Uses 299
Creating New Resource Records 300
New Host (A or AAAA) Records 301
New Alias (CNAME) Records 302
New Mail Exchanger (MX) Records 303
Additional New Resource Records 304
Using the Command Line to Create Resource
Records 307
Configuring Resource Record Properties 308
Configuring SOA Resource Record Properties 309
Time to Live 311
Contents
Configuring Name Server Resource Record Properties 311
Registering Resource Records 314
Using the DnsUpdateProxy Group 314
Configuring Round Robin 316
Enabling Netmask Ordering 317
Configuring DNS Record Security and Auditing 317
Review All the Key Topics 319
Complete the Tables and Lists from Memory 319
Definition of Key Terms 319
Chapter 8
Configuring Client Computer Name Resolution 321
“Do I Know This Already?” Quiz 321
Configuring DNS Client Computer Settings 326
Specifying DNS Server Lists 326
Configuring DNS Suffix Search Order Lists 328
Configuring a Client Computer’s Primary DNS Suffix 330
Using Group Policy to Configure DNS Client Settings 331
Using the ipconfig Command to Update and Register
DNS Records 334
Using the dnscmd Command to Update the DNS Server
Cache 334
Other Types of Name Resolution 335
HOSTS Files 335
NetBIOS Name Resolution 337
NetBIOS Broadcasts 337
LMHOSTS Files 339
WINS Servers 340
Troubleshooting NetBIOS Problems 344
Link Local Multicast Name Resolution 345
Review All the Key Topics 348
Complete the Tables and Lists from Memory 349
Definition of Key Terms
Chapter 9
349
Configuring File Servers 351
“Do I Know This Already?” Quiz 351
Shared Folders in Windows Server 2008 R2 358
Understanding the File Services Role in Windows Server 2008 R2 358
xi
xii
MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring
Using the Network and Sharing Center to Configure File Sharing 360
Sharing Files, Folders, and Printers 362
Modifying Shared Folder Properties 363
Mapping a Drive 367
Using the net share Command to Manage Shared Folders 368
NTFS Permissions 369
NTFS File and Folder Permissions 369
Applying NTFS Permissions 371
Specifying Advanced Permissions 373
Configuring NTFS Permissions Inheritance 376
Taking Ownership of Files and Folders 377
Effective Permissions 379
Viewing a User’s Effective Permissions 380
Copying and Moving Files and Folders 381
Copying Files and Folders with NTFS Permissions 381
Moving Files and Folders with NTFS Permissions 382
Using the Mouse to Copy or Move Objects from One Location to Another 383
Practical Guidelines on Sharing and Securing Folders 383
Data Encryption 384
Encrypting File System 384
Encrypting File System Basics 385
Preparing a Disk for EFS 386
Encrypting Files 387
Backing Up EFS Keys 389
Decrypting Files 391
EFS Recovery Agents 392
EFS Group Policies 393
BitLocker Drive Encryption 395
Preparing Your Computer to Use BitLocker 397
Enabling BitLocker 397
Managing BitLocker 402
Configuring BitLocker Group Policies 403
Using Data Recovery Agents 405
Additional File Server Management Resources 408
Using Offline Files 408
Contents
Configuring Servers for Offline Files 409
Configuring Client Computers 411
Configuring Offline File Policies 411
Configuring Transparent Caching of Offline Files 413
Configuring BranchCache 414
Using the netsh Command to Configure BranchCache 415
Using Group Policy to Enable BranchCache 417
Specifying BranchCache Firewall Rules 418
Understanding BranchCache Network Infrastructure Requirements 419
Using BranchCache across a Virtual Private Network 419
Managing Certificates with BranchCache 420
Using Share and Storage Management Console 421
Using Share and Storage Management to Provision Shared Resources
and Volumes 422
Using Share and Storage Management to Manage Shared
Resources 425
Review All the Key Topics 426
Complete the Tables and Lists from Memory 427
Definition of Key Terms
Chapter 10
427
Configuring Distributed File System (DFS) 429
“Do I Know This Already?” Quiz 429
DFS Concepts 433
Improvements to DFS in Windows Server 2008 R2 434
Installing DFS on a Windows Server 2008 R2 Computer 435
Managing DFS Namespaces 438
Creating Additional DFS Namespaces 438
Managing Namespaces 439
Adding Folders to DFS Namespaces 440
Adding Namespace Servers 441
Configuring Referrals 441
Enabling Access-Based Enumeration of a DFS
Namespace 443
Configuring Polling of Domain Controllers 444
Managing DFS Replication 445
Setting Up DFS Replication 447
xiii
xiv
MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring
Replication Topologies 449
Working with Replication Groups 450
Adding New Connections 450
Adding Replicated Folders 451
Designating Read-Only Replicated Folders 451
Adding Members to Replication Groups 451
Sharing or Publishing Replicated Folders 451
Configuring Failover Cluster Support 452
Generating Replication Health Reports 454
Review All the Key Topics 456
Complete the Tables and Lists from Memory 457
Definition of Key Terms
Chapter 11
457
Configuring Backup and Restore 459
“Do I Know This Already?” Quiz 459
Protecting Data with Windows Backup 464
Backup Permissions 466
Installing Windows Server Backup 466
Backing Up Your File Server 467
Performing a Bare Metal Backup 472
Scheduling a Backup 472
Using the wbadmin Command 474
Restoring the Backup Catalog 475
Managing Backups Remotely 476
Volume Shadow Copies 477
Using Windows Explorer to Manage Shadow Copies 478
Using the Command Line to Manage Shadow Copies 480
Using Volume Shadow Copies to Recover a File or Folder 480
Restoring Data from Backup 482
Using Windows Backup to Recover Data 482
Restoring User Profiles 485
Recovering System State 486
Performing a Full Server or Bare Metal Recovery of a Windows Server
2008 R2 Computer 488
Using the wbadmin Command to Recover Your Server 491
Review All the Key Topics 492
Contents
Complete the Tables and Lists from Memory 493
Definition of Key Terms 493
Chapter 12
Managing File Server Resources 495
“Do I Know This Already?” Quiz 495
File Server Resource Manager 500
Installing FSRM 501
Managing File Screening 501
Using File Groups 502
Creating File Screens and Templates 503
Creating File Screen Exceptions 506
Monitoring File Screening 506
Managing Storage Reports 506
Specifying Report Parameters 507
Additional FSRM Options 508
Scheduling Report Generation 509
Managing File Classification 511
Configuring File-Management Tasks 514
Configuring Disk and Volume Quotas 516
Using Windows Explorer to Enable Disk Quotas 516
Using FSRM to Enable Quotas 519
Using FSRM to Create Quota Templates 520
Some Guidelines for Using Quotas 522
Storage Manager for SANs 523
Review All the Key Topics 527
Complete the Tables and Lists from Memory 528
Definition of Key Terms
Chapter 13
528
Configuring and Monitoring Print Services 531
“Do I Know This Already?” Quiz 531
Printing Terminology in Windows Server 2008 R2 537
Printing Process 538
Installing, Sharing, and Publishing Printers 539
Installing the Print and Document Services Role 540
Installing Printers 541
Using Control Panel to Install a Printer 542
Using the Print Management Console to Install a Printer 544
xv
xvi
MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring
Sharing Printers 545
Publishing Printers in Active Directory 546
Using Group Policy to Deploy Printer Connections 548
Managing and Troubleshooting Printers 549
Using the Printer Properties Dialog box 549
General Tab 549
Ports Tab and Printer Pooling 549
Advanced Tab 551
Security Tab and Printer Permissions 553
Migrating Print Queues and Printer Settings 556
Isolating Printer Drivers 557
Configuring Location-Aware Printer Settings 558
Delegating Print Management 559
Troubleshooting Printer Problems 561
Some Common Problems 561
Printer Port Problems 562
Enabling Notifications 562
Review All the Key Topics 564
Complete the Tables and Lists from Memory 565
Definition of Key Terms 565
Chapter 14
Configuring Remote Access 567
“Do I Know This Already?” Quiz 567
Remote Access Protocols 573
Remote Access Authentication Protocols 574
New Features of RRAS in Windows Server 2008 576
Configuring Dial-Up Connections 577
Configuring a RAS Server for Dial-Up 577
Configuring Dial-Up RAS Server Properties 579
Enabling Modems used by the Dial-Up RAS Server 581
Configuring Windows Server 2008 as a RAS Client 583
Network Address Translation 584
Enabling the NAT Server for DHCP 586
Enabling Addresses, Services, and Ports on the NAT Server 588
Configuring Internet Connection Sharing 589
Contents
Virtual Private Networking 590
How VPNs Function 591
VPN Encapsulation 591
Authentication 591
Data Encryption 592
Configuring a RRAS Server for VPN 592
Creating and Authenticating VPN Connections 594
Configuring VPN Connection Security 596
Enabling VPN Reconnect 598
Configuring Advanced Security Auditing 599
Using Remote Access Policies 601
Configuring VPN Packet Filters 601
Connection Manager 603
Installing the Connection Manager Administration Kit 605
Using Connection Manager Administration Kit to Create a Profile 605
Using the Connection Manager Client Interface 610
Review All the Key Topics 612
Complete the Tables and Lists from Memory 613
Definition of Key Terms 613
Chapter 15
Configuring Network Policy Server (NPS) 615
“Do I Know This Already?” Quiz 615
Wireless Networking Protocols and Standards 619
Wireless Networking Standards 620
Planning the Authentication Methods for a Wireless Network 621
Planning the Encryption Methods for a Wireless Network 622
Wired Equivalent Privacy 622
802.1X
622
Use of IPSec with Wireless Networks 623
The IEEE 802.3 Wired Standard 623
Planning and Configuring Wireless Access Policies 623
Creating a Wireless Access Policy for Windows Vista/7 Clients 624
Creating a Wireless Access Policy for Windows XP Clients 628
Configuring IEEE 802.3 Wired Access Policies 630
RADIUS in Windows Server 2008 R2 633
Installing NPS on a Windows Server 2008 RRAS Server 634
xvii
xviii
MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring
Configuring the NPS Server for Wireless Access 635
Configuring New RADIUS Clients 638
Creating RADIUS Proxies and Proxy Groups 639
Creating Connection Request Policies 641
Configuring RADIUS Accounting 644
Configuring NPS Templates 647
Review All the Key Topics 649
Complete the Tables and Lists from Memory 650
Definition of Key Terms 650
Chapter 16
Configuring Network Access Protection (NAP) 653
“Do I Know This Already?” Quiz 653
Concepts of NAP 658
Components of a Typical NAP Deployment 660
What’s New with NAP in Windows Server 2008 R2 662
NAP Enforcement 663
DHCP Enforcement 663
Enabling NAP on the DHCP Server’s Scopes 667
VPN Enforcement 668
IPSec Enforcement 670
Installing and Configuring an HRA Server 671
Configuring NAP for IPSec Enforcement 674
Configuring the HRA for Health Certificates 674
Using Group Policy to Specify IPSec Enforcement 675
802.1X Enforcement 676
RDS Enforcement 678
System Health Validation 680
Configuring the Windows Security Health Validator 681
Configuring Error Codes 683
Using Multi-Configuration SHV 683
Configuring NAP Policies 684
Review All the Key Topics 689
Definition of Key Terms 690
Chapter 17
Configuring DirectAccess 693
“Do I Know This Already?” Quiz 693
Contents
Concepts of DirectAccess 698
DirectAccess Server Requirements 700
Using IPv6 with DirectAccess 701
Using Network Access Protection 701
DirectAccess Client Requirements 702
DirectAccess Connection Process 702
Configuring the DirectAccess Server 703
Installing and Configuring the DirectAccess Server Feature 703
DirectAccess and the Perimeter Network 707
Configuring Authentication 708
Group Policy and DirectAccess 708
Using Group Policy to Configure DirectAccess Clients 708
Name Resolution Policy Table 710
Using NRPT Exemptions 714
Review All the Key Topics 716
Complete the Tables and Lists from Memory 716
Definitions of Key Terms 716
Chapter 18
Windows Server Update Services (WSUS) Server Settings 719
“Do I Know This Already?” Quiz 719
Concepts of WSUS 724
Purposes of Windows Update and WSUS 724
New Features of WSUS 3.0 725
Installing and Configuring a WSUS Server 727
Installing WSUS on a Windows Server 2008 R2 Computer 728
Installing Microsoft Report Viewer Redistributable 2008 731
Getting Started with WSUS 731
Configuring WSUS Options 733
Testing Updates 738
Using Computer Groups 738
Configuring Client-Side Targeting 741
Approving Updates 742
Declining Updates 744
Viewing Reports 745
Using WSUS on a Disconnected Network 747
xix
xx
MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring
Configuring Client Computers for WSUS 748
Review All the Key Topics 754
Complete the Tables and Lists from Memory 755
Definition of Key Terms 755
Chapter 19
Configuring Performance Monitoring 757
“Do I Know This Already?” Quiz 757
Performance Monitor 762
Using Performance Monitor to Collect Real-Time
Data 764
Customizing Performance Monitor 766
Permissions Required to Run Performance Monitor 767
Data Collector Sets 768
System-Defined Data Collector Sets 768
Using System-Defined Data Collector Sets 769
Viewing Logged Performance Data 771
User-Defined Data Collector Sets 771
Creating a Custom Data Collector Set 774
Using Performance Monitor to Create a Data Collector Set 776
A Few Best Practices for Logging Server Performance 777
Command-Line Utilities 779
Monitoring Print Servers 779
Analyzing Performance Data 780
Optimizing and Troubleshooting Memory Performance 781
Optimizing and Troubleshooting Processor Utilization 783
Optimizing and Troubleshooting Disk Performance 784
Optimizing and Troubleshooting Network Performance 786
Reliability Monitor 787
Resource Monitor 789
Review All the Key Topics 792
Complete the Tables and Lists from Memory 793
Definition of Key Terms 793
Chapter 20
Configuring Event Logs 795
“Do I Know This Already?” Quiz 795
Event Viewer 799
Viewing Logs in Event Viewer 800
Contents
Event Log Properties 802
Applications and Services Logs 804
Customizing Event Logs 805
Creating and Using Custom Views 807
Exporting and Importing Custom Views 808
Configuring Event Log Subscriptions 809
Configuring the Source Computers to Forward Events 810
Configuring the Collector Computer to Forward Receive Events 810
Configuring Event Log Subscriptions 811
Configuring Tasks from Events 814
Review All the Key Topics 816
Complete the Tables and Lists from Memory 817
Definitions of Key Terms 817
Chapter 21
Collecting Network Data 819
“Do I Know This Already?” Quiz 819
Simple Network Management Protocol 824
How SNMP Functions 824
Management Information Base 824
SNMP Messages 825
SNMP Communities 826
How SNMP Functions 827
Installing and Configuring SNMP 828
Network Monitor 833
Concepts of Protocol Analyzers 833
Placement of Protocol Analyzers 834
Installing and Running Microsoft Network Monitor 835
Using Network Monitor to Capture Network Data 837
Filtering Captured Network Data 839
Using a Capture Filter 841
Configuring Network Monitor Options 842
Using Aliases 844
Performing a Capture from the Command Prompt 845
Connection Security Rules Monitoring 846
Configuring Authentication Properties 848
xxi
xxii
MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring
Review All the Key Topics 850
Complete the Tables and Lists from Memory 851
Definitions of Key Terms 851
Practice Exam 853
Answers to Practice Exam 921
APPENDIX A Answers to the “Do I Know This Already?” Quizzes
Index 1003
CD-only Elements:
APPENDIX B Memory Tables
2
APPENDIX C Memory Tables Answer Key
Glossary 2
2
961
About the Author
About the Author
Don Poulton (A+, Network+, Security+, MCSA, MCSE) is an independent consultant who has been involved with computers since the days of 80-column punch
cards. After a career of more than 20 years in environmental science, Don switched
careers and trained as a Windows NT 4.0 MCSE. He has been involved in consulting with a couple of small training providers as a technical writer, during which
time he wrote training and exam-prep materials for Windows NT 4.0, Windows
2000, and Windows XP. Don has written or contributed to several titles, including
Security+ Lab Manual (Que, 2004), MCSA/MCSE 70-299 Exam Cram 2: Implementing and Administering Security in a Windows 2003 Network (Exam Cram 2) (Que, 2004),
MCSE 70-294 Exam Prep: Planning, Implementing, and Maintaining a Microsoft
Windows Server 2003 Active Directory Infrastructure (Que, 2006), MCTS 70-620
Exam Prep: Microsoft Windows Vista, Configuring (Que, 2008), MCTS 70-680 Exam
Prep: Microsoft Windows 7, Configuring (Que, 2011), and MCTS 70-640 Exam Prep:
Microsoft Windows Server 2008 Active Directory, Configuring (Que, 2011).
In addition, Don has worked on programming projects, both in his days as an environmental scientist and, more recently, with Visual Basic to update an older statistical package used for multivariate analysis of sediment contaminants.
When not working on computers, Don is an avid amateur photographer who has
had his photos displayed in international competitions and published in magazines
such as Michigan Natural Resources Magazine and National Geographic Traveler.
Don also enjoys traveling and keeping fit.
Don lives in Burlington, Ontario, with his wife, Terry.
xxiii
xxiv
MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring
Dedication
I would like to dedicate this book to my wife, Terry, who has stood by my side and supported
me throughout the days spent writing this book. This project would not have been possible
without her love and support.
Acknowledgments
I would like to thank the staff at Pearson and, in particular, Betsy Brown for making
this project possible. My sincere thanks goes out to Chris Crayton and Darril Gibson
for their helpful technical suggestions, as well as Jeff Riley, development editor, and
Sheri Cain, copy editor, for their improvements to the manuscript.
—Don Poulton
About the Technical Reviewers
Christopher A. Crayton is an author, technical editor, technical consultant, security consultant, trainer, and SkillsUSA state-level technology competition judge.
Formerly, he worked as a computer and networking instructor at Keiser College
(2001 Teacher of the Year); as network administrator for Protocol, a global electronic customer relationship management (eCRM) company; and at Eastman
Kodak Headquarters as a computer and network specialist. Chris has authored
several print and online books, including The A+ Exams Guide, Second Edition
(Cengage Learning, 2008), Microsoft Windows Vista 70-620 Exam Guide Short Cut
(O’Reilly, 2007), CompTIA A+ Essentials 220-601 Exam Guide Short Cut (O’Reilly,
2007), The A+ Exams Guide, The A+ Certification and PC Repair Handbook (Charles
River Media, 2005), and The Security+ Exam Guide (Charles River Media, 2003) and
A+ Adaptive Exams (Charles River Media, 2002). He is also co-author of the How to
Cheat at Securing Your Network (Syngress, 2007). As an experienced technical editor, Chris has provided many technical edits/reviews for several major publishing
companies, including Pearson, McGraw-Hill, Cengage Learning, Wiley, O’Reilly,
Syngress, and Apress. He holds MCSE, A+, and Network+ certifications.
Darril Gibson has authored or coauthored more than a dozen books and contributed as a technical editor to many more. He holds several IT certifications, including CompTIA A+, Network+, Security+, CASP, (ISC)2 SSCP, CISSP, MCSA,
MCSA Messaging (2000, 2003), MCSE (NT 4.0, 2000, 2003), MCDBA (SQL 7.0,
2000), MCITP (Vista, Windows 7, Server 2008, SQL 2005, SQL 2008), MCTS
(Server 2008, SQL Server 2008), MCSD (6.0, .NET), and ITIL Foundations v 3.0.
He is the CEO of Security Consulting and Training, LLC, and actively teaches,
writes, and consults on a variety of IT topics. He regularly blogs at blogs.getcertifiedgetahead.com.
Reader Services
We Want to Hear from You!
As the reader of this book, you are our most important critic and commentator. We
value your opinion and want to know what we’re doing right, what we could do better, what areas you’d like to see us publish in, and any other words of wisdom you’re
willing to pass our way.
As an associate publisher for Pearson, I welcome your comments. You can e-mail
or write me directly to let me know what you did or didn’t like about this book—as
well as what we can do to make our books better.
Please note that I cannot help you with technical problems related to the topic of this book.
We do have a User Services group, however, where I will forward specific technical questions
related to the book.
When you write, please be sure to include this book’s title and author, as well as
your name, e-mail address, and phone number. I will carefully review your comments and share them with the author and editors who worked on the book.
E-mail: [email protected]
Mail: Dave Dusthimer
Associate Publisher
Pearson Education
800 East 96th Street
Indianapolis, IN 46240 USA
Reader Services
Visit our website and register this book at www.quepublishing.com/register for convenient access to any updates, downloads, or errata that might be available for this
book.
xxv
This chapter covers the following subjects:
■
Printing Terminology in Windows Server 2008 R2: This section introduces
key terminology and concepts you must be aware of to administer printers. It also reviews the actions that occur when a user submits a print job.
■
Installing, Sharing, and Publishing Printers: This section shows you how
to install the Print and Document Services server role and then covers the
installation, sharing, and publication of printers.
■
Managing and Troubleshooting Printers: Print servers and printers come
with a large array of properties you must be aware of to effectively manage a corporate printing environment. This section introduces you to the
management of these properties, as well as the topic of granting permissions to printers and print servers and troubleshooting common printer
problems.
CHAPTER 13
Configuring and Monitoring
Print Services
Resources on a Windows Server 2008 network go beyond the subject of files
and folders that have been the subject of Chapter 9, “Configuring File Servers,”
and subsequent chapters. An important component of any business network is
the capability to print documents in a timely and accurate manner, and Windows Server 2008 R2 provides the Print and Document Services server role to
assist administrators in setting up print servers and keeping printing capabilities
operating properly. Typically, a print server is a computer to which you connect a print device and share so that many people across your network, and even
across the Internet, can print to the printer.
In any case, clients that print to the printer can be running a variety of platforms and not just Windows systems. Windows Server 2008 supports hundreds
of print devices from a large number of printer manufacturers. This chapter introduces you to the management of printers, which is an important topic—both
in real life and on the 70-642 exam.
“Do I Know This Already?” Quiz
The “Do I Know This Already?” quiz allows you to assess whether you should
read this entire chapter or simply jump to the “Exam Preparation Tasks” section for review. If you are in doubt, read the entire chapter. Table 13-1 outlines
the major headings in this chapter and the corresponding “Do I Know This
Already?” quiz questions. You can find the answers in Appendix A, “Answers to
the ‘Do I Know This Already?’ Quizzes.”
Table 13-1
“Do I Know This Already?” Foundation Topics Section-to-Question Mapping
Foundations Topics Section
Questions Covered
in This Section
Printing Terminology in Windows Server 2008 R2
1–2
Installing, Sharing, and Publishing Printers
3–5
Managing and Troubleshooting Printers
6–12
532 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring
1. In Microsoft terminology, which of the following is the best definition of a
printer?
a. The program that converts graphic commands into instructions that the
print device is able to understand.
b. The physical (hardware) device that produces the printed output.
c. The computer that handles the printing process on the network.
d. The software (logical) interface between the operating system and the
physical print device.
2. Your print server is configured so that print jobs are copied to a reserved area
within the system root folder of the computer before being sent to the print
device. What is this action called?
a. Preprinting
b. Spooling
c. Creation of an enhanced metafile (EMF)
d. Routing
3. You purchased a new print device for your company’s network. The print
device is equipped with its own network adapter so that it can be directly connected to the network. You attached the print device to the network and are
at the print server and want to install it. What program should you use? (Each
correct answer represents a complete solution. Choose two answers).
a. Print Management snap-in
b. Add Roles Wizard in Server Manager
c. Windows Explorer
d. Device Manager
e. Control Panel Devices and Printers
4. You installed and shared a new printer on your Windows Server 2008 R2
computer, which is configured with the Print and Document Service server
role. Users printing documents from Windows 7 computers receive their
documents properly, but users printing from Windows XP computers receive
documents full of illegible characters. What should you do?
a. From the Sharing tab of the Properties dialog box for the printer, select
the Render print jobs on client computers option.
b. From the Sharing tab of the Properties dialog box for the printer, click
Additional Drivers. Then, select drivers for Windows XP from the Additional Drivers dialog box and click OK.
Chapter 13: Configuring and Monitoring Print Services 533
c. From the Security tab of the Properties dialog box for the printer, add a
group that contains the users of Windows XP computers and grant them
the Manage Documents permission.
d. Install a new printer from the Print Management snap-in. Configure
this printer to point to the same print device and provide a unique share
name that references users of Windows XP computers.
5. You are responsible for printers connected to Windows Server 2008 R2 print
servers in you company’s AD DS domain. These servers are configured as
member servers in the domain. You installed a printer that should be accessible to computers in the Graphics department, but not to computers in other
departments. All resources in this department are located in the Graphics organizational unit (OU). What should you do?
a. From the Sharing tab of the printer’s Properties dialog box, select the
List in the directory option.
b. Right-click this printer in the details pane of the Print Management
snap-in and choose List in Directory.
c. Right-click this printer in the details pane of the Print Management
snap-in and choose Deploy with Group Policy. Choose a GPO that is
linked to the Graphics OU and select the option labeled The users that
this GPO applies to (per user).
d. Right-click this printer in the details pane of the Print Management
snap-in and choose Deploy with Group Policy. Choose a GPO that is
linked to the Graphics OU and select the option labeled The computers that this GPO applies to (per machine).
6. You are responsible for the print servers and printers on your company’s net-
work. You configured a shared printer (HP40001) on Server1. Server2 also
has an identical shared printer (HP40002). HP40001 on Server1 experiences a
catastrophic paper jam. Many jobs are waiting to be printed in Server1’s print
queue. How can you ensure that these print jobs are printed without the need
to ask the users to resubmit their print jobs to Server2?
a. From the Ports tab of the HP40001 Properties dialog box, select En-
able printer pooling. Include HP40002 and HP40001 in the pool.
b. Rename the shared printer HP40001 to HP40002.
c. In the Printers folder on the Server1, add a network printer called
HP40003, pointing to HP40002 on Server2. Rename printer HP40001
to HP4000X. Then, rename HP40003 to HP40001.
d. Select the Ports tab of the HP40001 Properties dialog box, click Add
Port, choose Local Port, click New Port, and assign the UNC name \\
Server2\HP40002 to the new port.
534 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring
7. The boss is fed up with waiting for her documents to print and wants to be
sure the account statement prints immediately when it is needed. What is the
simplest thing to do so that this will happen properly?
a. Ask her secretary to come in at 7 a.m. and print the account statement.
b. When she needs to print the account statement, have her go to the
printer properties and click Cancel All Documents, before printing the
document.
c. Configure a printer that points to the same print device and has the pri-
ority set at 99. Configure this printer’s permissions so that only the boss
has the Print permission and direct her to print the account statement on
this printer.
d. Configure her user account to have the Prioritize Documents
permission.
8. You are responsible for managing the print servers and printers in your com-
pany’s domain. A user calls and informs you that he has sent a large print job
to the printer and has realized that he must make several changes to the document. So, he wants to delete the print job. What permission do you need to
grant the user so that he can delete this job?
a. Allow the user the Manage this printer permission.
b. Allow the user the Manage documents permission.
c. Allow the user the Special permissions permission, click Advanced,
and then allow him the Delete permission.
d. You don’t need to do anything; he can delete his print jobs without ad-
ditional permissions.
9. You are responsible for maintaining the printers on your company’s AD DS
network, which includes one domain with three print servers and 12 printers. You purchased a powerful new computer and installed Windows Server
2008 R2 and the Print and Document Management server role. You want to
consolidate all the existing printers on the new server. What should you do to
accomplish this task with the least amount of administrative effort?
a. At each existing print server, select the Export printers to a file option.
Complete the steps in the Printer Migration Wizard that starts to save
printer export information to a file. Then, at the new server, select the
Import printers from a file option. Then, use the Printer Migration
Wizard to import the previously exported printer information.
Chapter 13: Configuring and Monitoring Print Services 535
b. Use Windows Server Backup at each existing print server to back up
the contents of the print server. Then, at the new server, use Windows
Server Backup to restore the information that was backed up from each
existing print server.
c. Connect to the %systemroot%\system32\spool\printers folder on
each existing print server and copy the contents of this folder to the same
folder on the new print server. Repeat this task at each of the remaining
print servers.
d. At the new print server, run the Printer Installation Wizard to install
each of the printers in turn, selecting the Search the network for
printers option to ensure that you selected and installed the printers.
10. You are a tech-support specialist at your company. A Windows Server 2008
R2 computer is configured as a print server. This server supports several different types of printers, including color ink-jet and laser models. After updating the driver for the color ink-jet printers, users report that their print jobs
printed at either the color ink-jet or laser printers contain unintelligible characters. Checking the website for the color ink-jet printer manufacturer, you
notice that they have withdrawn the latest driver and will be issuing one within
a few days. What action should you take to enable users to print from the laser
printer with the least amount of delay?
a. Install new printers for the laser print device at another server running
Windows Server 2008 R2.
b. Open Device Manager on the print server and access the Driver tab
of the laser printer’s Properties dialog box. Then, click the Roll Back
Driver button.
c. From the Print Management snap-in at the print server, right-click the
driver and choose Set Driver Isolation > None.
d. From the Print Management snap-in at the print server, right-click the
driver and choose Set Driver Isolation > Isolated.
536 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring
11. You are responsible for several printers installed on a Windows Server 2008
R2 print server on your network, which is configured as a workgroup. You
want to allow a secretary named Evelyn to have the ability to view and manage
print queues, but do not want her to have any other administrative capabilities
on the network. What should you do?
a. Access the Security tab of the Print Server Properties dialog box and
add Evelyn to list of user or group names. Then, select the View Server,
Print, Manage Documents, and Manage Printer permissions under
the Allow column.
b. Access the Security tab of the Print Server Properties dialog box and
add Evelyn to list of user or group names. Then, select the View Server
and Manage Server permissions under the Allow column.
c. Open the Computer Management snap-in and select the Groups sub-
node under the Local Users and Groups node. Then, add Evelyn’s user
account to the Print Operators group.
d. Open the Computer Management snap-in and select the Groups sub-
node under the Local Users and Groups node. Then, add Evelyn’s user
account to the Power Users group.
12. You are responsible for the printers installed on your Windows Server 2008
R2 print server named Server3. This server is a member server in your company’s AD DS domain. A user attempting to print to a printer named Printer2
discovers that he is unable to print. Checking with several other users, you discover that nobody has been able to print since yesterday afternoon. Attempting to print from your Windows 7 desktop computer, you discover that you
are unable to print and receive the following message: Printer2 on Server3
is unable to connect. But, you are able to ping Server3 from your desktop
computer. What should you do to re-enable printing?
a. From the Sharing tab of the Printer2 Properties dialog box, select the
option labeled Render print jobs on client computers.
b. Restart the Print Spooler service on Server3.
c. In the details pane of the Print Management snap-in on Server3, right-
click Printer2 and choose List in Directory.
d. Install a new printer on Server3, and configure this printer to print to
the same print device. Then, instruct the users to resubmit their print
jobs to this printer.
Chapter 13: Configuring and Monitoring Print Services 537
Foundation Topics
Printing Terminology in Windows Server 2008 R2
We are all used to thinking of a printer as the machine that spews out printed pages.
But, Microsoft has its own terminology (which it has used ever since the days of
Windows NT and 9x), which you need to be aware of. Table 13-2 describes the official Microsoft definitions.
Table 13-2
Printing Terminology Used by Windows Computers
Term
Description
Printer
The software (logical) interface between the operating system and the print device.
In other words, a printer is part of the software and a print device is hardware.
What this means is that a printer is the way that Windows sees where it is sending
print jobs. This is true for all Windows versions, client or server.
Print
device
The physical (hardware) device that produces the printed output. This device can be
connected directly to your computer using a parallel (LPT) port, a USB connection,
or a wireless connection (such as infrared [IR]); or it can be attached to the network
by means of its own network interface card (NIC).
Print
server
The computer that controls the entire printing process on a Windows network. The
print server handles printing requests from all its clients. It can be running either
a server operating system such as Windows Server 2003 or 2008, or a client such
as Windows XP, Vista, or 7; however, print servers on client operating systems are
limited to 10 concurrent connections.
Print
driver
The program that converts graphics commands into instructions a given type of
print device can understand.
Printer
ports
The software interface (such as LPT1) between the computer and the print device.
Print
queue
A waiting area where print jobs are stored and sequenced as they await the print
device. Jobs are sequenced according to the order in which they are received as well
as priority settings that are discussed later in this chapter.
Print
spooling
The act of writing the contents of a print job to disk before sending it on to the
print device. This can improve performance by eliminating the print device as
a bottleneck that ties up the operating system or an application until the entire
print job is output by the print device. In Windows 7 and Windows Server 2008,
the default folder for spooling is located at %systemroot%\system32\spool\
printers. You can change this location by altering the print server properties
(Advanced tab) or the appropriate key in the Registry.
538 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring
TIP Remember that Microsoft considers a “printer” to be the software interface
between the print server and the physical print device, and a “print device” to be the
actual hardware device that produces the printed output. This convention is used on
Microsoft exams.
Printing Process
When a user selects File > Print from an application, a series of steps must be completed for the printed document to appear. These steps have remained much the
same over all recent versions of Windows:
1. When the user selects File > Print, a new print job is created, which includes
all the data, and eventually, the printer commands that the system requires to
output a document.
2. The client computer queries the print server for a version of the print driver
for the default or a selected printer. If necessary, the most recent version of the
driver is downloaded to the client computer.
3. The graphics device interface (GDI) and the printer driver may convert the
print job into a rendered Windows enhanced metafile (EMF). (The GDI is
the component that provides network applications with a system for presenting graphical information.) The GDI actually does double duty by producing
WYSIWYG (what you see is what you get) screen output and printed output.
4. It is possible for Windows to convert the application’s output (the print job)
into either a metafile or a RAW format. (The RAW format is ready to print
and requires no further rendering.) The driver then returns the converted
print job to the GDI, which delivers it to the spooler.
5. The client side of the spooler (Winspool.drv) makes a remote procedure
call (RPC) to the server side of the spooler (Spoolsv.dll). If a networkconnected server is managing the print device, the spooler hands off the
print job to the spooler on the print server. Then, that spooler copies the
print job to a temporary storage area on that computer’s hard disk. This
step does not take place for locally managed print jobs. In that case, the job
is spooled to disk locally.
6. The print server receives the job and passes it to the print router, Spoolss.
dll. (You should not confuse a router in this context with the device that
directs network packets from one subnetwork to another.)
Chapter 13: Configuring and Monitoring Print Services 539
7. The router checks the kind of data it has received and passes it on to the ap-
propriate print processor component of the local print provider, or the remote
print server if the job is destined for a network printer.
8. The local print provider may request that the print processor perform addi-
tional conversions as needed on the file, typically from EMF to RAW. (Print
devices can only handle RAW information.) The print processor then returns
the print job to the local print provider.
9. If a separator page is being used, the separator page processor on the local
print provider adds a separator page to the print job and then passes the print
job on to the appropriate print monitor. All recent versions of Windows support three types of print monitors: language, local port, and remote.
■
A language monitor provides the communications language used by the
client and printer. In the case of bidirectional printers, this monitor allows you to monitor printer status and send notifications, such as paper
tray empty.
■
The local port monitor (Localspl.dll) controls parallel, serial, and
USB I/O ports where a printer may be attached, and sends print jobs to
local devices on any of these ports.
■
The remote port monitor enables printing to remote printers. An example is the LPR port monitor, which can be used as an alternative to the
standard port monitor for UNIX print servers.
10. The print monitor communicates directly with the print device and sends the
ready-to-print print job to the print device.
11. The print device receives the data in the form it requires and translates it to a
bitmap, producing printed output.
Although it may seem complicated, this sequence is designed to make printing more
efficient and faster in a networked environment. In particular, the burden of spooling is distributed between client and server computers.
Installing, Sharing, and Publishing Printers
By itself, Windows Server 2008 R2 is a very capable print server that provides a
large range of capabilities for working with printers and documents, much like the
capabilities that were included with previous Windows Server versions. The original version of Windows Server 2008 added the Print Services server role, which
provided enhanced capabilities for sharing printers on the network and centralizing
printer and print management tasks into its own Microsoft Management Console
540 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring
(MMC) snap-in. In Windows Server 2008 R2 this role is replaced by the Print and
Document Services role, which adds scanning management to the list of capabilities.
For additional introductory information on the Print and Document Services
server role, refer to “Print and Document Services” at http://technet.microsoft.com/
en-us/library/cc731636(WS.10).aspx.
NOTE
Installing the Print and Document Services Role
Use the following procedure to install the Print and Document Services server role
on a Windows Server 2008 R2 computer:
1. Open Server Manager and expand the Roles node.
2. Click Add Roles to start the Add Roles Wizard.
3. From the Select Server Roles page, select Print and Document Services (as
shown in Figure 13-1) and click Next.
Figure 13-1
Selecting the Print and Document Services role.
4. The Introduction to Print and Document Services page provides links to
information on this service. To learn more, click the links provided. When
you’re ready to proceed, click Next.
Chapter 13: Configuring and Monitoring Print Services 541
5. The Select Role Services page shown in Figure 13-2 enables you to select ad-
ditional role services. The Print Server role is included by default. Make any
desired selections and click Next.
Figure 13-2
You can select optional role services from the Select Role Services page.
6. On the Confirm Installation Selections page, click Install.
7. The Installation Progress page tracks the progress of installing the Print and
Document services server role. When informed that the installation is complete, click Close.
When finished, the Print Management snap-in is accessible from the Administrative
Tools folder. This snap-in enables you to perform a large range of printer management tasks on printers installed on computers running any version of Windows from
Windows 2000 or later. This chapter covers a large range of tasks you can perform
from this snap-in.
Installing Printers
You can install a printer on your Windows Server 2008 R2 computer from Control
Panel even without installing the Print and Document Services server role. If you
installed this role, you can also install a printer from the Print Management snap-in.
This section looks at both methods of installing a printer.
542 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring
Using Control Panel to Install a Printer
Use the following procedure to install a printer from Control Panel:
1. Click Start > Control Panel > Hardware.
2. Under Devices and Printers, select Add a printer. The Add Printer Wizard
starts and provides two options, as shown in Figure 13-3.
Figure 13-3 Windows Server 2008 enables you to choose between installing a local or network printer.
3. Select the appropriate option and click Next.
4. If you select the Add a network, wireless, or Bluetooth printer option,
Windows searches for network printers. Select the desired printer and click
Next. If you select the Add a local printer option, the Add Printer page asks
you to choose a printer port. Select the port to which the printer is attached
and click Next.
5. You receive the Install the printer driver page. Select the make and model of
the print device for which you’re installing the printer (as shown in Figure
13-4) and click Next. To install a driver from an installation CD, click Have
Disk and follow the instructions provided.
Chapter 13: Configuring and Monitoring Print Services 543
Figure 13-4
Selecting the make and model for which you’re installing a printer.
6. The Type a Printer Name page provides a default name for the printer. Ac-
cept this or type a different name, and then click Next.
7. The Printer Sharing page shown in Figure 13-5 enables you to share the
printer. Accept the share name or type a different name if necessary. Optionally, type location and comment information in the text boxes provided. (This
information helps users when selecting a network printer.) When finished,
click Next.
Figure 13-5
You are provided with options for sharing your printer.
8. You are informed that you successfully installed your printer. Click Print a
test page to print a test page if desired to confirm printer installation. When
done, click Finish.
544 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring
If you are searching for a network printer at Step 4 of this procedure and the
wizard is unable to locate the desired printer, click the link labeled The printer that
I want isn’t listed. The wizard displays a page that enables you to locate the printer
in the directory, browse the network for a shared printer, or locate a printer based on
IP address or hostname.
NOTE
Using the Print Management Console to Install a Printer
After you install the Print and Document Management server role as described earlier in this chapter, you can install a printer directly from this console. Use the following procedure:
1. Click Start > Administrative Tools > Print Management to open the Print
Management console.
2. Expand the Print Server node to locate your print server.
3. Right-click your print server and choose Add Printer. The Network Printer
Installation Wizard starts and displays options, as shown in Figure 13-6.
Figure 13-6
network.
The Network Printer Installation Wizard facilitates installation of printers on the
4. Select the appropriate option and click Next.
5. If you select the Add a TCP/IP or Web Services Printer by IP address or
hostname option, specify the host name or IP address as well as the port name
on the Printer Address page, and then click Next. If you select the Search the
network for printers option, the Network Printer Search page appears and
displays the printers it finds. Select the desired printer and click Next.
Chapter 13: Configuring and Monitoring Print Services 545
6. On the Printer Driver page, select the make and model of the print device for
which you’re installing the printer, and then click Next.
7. The Type a printer name page provides a default name for the printer. Accept
this or type a different name, and then click Next.
8. The Printer Sharing page provides options similar to those previously shown
in Figure 13-5 that are provided when installing from Control Panel. Specify
the required options and click Next.
9. If you receive a page asking for printer-specific configuration options, select
the required options and then click Next. Options provided depend on the
make and model of the print device associated with the printer you’re installing.
10. You are informed that you successfully installed your printer. Click Finish.
When you finish installing the printer (whether from the Print Management snapin or from Control Panel), the printer is displayed in the details pane of the Print
Management snap-in when you select the Printers subnode under the node for
your print server. From here, you can configure a series of management properties,
as described in the sections to follow.
Sharing Printers
As indicated in the previous section, you can share a printer at the time you install it.
You can configure printer sharing at any time. Use the following procedure:
1. In the console tree of the Print Management snap-in, expand your print server
to reveal the Printers node. All printers configured for your server will appear
in the details pane.
2. Right-click your desired printer and choose Manage Sharing. This opens the
printer’s Properties dialog box to the Sharing tab.
3. Select the Share this printer check box. As shown in Figure 13-7, a default
share name is provided automatically; accept this or type a different share
name, as desired.
546 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring
Figure 13-7
box.
You can share your printer from the Sharing tab of the printer’s Properties dialog
4. If users connecting to this printer are running different versions of Windows
(including 32-bit as opposed to 64-bit Windows versions), click Additional
Drivers to install drivers required by these users. From the Additional Drivers
dialog box that appears, select the required drivers and click OK.
5. If client computers have the processing power for handling the print rendering
process, select the check box labeled Render print jobs on client computers.
To have the print server handle this processing load, clear this check box.
6. Click OK.
If you haven’t installed the Print and Document Services server role, you can
perform the same task from the Devices and Printers applet in Control Panel.
Right-click your printer and choose Printer Properties. This brings up the same
Properties dialog box; select the Sharing tab, as shown previously in Figure 13-7,
and follow the same procedure as outlined here.
Publishing Printers in Active Directory
If your print server is part of an Active Directory Domain Services (AD DS) domain, you can publish the printer to facilitate the task of users locating printers
installed on the server. In the Print Management snap-in, right-click your printer
Chapter 13: Configuring and Monitoring Print Services 547
and choose List in Directory, as shown in Figure 13-8. You can also publish your
printer when configuring sharing (or from Control Panel if you have not installed
the Print and Document Services server role), by selecting the List in the Directory check box, which was previously shown in Figure 13-7.
Figure 13-8
Publishing a printer in Active Directory.
If you want to remove your printer from AD DS, right-click it and choose Remove
from Directory or clear the List in the Directory check box.
You can also use the pubprn.vbs script to publish a printer in AD DS from the
command line. The syntax is as follows:
Cscript Pubprn.vbs {<ServerName> | <UNCPrinterPath>}
"LDAP://CN=<Container>,DC=<Container>"
In this command, <ServerName> specifies the name of the server hosting the
printer to be published. If omitted, the local server is assumed. <UNCPrinterPath>
represents the UNC path to the shared printer being published. "LDAP://
CN=<Container>,DC=<Container>" specifies the path to the AD DS container
where the printer is to be published.
For example, to publish a printer named HPLaserJ located at Server1 to the Printers
container in the que.com domain, use the following command at Server1:
Cscript Pubprn.vbs \\Server1\HPLaserJ LDAP://
CN=Printers,DC=Que,DC=com"
548 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring
Using Group Policy to Deploy Printer Connections
Group Policy enables you to deploy printers in an AD DS domain environment,
automatically making printer connections available to users and computers in the
domain or organizational unit (OU). Use the following procedure to add printer
connections to a Group Policy object (GPO):
1. In the details pane of the Print Management snap-in, right-click the desired
printer and choose Deploy with Group Policy. (This option is visible in Figure 13-8, which was previously shown.)
2. The Deploy with Group Policy dialog box shown in Figure 13-9 opens. Click
Browse and locate an appropriate GPO. If necessary, you can also create a
new GPO for storing the printer connections.
Figure 13-9
Using Group Policy to deploy printer connections.
3. Select either or both of the following options for deploying printer connec-
tions to users or computers, as required:
■
Select The users that this GPO applies to (per user) to deploy to
groups of users, enabling these users to access the printer from any computer to which they log on.
■
Select The computers that this GPO applies to (per machine) to
deploy to groups of computers, enabling all users of the computers to access your printer.
4. Click Add.
5. Repeat Steps 2 to 4 to deploy the printer connection settings to another GPO,
if required.
6. Click OK.
Chapter 13: Configuring and Monitoring Print Services 549
Managing and Troubleshooting Printers
Several factors must be considered in administering printers. Like any other shared
resource, they can be assigned permissions and their use can be audited. Also, special
printing configurations, such as printer pools, can be set up. Multiple printers can
be configured for one print device to handle different types of jobs. Furthermore,
lots of things can go wrong with print jobs. Complaints from users that they cannot
print or are denied access can make up a significant portion of a network administrator or support specialist’s job.
For detailed information on printer management including sample procedures, refer to “Print Management Step-by-Step Guide” at http://technet.microsoft.
com/en-us/library/cc753109(WS.10).aspx.
NOTE
Using the Printer Properties Dialog box
Each printer has a Properties dialog box associated with it that enables you to perform a large quantity of management tasks. You already saw how to share a printer
or publish it in AD DS. This section discusses several additional tasks that you can
perform from this dialog box. Right-click the printer in the details pane of the Print
Management snap-in and choose Properties, or right-click the printer in the Control Panel Devices and Printers applet and choose Printer Properties to bring up
this dialog box. In addition to the tabs discussed here, some printers show additional
tabs; for example, color printers possess a Color Management tab that enables you
to adjust color profile settings. Some printers possess a Version Information tab,
which merely displays version information and contains no configurable settings.
General Tab
Use the General tab to rename the printer or modify the Location and Comment
fields you supplied when installing the printer. You can also print a test page or
modify printer preferences from this tab; click Preferences to open a dialog box
that enables you to adjust settings, such as print quality, paper source, type, and size,
maintenance factors such as print head cleaning, and so on. Appearance of, and options included in, this dialog box vary according to print device make and model.
Ports Tab and Printer Pooling
As shown in Figure 13-10, the Ports tab enables you to select various available ports
to which a document will be printed. Documents will print to the first available
550 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring
selected port. Click Add Port to bring up a dialog box that displays available port
types and enables you to add new ports. From here, you can add a new TCP/IP port
for accessing a network printer; a wizard is provided to guide you through the required steps. Options for configuring port options and deleting unneeded ports are
also available.
Figure 13-10 The Ports tab of the printer’s Properties dialog box enables you to configure
printer ports and printer pooling.
The Ports tab also enables you to configure printer pooling. A printer pool is a
group of print devices that are connected to a single printer through multiple ports
on the print server. These print devices should be the same make and model so that
they use the same printer driver. This method is useful because it allows pooling
of similar print devices. In high volume print situations, if one print device is busy,
print jobs directed to a printer can be spooled to another available print device that
is part of the printer pool and printing jobs are completed more quickly. To configure printer pooling, specify a different port for each print device in the printer pool.
Then, select the check box labeled Enable printer pooling and click OK.
To client computers, the printer pool appears as though it were a single printer.
When users submit print jobs to the printer pool, the jobs are printed on any available print device. You should position the physical print devices in close proximity
to each other so that the user does not have to search for print jobs. Enabling separator pages is a best practice that you should follow so that the users can locate their
print jobs rapidly and conveniently.
Chapter 13: Configuring and Monitoring Print Services 551
This tab also enables you to redirect a printer should a problem occur with its print
device and you need to take it offline for maintenance. Redirecting a printer on the
print server redirects all documents sent to that printer. However, you cannot redirect individual documents. To do so, click Add Port, and on the Printer Ports dialog box, select Local Port, and then click New Port. In the Port Name dialog box
that appears, enter the UNC or URL path to the other printer, and then click OK.
Configuration changes to the available ports on any print server affect all printers set up on that server. Also note that it is a good idea to locate all the print devices
that make up a printer pool in the same general area of your operation. People won’t
need to roam the halls of your organization in search of printed out jobs.
TIP
Advanced Tab
The Advanced tab enables you to control the availability of the printer and configure
drivers and spool settings. Available settings on this tab are shown in Figure 13-11
and described in Table 13-3.
Figure 13-11 The Advanced tab of the printer’s Properties dialog box enables you to control
availability, priority, and spooler settings.
552 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring
Table 13-3
Configurable Advanced Printer Properties
Setting
Description
Always available
and available from
Enables you to specify the hours of the day when the printer is available.
For example, you can configure a printer that accepts large jobs to print
only between 6 p.m. and 8 a.m. so that shorter jobs can be printed rapidly.
Jobs submitted outside the available hours are kept in the print queue
until the available time.
Priority
Enables you to assign a numerical priority to the printer. This priority
ranges from 1 to 99, with higher numbers receiving higher priority. The
default priority is 1. For example, you can assign a printer for managers
with a priority of 99 so that their print jobs are completed before those of
other employees.
Spool print
documents so
program finishes
printing faster
Enables spooling of print documents. Select from the following:
■
Start printing after last page is spooled: Prevents documents from
printing until completely spooled. Prevents delays when the print device prints pages faster than the rate at which they are provided.
■
Start printing immediately: The default option causes documents to
be printed as rapidly as possible.
Print directly to
the printer
Sends documents to the print device without first writing them to the
print server’s hard disk drive. Recommended only for non-shared printers.
Hold mismatched
documents
The spooler holds documents that do not match the available form until
this form is loaded. Other documents that match the form can print.
Print spooled
documents first
Documents are printed in the order that they finish spooling, rather than
in the order that they start spooling. Use this option if you selected the
Start printing immediately option.
Keep printed
documents
Retains printed jobs in the print spooler. Enables a user to resubmit a
document from the print queue rather than from an application.
Enable advanced
printing features
Turns on metafile spooling and presents additional options like page
order and pages per sheet. This is selected by default and should be
turned off only if printer compatibility problems arise.
Printing Defaults
command button
Selects the default orientation and order of pages being printed. Users
can modify this from most applications if desired. Additional print devicespecific settings may be present.
Print Processor
command button
Specifies the available print processor, which processes a document into
the appropriate print job. Available print processors are described in
“Print Processor” at http://technet.microsoft.com/en-us/library/cc976744.
aspx.
Chapter 13: Configuring and Monitoring Print Services 553
Setting
Description
Separator Page
command button
Enables you to specify a separator page file, which is printed at the start of
a print job to identify the print job and the user who submitted it. This is
useful for identifying printed output when many users access a single print
device.
TIP Unreadable output indicates incorrect printer drivers. If the printer produces a
series of unintelligible characters rather than the expected output, the problem lies in
the printer driver. Check with the manufacturer of the print device and ensure that
you have installed the correct printer drivers.
TIP You can configure different printers associated with the same print device so
that managers’ print jobs are printed before those of other users or so that long print
jobs wait until after hours to prevent tying up a print device for an extended period of
time. To do this, simply assign a priority of 99 to the managers’ printer and 1 to the
printer used by all other users. Also, assign permissions so that only the managers can
print to their printer.
Security Tab and Printer Permissions
Just as you can assign permissions to files and folders as you learned in Chapter 9,
you can assign permissions to printers. Printers have access control lists (ACL) that
you can modify in the same manner. Use the following steps to configure a printer’s
permissions from the Security tab of its Properties dialog box:
1. Select the Security tab of the printer’s Properties dialog box, as shown in
Figure 13-12.
554 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring
Figure 13-12 The Security tab of the printer’s Properties dialog box enables you to configure
printer permissions.
2. If you need to add users or groups to the ACL, click Add to open the Select
Users, Computers, or Groups dialog box.
3. In this dialog box, click Advanced, and then click Find now to locate the re-
quired users or groups. You may also use the fields in the Common Queries
area of the dialog box to narrow the search for the appropriate object.
4. Select one or more users or groups in the list, and then click OK. This returns
you to the Security tab of the printer’s Properties dialog box.
5. Select the permissions you want to allow or deny from the available list. Table
13-4 describes the available permissions.
6. If you need to assign special permissions or check the effective permissions
granted to a specific user, click Advanced. The options available are similar to
those discussed in Chapter 9 for files and folders.
7. When you finish, click OK or Apply to apply your settings.
Chapter 13: Configuring and Monitoring Print Services 555
Table 13-4
Windows Server 2008 Printer Permissions
Permission
Description
Print
Enables users to connect to the printer to print documents and control settings
for their own documents only. Users can pause, delete, and restart their own jobs
only.
Manage this Enables users to assign forms to paper trays and set a separator page. Users
printer
can also pause, resume, and purge the printer, change printer properties and
permissions, and even delete the printer itself. Also enables users to perform the
tasks associated with the Manage Documents permission.
Manage
documents
Enables users to pause, resume, restart, and delete all documents. Users can also
set the notification level for completed print jobs and set priority and scheduling
properties for documents to be printed.
Special
Similar to NTFS security permissions discussed in Chapter 9, the three default
permissions printer permissions are made up of granular permissions. Click Advanced
to bring up the Advanced Security Settings dialog box, from which you can
configure these permissions, if required.
The act of managing print jobs includes the two actions of resuming and
restarting print jobs. Resuming a print job means to restart the job from the point at
which it was paused, for example to add more paper to the printer. Restarting a print
job means to restart it from the beginning, for example when the print job is being
printed on the wrong type of paper. You can perform either of these tasks by rightclicking the print job in the print queue and selecting the appropriate option.
NOTE
TIP Print permissions behave in much the same fashion as file and folder permissions. As with file and folder permissions, printer permissions are cumulative, with
the user receiving the sum of all permissions granted to any groups to which he belongs. If you explicitly deny a permission to a user or group by selecting a check box
in the Deny column, this denial overrides any other allowed permissions the user
might have, in exactly the same manner as discussed in Chapter 9 for file and folder
permissions.
556 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring
Migrating Print Queues and Printer Settings
The Print Management snap-in enables you to export print queues, printer settings,
printer ports, and language monitors, and then import these settings to another
print server. Doing so enables you to consolidate multiple print servers or replace an
older server.
Use the following procedure to perform a print migration:
1. In the console tree of the Print Management snap-in, expand the Print servers
node, right-click the print server whose queues you want to export, and select
Export printers to a file. The Printer Migration Wizard starts.
2. On the Review the list of items to be exported page, verify the objects listed
that will be exported and click Next.
3. On the Select the file location page, type the path to the required file or click
Browse to locate an appropriate file. The file you specified will be saved with
a .printerExport extension.
4. The Exporting page tracks the progress of the export, and then displays an
Export complete message. This page also informs you of any errors that
might have occurred. You can obtain information on any errors from Event
Viewer by clicking the Open Event Viewer command button provided on
this page. This button opens Event Viewer to a Printer Migration Events
subnode that displays events related to the migration process. For more information, refer to Chapter 20, “Configuring Event Logs.” When done, click
Finish.
Use the following steps to import the print queue to the new server:
1. In the console tree of the Print Management snap-in, expand the Print servers
node, right-click the print server whose queues you want to import, and select
Import printers from a file. The Printer Migration Wizard starts.
2. On the Select the file location page, type or browse to the location of the
.printerExport file to be imported.
3. On the Review the list of items to be imported page, review the list of objects
that will be imported, and then click Next.
4. On the Select import options page, select the following import options:
■
Import mode: Select Keep existing printers to maintain the settings
on any existing printers that are installed on this print server, or select
Overwrite existing printers to restore printer information from the
backup file and overwrite the settings for existing printers on this print
server.
Chapter 13: Configuring and Monitoring Print Services 557
■
List in the directory: Select List printers that previously existed to
maintain the current listing of printers in AD DS; select List all printers
to add newly imported printers to the listing in AD DS; or select Don’t
list any printers to clear the listing of printers in AD DS.
■
Select the Convert LPR Ports to Standard Port Monitors check box
to convert Line Printer Remote (LPR) printer ports to the faster Standard Port Monitor when performing the import operation.
5. Click Next.
6. The Importing page tracks the progress of the import operation and displays
an Import Complete operation when finished. This page also informs you of
any errors that might have occurred. You can obtain information on any errors
from Event Viewer by clicking Open Event Viewer, as previously described
for the export action. When done, click Finish.
You can also migrate printer queues and settings from the command line
by using the Printbrm.exe command. For more information on exporting and importing print queues and settings, refer to “Migrate Print Servers” at http://technet.
microsoft.com/en-us/library/cc722360.aspx.
NOTE
Isolating Printer Drivers
Windows Server 2008 R2 introduces the capability to configure printer driver
components to run in a process that is isolated from other processes including the
spooler process. Doing so improves the reliability of the Windows print service by
preventing a faulty printer driver from stopping all print operations on the print
server. In previous Windows Server versions, including the original version of Windows Server 2008, printer drivers ran in the same process as the spooler; if a driver
component were to fail, all print operations from the server would be halted.
Driver isolation is specified by an INF file that installs the printer driver. If this file
indicates that the driver being installed supports driver isolation, the installer automatically configures the driver to run in an isolated process. This is specified by a
DriverIsolation keyword in the INF file. If this variable is set to 2, the driver supports driver isolation; if it is omitted or set to 0, the driver does not support driver
isolation.
To configure driver isolation, select the Drivers subnode under the print server in
the Print Management snap-in. Right-click the driver and choose Set Driver Isolation
558 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring
> Isolated, as shown in Figure 13-13. To disable driver isolation, choose None or
Shared.
Figure 13-13
Configuring printer driver isolation.
For more information on printer driver isolation, refer to “Printer
Driver Isolation” at http://msdn.microsoft.com/en-us/library/ff560836(VS.85).
aspx.
NOTE
Sometimes, you might have a server on which you’ve installed different types
of printers, such as laser, color laser, or color inkjet. Enabling printer driver isolation
enables you to ensure that should a driver problem be encountered with one printer
type, users can continue to use other printers of a different type on the same server.
TIP
Configuring Location-Aware Printer Settings
Windows Server 2008 R2 introduces a location-aware default printer settings. Users
with mobile computers running Windows 7 Professional, Enterprise, or Ultimate
can configure a different default printer according to the network to which they are
connected. For example, a user can specify a default printer when in the office, and
a different default printer set for home. The laptop automatically selects the correct
default printer according to the current location of the user.
Chapter 13: Configuring and Monitoring Print Services 559
Use the following procedure on a Windows 7 computer to configure location-aware
printing:
1. Click Start > Devices and Printers. The Control Panel Devices and Printers
applet opens.
2. Select a printer from those displayed under Printers and Faxes, and then click
the Manage Default Printers option on the menu bar.
3. From the Manage Default Printers dialog box that appears, select the Change
my default printer when I change networks radio button.
4. Select a printer for each network to which you connect, click Add, and then
click OK when finished.
Delegating Print Management
New to Windows Server 2008 R2 and Windows 7 is the ability to delegate printmanagement tasks directly to users who are not members of a group with built-in
print-management capabilities, such as the Administrators, Server Operators, or
Print Operators groups. This capability enables you to balance administrative workloads across users without the need to grant excessive administrative capabilities; it
also enables you to configure default printer security settings on print servers so that
new printers inherit these settings automatically as you install them.
The Security tab of the print server’s Properties dialog box introduces the following
new permissions, which enable you to delegate print management tasks:
■
View Server: Enables users to view the print server, including the printers that
are managed by the server. By default, the Everyone group is granted this permission.
■
Manage Server: Enables users to create and delete print queues with already
installed drivers, add or delete ports, and add or delete forms. By default, administrators and the Interactive group are granted this permission. A user who
has been granted this permission is referred to as a “delegated print administrator.”
You need to be a member of the Administrators group or running with administrative privileges to create a delegated print administrator. Use the following procedure:
1. In the console tree of the Print Management snap-in, right-click the print
server and choose Properties.
560 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring
2. Select the Security tab to display the default permissions, as shown in Figure
13-14.
Figure 13-14 The Security tab of the print server’s Properties dialog box enables you to delegate administrative control of printers attached to the server.
3. Click Add to add the user or group to which you want to delegate users, type
the required user or group name, and then click OK. The user or group is
added to the list in the Security tab.
4. Select this user or group and then select the check box under the Allow col-
umn for Manage Server. (This also selects the View Server permission.)
5. Also, select the Print, Manage Documents, and Manage Printers permis-
sions in the Allow column.
6. To delegate just the ability to add printers, follow Step 3 to add the user or
group, and then select the Manage Server and Print permissions only. (This
also selects the View Server permission.)
7. To delegate just the ability to manage existing print queues, follow Step 3,
and then select the View Server, Print, Manage Documents, and Manage
Printer permissions.
8. When finished, click OK to apply the permissions and close the Security tab
of the Print Server Properties dialog box.
Chapter 13: Configuring and Monitoring Print Services 561
For more information on delegating administrative control of printers,
refer to “Assigning Delegated Print Administrator and Printer Permission
Settings in Windows Server 2008 R2” at http://technet.microsoft.com/en-us/
library/ee524015(WS.10).aspx. Included in this reference are tables that describe
the tasks that users granted the various permissions in the print server’s Security
tab are entitled to perform.
NOTE
Troubleshooting Printer Problems
Lots of things can go wrong in a print job’s journey from an application to a print
device, with stops in between at the operating system and its print drivers. By having reviewed the printing process described at the beginning of this chapter, you can
often locate the source of printing problems.
Some Common Problems
When a user complains that he cannot print, the first thing to do is check the physical aspects of the print device, such as the cable, power, and paper. If you need to
check more advanced print device-related problems, refer to CompTIA A+ Cert
Guide, 220-701 and 220-702 (by Mark Edward Soper, Scott Mueller, and David L.
Prowse) for more suggestions.
Access Denied errors usually indicate that printer permissions are not configured
correctly or that they are not configured to the user’s liking.
If the printed document comes out garbled, someone has installed an incorrect
print driver. You should ensure that the correct driver for the problematic client is
installed. (Click Additional Drivers on the Sharing tab of the printer’s Properties
dialog box to add a driver.) Occasionally, this problem can result from a resource
conflict with the parallel port or a damaged printer cable. Check the printer cable
for damage; also check for conflicts using Device Manager.
Occasionally, print jobs get stuck in the spooler. You might notice that no print jobs
are coming out and the hard drive on the print server appears to be thrashing. If this
should happen, you need to stop and restart the spooler service. Use the following
procedure:
1. In the console tree of Server Manager, expand the Configuration node and
select Services. This displays the list of services in the details pane.
2. Right-click Print Spooler and choose Stop.
562 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring
3. Right-click it again and choose Start. This clears the jammed print job from
the queue and allows other print jobs to print.
You can modify spool settings on a per-printer basis, making the printing process
more efficient. The Advanced tab of the printer’s Properties dialog box contains
several settings previously shown in Figure 13-11 and described in Table 13-3 that
you can modify to optimize the spool process if necessary.
Printer Port Problems
Improperly configured printer ports can cause printing failures. Errors can occur if
a user configures a computer to print directly to the printer or to use bidirectional
printing when the print device does not support these functions.
TCP/IP printing, like the protocol itself, is subject to connectivity problems that require a good grounding in the TCP/IP protocol, as provided in Chapter 1, “Configuring IPv4 and IPv6 Addressing.” If TCP/IP port problems occur, try configuring
the standard TCP/IP port monitor for your printer. You may need to reconfigure
the standard port monitor port from the printer’s Properties dialog box. On the
Ports tab of this dialog box (previously shown in Figure 13-10), click Configure
Port. You may need to check with the manufacturer of the print device to see if it
supports Simple Network Management Protocol (SNMP). Printers use SNMP to
return print status. On print devices that support SNMP, printer status is returned
to the user, including errors that occur during printing. If a print device does not
support SNMP, you will either receive a generic printing error message or no error
message when a printing error occurs.
You may need to add an additional TCP/IP port using the procedure described earlier in this chapter. You may also need to verify the port name and the printer name
or IP address in the Ports tab of the printer’s Properties dialog box. To do so, click
Configure Port, and make the required modifications in the Configure Standard
TCP/IP Port Monitor dialog box that appears. Then, click OK and click Close to
close the printer’s Properties dialog box.
Enabling Notifications
The Print Management snap-in enables you to set up filters that can respond to
printers encountering problem conditions such as paper jams or running out of paper. Such a filter can perform an action such as sending an e-mail to an administrator, running a script, or so on.
Use the following procedure to set up a filter for notification purposes:
Chapter 13: Configuring and Monitoring Print Services 563
1. In the console tree of the Print Management snap-in, right-click Custom Filters
and choose Add New Printer Filter. This starts the New Printer Filter Wizard.
2. On the Printer Filter Name and Description page, type a name and optional
description, and then click Next.
3. On the Define a filter page shown in Figure 13-15, specify values for the filter
criteria, as follows:
■
Field: Specify a characteristic for the print server, queue, or status. By
specifying Queue Status, you can evaluate a printer’s current status.
■
Condition: Specify a Boolean characteristic, such as “is exactly,” “begins
with,” “contains,” or several others. Available conditions depend on the
Field value.
■
Value: The value to be matched for the criteria to be met.
Figure 13-15 Defining a filter that alerts you to an out of paper condition on any printer attached to a server named Server1.
4. When finished specifying the appropriate criteria, click Next to display the Set
Notifications (Optional) page.
5. On this page, select Send e-mail notification and type one or more e-mail
addresses of individuals to be notified in the format [email protected] Also
type the e-mail address of the sender, the name or IP address of the SMTP
server that will relay the message, and message text to be included in the email. If you want to run a script, select Run script and type the path to the
required script or click Browse to locate the script. Use the Additional arguments field to include any required script parameters.
6. When done, click Finish.
564 MCTS 70-642 Cert Guide: Windows Server® 2008 Network Infrastructure, Configuring
Exam Preparation Tasks
Review All the Key Topics
Review the most important topics in this chapter, noted with the key topics icon in
the outer margin of the page. Table 13-5 lists a reference of these key topics and the
page numbers on which each is found.
Table 13-5
Key Topics for Chapter 13
Key Topic
Element
Description
Page
Number
Table 13-2
Describes important terms that you might otherwise confuse with
regard to printing.
537
List
Shows you how to install the Print and Document Services server
role.
540
List
Shows you how to install a printer from Control Panel.
542
List
Shows you how to install a printer from the Print Management
snap-in.
544
Figure 13-7
Sharing a printer.
546
Figure 13-9
Deploying a printer connection using Group Policy.
548
Table 13-3
Describes configurable advanced printer properties.
552
Table 13-4
Describes printer permissions.
555
Paragraph
Describes printer driver isolation.
557
List
Shows you how to delegate print management tasks.
559
Chapter 13: Configuring and Monitoring Print Services 565
Complete the Tables and Lists from Memory
Print a copy of Appendix B, “Memory Tables,” (found on the CD), or at least the
section for this chapter, and complete the tables and lists from memory. Appendix C,
“Memory Tables Answer Key,” also on the CD, includes the completed tables and
lists to check your work.
Definition of Key Terms
Define the following key terms from this chapter, and check your answers in the
Glossary.
local printer, location-aware printing, network printer, print device, print
driver, print driver isolation, print pooling, print queue, print server, print
spooler, printer, printer pool, printer priority
Index
Numerics
6to4 addresses, 64-65
128-bit addressing. See IPv6
addressing
802.1X, 622, 676-678
802.3 standard, 623, 630-632
A
access policies
configuring
for 802.3 networks, 630-632
for wireless networks, 623-628
access-based enumeration, enabling
for DFS namespaces, 443-444
accounting, configuring RADIUS,
644-647
activating Pearson IT Certification
Practice Test engine, 9
active study strategies, 7
AD (Active Directory)
DHCP servers, authorizing, 116-117
DNS replication, 274-277
application directory partition,
274-275
replication scope, 275-277
printer connections, deploying, 548
printers, publishing, 546-547
adding
connections to replication groups,
450-451
folders to DFS namespaces, 440-441
members to replication groups, 451
servers to DFS namespaces, 441-443
address classes
IPv4, 41
IPv4 addresses, 41
IPv6 addressing, 58
AD-integrated zones, 250
administrative event logs, 804
advanced NTFS permissions,
applying, 373-375
Advanced tab, configuring DNS
server properties, 228-231
Advanced tab (Printer Properties
dialog box), 551-552
AES (Advanced Encryption
Standard), 193
alias resource records, creating, 302
analytic event logs, 804
anycast IPv6 addresses, 57
Application and Services Logs node
(Event Viewer), 804-805
application directory partition,
274-275
application layer, 34
application layer (TCP/IP model),
36, 40-41
1004
applying NTFS permissions
applying NTFS permissions,
371-373
approving updates (WSUS), 742-744
ARP (Address Resolution Protocol),
39, 70
ARPANET, 33
ATMA resource records, 305
auditing DNS replication, 283-287
authentication
Connection Security Rules subnode
(Windows Firewall with Advanced
Security), configuring, 848-849
DirectAccess, configuring, 708
EAP, 621-622
remote access authentication protocols,
574-575
VPNs, 591-592
for wireless networking, planning,
621-622
authorizing DHCP servers in AD,
116-117
autoconfiguration flags (DHCP) v6, 94
B
backing up data
bare metal backups, performing, 472
EFS keys, 389-391
file servers, 467-472
to removable media, 472
with VSS, 477-482
with wbadmin command, 474-475
Windows Server Backup, backup
permissions, 466
backup catalog, restoring, 475-476
backups
managing remotely, 476-477
scheduling, 472-474
bare metal backups, performing, 472
bare metal recoveries, performing,
488-491
benefits
of DirectAccess, 698
of IPv6 addressing, 55-56
best practices
for EFS management, 385-386
for file sharing, 383-384
for quotas, 522-523
BitLocker, 395-408
data recovery agents, 405-408
enabling, 397-402
fixed data drive policies, 404-405
group policies, configuring, 403
managing, 402
operating system drives, 403
preparing computer for, 397
TPM, 395
BITS (Background Intelligent
Transfer Service), 414
bitwise logical AND operation, 45
BranchCache
configuring, 414-419
with Group Policy, 417-418
with netsh command, 415-416
deploying across VPNs, 419-420
firewall rules, specifying, 417-418
broadcasts (NetBIOS), 337
C
cache locking, 239-240
caching-only servers, 255
candidates for MCITP/MCTS
certification, 12
canonical names, 302
configuring 1005
capturing network data, 837-839
certification (MCITP/MCTS),
candidates for, 12
CHAP (Challenge Handshake
Authentication Protocol), 576
CIDR (Classless Interdomain
Routing), 47
client computers, configuring WSUS,
748-753
client interface (Connection Manager),
610-611
client requirements, DirectAccess,
702-703
client-side targeting, configuring
(WSUS), 741-742
CMAK (Connection Manager
Administration Kit), 604-610
collecting real-time data with
Performance Monitor, 764-766
collector initiated Event Subscriptions,
configuring, 810-811
command line
DHCP
installing, 100
scopes, creating, 104-105
DNS, installing on Windows Server
2008 R2, 221
IPv4 addressing, configuring, 52-54
network data, capturing, 845-846
performance monitoring commands,
779
resource records, creating, 307
shadow copies, managing, 480
common-sense strategies
communities, SNMP, 826-828
component protocols (TCP/IP)
ARP, 39
ICMP, 39-40
IGMP, 40
IP, 39
TCP, 38
UDP, 38-39
components
of DirectAccess, 699
of routing tables, 137
computer groups, 738-740
configuring
BitLocker, group policies, 403
BranchCache, 414-419
with Group Policy, 417-418
with netsh command, 415-416
Connection Security Rules subnode,
authentication, 848-849
DFS, domain controller polling,
444-445
DFS Replication, 447-448, 452-454
DHCP
relay agents, 117-120
scope options, 108-116
scope properties, 107
DirectAccess
authentication, 708
clients, 708-709
DirectAccess server feature, 703-706
DNS
Advanced tab, 228-231
cache locking, 239-240
Debug Logging tab, 233-234
DnsUpdateProxy groups, 314-315
Event Logging tab, 235
Forwarders tab, 224-228
Interfaces tab, 223-224
Monitoring tab, 237-238
Root Hints tab, 231-233
socket pooling, 238-239
1006
configuring
Trust Anchors tab, 235-237
zone transfers, 279-280
DNS Notify, 281
event logs, 806-807
Event Subscriptions, 809-814
subscriptions, 811-814
Event Subscriptions
collector initiated, 810-811
source initiated, 810
events, tasks, 814-816
file sharing, 360-369
IPv4 addressing, 48-52
IPv6 addressing, 59-61
NAP
policies, 684-688
WSHV, 681-684
NAT, 588-590
NAT server for DHCP, 586-587
NPS
templates, 647-648
for wireless access, 635-638
NTFS permissions, inheritance,
375-377
Offline Files feature, 409-411
client computers, 411
transparent caching, 413
printers, location-aware settings,
558-559
RADIUS accounting, 644-647
resource records
Name Server resource records,
311-314
security, 317-318
SOA resource records, 309-311
round robin, 316
RRAS, 140-141
demand-dial routing, 148-151
for dial-up connections, 577-581
IGMP proxy, 153-155
packet filtering, 151-153
RIP, 142-144
static routing, 145-147
secure zone transfers, 282-283
shared folder properties, 363-367
SNMP, 829-833
VPNs
packet filtering, 601-603
on RRAS, 592-594
security, 595-598
Windows Firewall, 165-172
Windows Firewall with Advanced
Security
connection security rules, 180-184
inbound/outbound rules, 176-180
multiple firewall profiles, 174-176
notifications, 189
rule properties, 184-189
wireless networking, access policies,
623-628
WSUS, 733-737
client computers, 748-753
client-side targeting, 741-742
server-side targeting, 740
zones properties, 263-270
Connection Manager, 603-611
connection request policies
configuring, 180-184
creating, 641-644
Connection Security Rules subnode
(Windows Firewall with Advanced
Security), 847-848
authentication, configuring, 848-849
connections, adding to replication
groups, 450-451
DFS (Distributed File System)
copying files and folders with NTFS
permissions, 381-382
creating
connection request policies, 641-644
delegated subdomains, 272-274
DHCP scopes, 101-104
file screens, 503-505
IPsec policies with Group Policy,
194-198
namespaces, 438-439
proxy groups, 639-640
quota templates, 520-522
resource records
alias resource records, 302
with command line, 307
host resource records, 301
mail exchange resource records, 303
VPN connections, 594-596
zones
GlobalNames zones, 262-263
reverse lookup zones, 259-261
secondary zones, 261-262
custom views
creating for event logs, 807-808
importing and exporting, 808-809
customizing
event logs, 805-809
Performance Monitor, 766
D
DARPA (Advanced Research Projects
Agency of the U.S. Department of
Defense), 33
Data Collector Sets, 768-780
system-defined, 768-771
user-defined, 771-777
data link layer, 34
data recovery agents, BitLocker,
405-408
DDNS (Dynamic DNS), 266
debug event logs, 804
Debug Logging tab, configuring DNS
server properties, 233-234
declining updates (WSUS), 744
decrypting EFS files, 391-392
default gateway, 42
delegated subdomains, creating,
272-274
delegating print management, 559-561
demand-dial routing, configuring,
148-151
denial of permission, 379
deploying
BranchCache across VPNs, 419-420
printer connections with AD, 548
WSUS on disconnected networks,
747-748
DES (Data Encryption Standard), 193
designating read-only replicated
folders, 451
development of TCP/IP, 33-34
DFS (Distributed File System), 358,
433-437. See also DFS Replication
domain controller polling
configuring, 444-445
improvements in Windows Server 2008
R2, 434-435
installing on Windows Server 2008 R2,
435-437
namespaces, 433
access-based enumeration, enabling,
443-444
creating, 438-439
folders, adding, 440-441
1007
1008
DFS (Distributed File System)
managing, 438-445
servers, adding, 441-443
replication, 433
DFS Replication
configuring, 447-448
failover cluster support, configuring,
452-454
health reports, generating, 454-455
managing, 445-455
RDC, 445
replication groups, 445, 451
DHCP (Dynamic Host Configuration
Protocol), 89-95
DnsUpdateProxy groups, 314-315
four-phase leasing process, 89
lease acknowledgment, 92
lease offer, 91
lease request, 90-91
lease selection, 91-92
IPv4 leases, renewing, 92-93
NAP enforcement, 663-668
NAT server, configuring, 586-587
PXE boot, 120
relay agents, configuring, 117-120
scopes
creating, 101-104
exclusions, 107
multicast scopes, 105-106
options, configuring, 108-116
properties, configuring, 107
split scopes, 106
superscopes, 104-105
servers
authorizing in AD, 116-117
installing, 96-100
monitoring, 121-123
troubleshooting, 121-123
DHCPOFFER packets, 91
DHCPv6
autoconfiguration flags, 94
IPv6 leases, extending, 95
operation, 93-95
dial-up connections, configuring
RRAS, 577-581
DirectAccess, 698-699
authentication, configuring, 708
benefits of, 698
client requirements, 702-703
clients, configuring, 708-709
components of, 699
server feature
configuring, 703-706
installing, 703-706
server requirements, 700-701
disconnected networks, deploying
WSUS on, 747-748
disk performance, troubleshooting,
784-786
disk quotas, enabling with FSRM,
516-519
disks, preparing for EFS, 386-387
distance-vector routing protocols, RIP,
133-135, 142-144
Distributed Cache mode
(BranchCache), 415
DNS
client settings, configuring, 331-334
delegated subdomains, creating,
272-274
DNSLint tool, 290
DnsUpdateProxy groups, 314-315
forwarders, 255-256
hierarchical nature of, 211-215
host names, 213-215
root-level domains, 212
effective permissions
second-level domains, 213
top-level domains, 212-213
history of, 210
installing on Windows Server 2008 R2,
218-222
integrating with WINS, 269-270
name resolution process, 215
iterative queries, 216-217
recursive queries, 215-216
reverse lookup queries, 217-218
name servers, 253-257
namespaces, 210
NDDNS, 266
netmask ordering, 317
resource records, 299-307
ATMA, 305
Name Server resource records,
configuring, 311-314
pointer resource records, 305
properties, configuring, 308-318
registering, 314
security, configuring, 317-318
SRV resource records, 305
round robin, configuring, 316
secure zone transfers, configuring,
282-283
server administration, 222-223
server lists, 326-328
server cache, updating, 334-335
server properties, configuring
Advanced tab, 228-231
cache locking, 239-240
Debug Logging tab, 233-234
Event Logging tab, 235
Forwarders tab, 224-228
Interfaces tab, 223-224
Monitoring tab, 237-238
Root Hints tab, 231-233
source port randomization, 238-239
Trust Anchors tab, 235-237
slave servers, 256-257
split-brain configuration, 714
suffix search order lists, 328-330
zone scavenging, 267-269
zone transfers
full zone transfers, 277-278
incremental zone transfers, 278-279
zones
AD-integrated zones, 250
configuring, 257-263
forward lookup zones, 251-252
GlobalNames zones, 252-253
primary zones, 249
properties, configuring, 263-270
reverse lookup zones, 251-252
secondary zones, 250
stub zones, 251
troubleshooting, 287-290
DNS Notify, configuring, 281
DNS replication, 274-277
application directory partition, 274-275
auditing, 283-287
DNSLint tool, 290
DnsUpdateProxy groups, 314-315
domain controller polling (DFS),
configuring, 444-445
domain isolation, 201
downloading DNSLint tool, 290
drives, mapping, 367-369
dynamic IPv4 addressing, 48
E
EAP (Extensible Authentication
Protocol), 576, 621-622
effective permissions, 379-381
denial of permission, 379
viewing, 380-381
1009
1010
EFS (Encrypting File System)
EFS (Encrypting File System), 384-395
files
decrypting, 391-392
encrypting, 387-389
group policies, 393-395
keys, backing up, 389-391
preparing disks for, 386-387
recovery agents, 392-393
enabling
access-based enumeration for DFS
namespaces, 443-444
BitLocker, 397-402
disk quotas with FSRM, 516-519
modems for RRAS dial-up connections,
581-583
notifications on printers, 562-563
encapsulation, VPNs, 591
encryption
BitLocker, 395-396
data recovery agents, 405-408
enabling, 397-402
fixed data drive policies, 404-405
managing, 402
operating system drives, 403
preparing computer for, 397
TPM, 395
EFS, 384-385
files, encrypting, 387-389
group policies, 393-395
keys, backing up, 389-391
preparing disks for, 386-387
VPNs, 592
encryption methods
IPsec, 193
planning for wireless networks, 622-623
enforcement options
NAP, 659
802.1X enforcement, 676-678
DHCP enforcement, 663-668
IPsec enforcement, 670-676
RDS enforcement, 678-680
VPN enforcement, 668-670
Event Logging tab, configuring DNS
server properties, 235
event logs
custom views, 807-808
importing and exporting, 808-809
customizing, 805-809
subscriptions
configuring, 811-814
subscriptions, configuring, 809-814
Event Subscriptions
collector initiated
configuring, 810-811
event logs, configuring, 809-814
source initiated, configuring, 810
event tasks, configuring, 814-816
Event Viewer, 799-805
Application and Services Logs node,
804-805
event logs, customizing, 805-809
logs
properties, 802-803
viewing, 800-802
Task Scheduler, 814-816
exam
preparing for, 4
self-assessment, 12
topics, 18
exceptions (file screens), creating, 506
exemptions, NRPTS, 714
Forwarders tab, configuring DNS server properties
exporting
custom views for event logs, 808-809
Windows Firewall with Advanced
Security policies, 190-191
extending IPv6 leases, 95
F
failover cluster support, configuring
for DFS Replication, 452-454
features of Windows Server Backup,
465
File Classification, managing, 511-514
file groups, 502-503
File Management Tasks node (FSRM),
514-516
file screening, 501-506
exceptions, creating, 506
file groups, 502-503
monitoring, 506
File Server Resource Manager, 358
file servers, backing up with Windows
Server Backup, 467-472
File Services
installing, 359-360
role of, 358-360
file sharing, 362-363
configuring, 360-369
network discovery, 361
password protected sharing, 361
public folder sharing, 361
file systems
DFS, 433-437
namespaces, 433
replication, 433
DFS (Distributed File System),
managing namespaces, 438-445
NTFS
permissions, 369-384
transactional NTFS, 359
files
EFS decryption, 391-392
EFS encryption, 387-389
permissions, NTFS permissions,
369-384
recovering with shadow copies, 480-482
securing, 383-384
sharing, 358, 383-384
Offline Files feature, 408-413
filtering
captured network data, 839-844
event logs, 806
fixed data drive policies, BitLocker,
404-405
folders
adding to DFS namespaces, 440-441
permissions, NTFS permissions,
369-384
read-only replicated folders,
designating, 451
recovering with shadow copies, 480-482
securing, 383-384
shared folders
managing, 368-369
properties, modifying, 363-367
removing, 363
sharing, 358, 383-384
public folder sharing, 361
WindowsImageBackup, 471
forward lookup zones, 251-252
forwarders, 255-256
Forwarders tab, configuring DNS
server properties, 224-228
1011
1012
four-layer TCP/IP model
four-layer TCP/IP model, 35-37
application layer, 40-41
four-phase leasing process (DHCP),
89
lease acknowledgment, 92
lease offer, 91
lease request, 90-91
lease selection, 91-92
FRS (File Replication Service), 445
FSRM (File Server Resource
Manager), 500
disk quotas, enabling with Windows
Explorer
File Classification, managing, 511-514
File Management Tasks node, 514-516
file screening
managing, 501-506
monitoring, 506
installing, 501
Quota Management node, 516-523
storage reports, 506-511
options, 508-509
parameters, specifying, 507-508
report generation, scheduling, 509-511
FTP (File Transfer Protocol),
troubleshooting IPv4/IPv6
connectivity, 70
full mesh replication topology, 449
full server recoveries
performing with Windows Server
Backup, 488-491
with wbadmin command, 491-492
full zone transfers, 277-278
G
gateways, 137
GDI (graphics device interface), 538
General tab (Printer Properties dialog
box), 549
generating DFS Replication health
reports, 454-455
global unicast addresses, 58
GlobalNames zones, 252-253, 262-263
group policies
BitLocker, configuring, 403
EFS, 393-395
Group Policy
BranchCache, configuring, 417-418
DirectAccess clients, configuring,
708-709
IPsec policies, creating, 194-198
migrating IPv4 to IPv6, 66-67
Offline Files feature, configuring,
411-412
printer connections, deploying, 548
Windows Firewall with Advanced
Security policies, creating, 198-199
H
hard quotas, 519
health policies, configuring NAP,
684-688
health reports, generating for DFS
Replication, 454-455
hierarchical nature of DNS, 211
host names, 213-215
root-level domains, 212
second-level domains, 213
top-level domains, 212-213
history
of DNS, 210
of TCP/IP, 33-34
hops, 133
host names, 213-215
IPsec
host resource records, creating, 301
Hosted Cache mode (BranchCache),
415
HOSTS file, name resolution, 335-337
hub and spoke replication topology,
449
Hyper-V failover cluster, 707
I
ICMP (Internet Control Message
Protocol), 39-40
ICS (Internet Connection Sharing),
configuring, 589-590
IEEE 802.3 standard, 623
access policies, configuring, 630-632
IGMP (Internet Group Management
Protocol), 40
IGMP proxy, configuring on RRAS,
153-155
IKEv2 (Internet Key Exchange version
2), 574
importing
custom views for event logs, 808-809
Windows Firewall with Advanced
Security policies, 190-191
improvements to DFS in Windows
Server 2008 R2, 434-435
inbound rules, configuring for
Windows Firewall with Advanced
Security, 176-180
incremental zone transfers, 278-279
infrastructure networks, 620
inheritance, configuring NTFS
permissions, 375-377
installing
CMAK, 605-610
DFS on Windows Server 2008 R2,
435-437
DHCP server, 96-100
DirectAccess server feature, 703-706
DNS on Windows 2008 R2, 218-222
File Services, 359-360
FSRM, 501
Network Monitor, 835-837
practice test, 8
Print and Document Services server
role on Windows Server 2008,
540-541
printers, 541-545
RRAS, 138-140
SNMP, 828-829
Windows Server Backup, 466-467
WINS servers, 340
WSUS, 728-731
integrating DNS with WINS, 269-270
interface list, 137
Interfaces tab, configuring DNS server
properties, 223-224
Internet layer (TCP/IP model), 37
interoperability
IPv4 and IPv6, 62-65
interoperability, IPv4 and IPv6
6to4 addresses, 64-65
ISATAP addresses, 63
Teredo addresses, 65
IP (Internet Protocol), 39
ipconfig command, 288-290
troubleshooting IPv4/IPv6 connectivity,
71-72
IPsec, 623
encryption, 193
isolation policies, 201
NAP enforcement, 670-676
policies, creating with Group Policy,
194-198
1013
1014
IPsec
Transport mode, 191
Tunnel mode, 191
IPv4 addressing
components, 42
configuring, 48-54
connectivity, troubleshooting, 68-75
DHCP, NAP enforcement options,
663-668
dynamic addressing, 48
four-phase leasing process (DHCP), 89
lease acknowledgment, 92
lease request, 90-91
lease selection, 91-92
interoperability with IPv6, 62-65
leases, renewing, 92-93
migrating to IPv6 with Group Policy,
66-67
name resolution
HOSTS file, 335-337
LLMNR, 345-347
NetBIOS, 337-345
NAT, 584-590
configuring, 588-589
ICS, configuring, 589-590
private addressing, 48
static addressing, 41-44
subnet masks, 44
subnetting, 44-46
bitwise logical AND operation, 45
netmask, 137
supernetting, 47
CIDR, 47
troubleshooting, 75-80
IPv6 addressing, 54-67
address classes, 58
benefits of, 55-56
configuring, 59-61
connectivity, troubleshooting, 68-75
interoperability with IPv4, 62-65
leases, extending, 95
prefixes, 56
syntax, 56-59
troubleshooting, 75-80
ISATAP addresses, 63
isolating print drivers, 557-558
isolation policies, 201
iterative queries, 216-217
J-K-L
keys (EFS), backing up, 389-391
L2TP (Layer 2 Tunneling Protocol),
574
layers
of OSI Reference model, 34
of TCP/IP model, 35-37
learning styles,5
link-local unicast addresses, 58
LLMNR (Link Local Multicast Name
Resolution), 345-347
LMHOSTS file, name resolution,
339-340
load balancing, configuring round
robin, 316
location-aware printer settings,
configuring, 558-559
logs
Application and Services Logs node
(Event Viewer), 804-805
properties, 802-803
viewing in Event Viewer, 800-802
LUNs (logical unit numbers), 523-524
Name Server resource records
M
M flag, 94
macro study strategy, 6
mail exchange resource records,
creating, 303
managing
backups on remote server, 476-477
BitLocker, 402
DFS Replication, 445-455
EFS, best practices, 385-386
file screening, 501-506
exceptions, creating, 506
file groups, 502-503
file screens, creating, 503-505
FSRM, File Classification, 511-514
namespaces, 438-445
quotas with FSRM, 516-523
shadow copies
with command line, 480
with Windows Explorer, 478-479
shared folders, 368-369
shared resources, 425
storage reports (FSRM), 506-511
mapping drives, 367-369
MCITP exam, preparing for, 4
MCTS exam, preparing for, 4
members, adding to replication
groups, 451
memory performance,
troubleshooting, 781-783
messages, SNMP, 825-826
metrics, 133
MIB (Management Information Base),
824-825
micro study strategy, 6
migrating
print queues, 556-557
migrating IPv4 to IPv6, Group Policy,
66-67
modems, enabling for RRAS dial-up
connections, 581-583
monitoring
DHCP servers, 121-123
file screening, 506
print servers, 779-780
Monitoring tab, configuring DNS
server properties, 237-238
moving files and folders with NTFS
permissions, 382
MS-CHAPv2 (Microsoft Challenge
Handshake Protocol version 2), 576
multicast IPv6 addresses, 57
multicast scopes, 105-106
multiple firewall profiles, configuring
on Windows Firewall, 174-176
N
name resolution
DNS
iterative queries, 216-217
recursive queries, 215-216
reverse lookup queries, 217-218
HOSTS file, 335-337
LLMNR, 345-347
NetBIOS
broadcasts, 337
LMHOSTS file, 339-340
troubleshooting, 344-345
WINS servers, 340-344
Name Server resource records,
configuring properties, 311-314
1015
1016
name servers
name servers, 253-257
namespaces, 210, 433
access-based enumeration, enabling,
443-444
creating, 438-439
folders, adding, 440-441
managing, 438-445
servers, adding, 441-443
NAP (Network Access Protection),
658-663
components, 660-662
enforcement options
802.1X enforcement, 676-678
DHCP enforcement, 663-668
IPSec enforcement, 670-676
RDS enforcement, 658, 678-688
VPN enforcement, 668-670
policies, configuring, 684-688
SHVs, 658, 680-688
WSHV, configuring, 681-684
NAT (Network Address Translation),
584-590
configuring, 588-589
ICS, configuring, 589-590
Nbstat utility, troubleshooting IPv4/
IPv6 connectivity, 72
NDDNS (non-dynamic DNS), 266
need for routing, 132-133
net share command, 368-369
NetBIOS
name resolution
broadcasts, 337
LMHOSTS file, 339-340
WINS servers, 340-344
troubleshooting, 344-345
netmask, 137
netmask ordering, 317
netsh command, 53
BranchCache, configuring, 415-416
Netstat command-line tool,
troubleshooting IPv4/IPv6
connectivity, 72-73
Network and Sharing Center
file sharing, configuring, 360-369
network drives, mapping, 367-369
opening, 361
shared folders, configuring properties,
363-367
network data
capturing, 837-839
filtering, 839-844
network discovery, 361
network drives, mapping, 367-369
network interface layer (TCP/IP
model), 37
network layer, 34
Network Monitor
aliases, 844-845
captured network data, filtering,
839-844
installing, 835-837
network data, capturing, 837-839
network performance, optimizing,
786-787
NFS (Network File System), 358
non-delegated subdomains, creating,
271
notifications, enabling on printers,
562-563
NPS (Network Policy Server), 633
installing on Windows Server 2008 R2,
634-635
proxy groups, creating, 639-640
templates, configuring, 647-648
wireless access, configuring, 635-638
Performance Monitor
NRPTs (Name Resolution Policy
Tables)
exemptions, 714
split-brain DNS configuration, 714
nslookup command, 288-290
Nslookup command-line tool,
troubleshooting IPv4/IPv6
connectivity, 73
NTFS (New Technology File System)
permissions, 369-384
advanced permissions, specifying,
373-375
applying, 371-373
effective permissions, 379-381
files and folders, copying with,
381-382
inheritance, configuring, 375-377
moving files and folders with, 382
Take Ownership permission, 377-379
transactional NTFS, 359
O
O flag, 94
Offline Files feature, 408-413
client computers, configuring, 411
configuring, 409-411
transparent caching, configuring, 413
opening Network and Sharing Center,
361
operational event logs, 804
optimizing
disk performance, 784-786
network performance, 786-787
processor utilization, 783-784
OSI Reference model, 34
outbound rules, configuring for
Windows Firewall with Advanced
Security, 176-180
ownership of files/folders, transferring
with Take Ownership permissions,
377-379
P
packet filtering
configuring on RRAS, 151-153
VPNs, configuring, 601-603
PAP (Password Authentication
Protocol), 576
parameters for FSRM storage reports,
specifying, 507-508
password protected sharing, 361
pathping command, troubleshooting
IPv4/IPv6 connectivity, 75
PEAP (Protected EAP), 622
Pearson IT Certification Practice
Test engine
activating, 9
installing, 8
Premium Edition, 10
Performance Monitor, 762-768
customizing, 766
Data Collector Sets
system-defined, 768-771
user-defined, 771-777
disk performance, troubleshooting,
784-786
memory performance, troubleshooting,
781-783
network performance, troubleshooting,
786-787
processor utilization, troubleshooting,
783-784
real-time data, collecting, 764-766
required permissions, 767-768
1017
1018
performing
performing
bare metal backups, 472
bare metal recoveries, 488-491
full server recoveries with wbadmin
command, 491-492
perimeter networks, DirectAccess
installation, 707
permissions
NTFS, 369-384
applying, 371-373
applying advanced permissions,
373-375
copying files and folders with, 381-382
effective permissions, 379-381
inheritance, configuring, 375-377
moving files and folders with, 382
Take Ownership permission, 377-379
Performance Monitor requirements,
767-768
persistent routes, 137
physical layer, 34
ping command, 288-290
troubleshooting IPv4/IPv6
connectivity, 73-74
planning
encryption methods for wireless
networks, 622-623
wireless networking, authentication,
621-622
pointer resource records, 305
Ports tab (Printer Properties dialog
box), 549-551
PPP (Point-to-Point Protocol), 574
PPTP (Point-to-Point Tunneling
Protocol), 574
practice exam
answers, 920
questions, 852
practice test
activating, 9
installing, 8
Premium Edition, 10
preparing for, 10
prefixes, IPv6 addressing, 56
preparing
computer for BitLocker, 397
for exam
active study strategies, 7
common-sense strategies, 7
macro study strategy, 6
micro study strategy, 6
pretesting, 7
self-assessment, 12
presentation layer, 34
pretesting for exam, 7
primary name servers, 253-254
primary zones, 249
Print and Document Services server
role, installing on Windows Server
2008 R2, 540-541
print devices, 537
print drivers, 537
isolating, 557-558
Print Management Console, installing
printers, 544-545
print management, delegating,
559-561
print queues, 537
migrating, 556-557
print servers, 537, 779-780
print spooling, 537
printers, 537
installing, 541-545
location-aware settings, configuring,
558-559
recursive queries
notifications, enabling, 562-563
printing process, 538-539
publishing in AD, 546-547
sharing, 362-363, 545-546
troubleshooting, 561-563
private IPv4 addresses, 48
processor utilization, troubleshooting,
783-784
properties
of demand-dial routing, configuring,
150-151
of DNS servers, configuring
Forwarders tab, 224-228
Interfaces tab, 223-224
Root Hints tab, 231-233
of event logs, 802-803, 806-807
of resource records, configuring,
309-311
of shared folders, configuring, 363-367
Properties dialog box (printers)
Advanced tab, 551-552
General tab, 549
Ports tab, 549-551
Security tab, 552-555
protocol analyzers, 833-834
placement of, 834-835
provisioning shared resources with
Share and Storage Manager,
422-424
proxy groups, creating, 639-640
public folder sharing, 361
public key cryptography, 385-386
publishing printers in AD, 546-547
PXE boot, 120
Q
Quota Management node (FSRM),
516-523
quota templates, creating, 520-522
quotas, best practices, 522-523
R
RADIUS
accounting, configuring, 644-647
clients, configuring, 638-639
connection request policies, creating,
641-644
NPS, 633
configuring for wireless access,
635-638
installing on Windows Server 2008
R2, 634-635
proxy groups, creating, 639-640
RDC (remote differential
compression), 445
RDS (Remote Desktop Services), NAP
enforcement, 678-680
read-only replicated folders,
designating, 451
Reconnect feature (VPNs), 598-599
recovering
files/folders with shadow copies,
480-482
with Windows Server Backup system
state, 486-488
recovering data
full server recoveries, 488-491
with Windows Server Backup, 482-486
recovery agents (EFS), 392-393
recursive queries, 215-216
1019
1020
registering resource records
registering resource records, 314
relay agents (DHCP), configuring,
117-120
Reliability Monitor, 787-789
remote access protocols, 573-577
remote access authentication protocols,
574-575
remote servers, managing backups,
476-477
removable media, backing up data to,
472
removing shared folders, 363
renewing IPv4 leases, 92-93
replication, 433
replication groups, 445
connections, adding, 450-451
members, adding, 451
replication partners, 342
replication topologies, 449-450
reports (WSUS), viewing, 745-747
Resource Monitor, 789-791
resource records, 299-300
alias, creating, 302
ATMA resource records, 305
creating with command line, 307
host, creating, 301
mail exchange, creating, 303
Name Server resource records,
configuring properties, 311-314
pointer resource records, 305
registering, 314
SOA resource records, configuring
properties, 309-311
SRV resource records, 305
restoring backup catalog, 475-476
reverse lookup queries, 217-218
reverse lookup zones, 251-252,
259-261
RFCs, 34
RIP (Routing Information Protocol),
133-135, 142-144
RIPv2, 134-135
role of File Services in Windows
Server 2008 R2, 358-360
Root Hints tab, configuring DNS
server properties, 231-233
root-level domains, 212
round robin, configuring, 316
routing. See also routing protocols;
routing tables
demand-dial routing, configuring,
148-151
hops, 133
metrics, 133
need for, 132-133
static routing, configuring, 145-147
routing protocols, 133-135
RIP, 133-135, 142-144
routing tables, 135-136
RRAS (Routing and Remote Access
Service), 136-147, 575-577
configuring, 140-141
demand-dial routing, configuring,
148-151
dial-up connections
configuring, 577-581
modems, enabling, 581-583
IGMP proxy, configuring, 153-155
installing, 138-140
packet filtering, configuring, 151-153
RIP, configuring, 142-144
static routing, configuring, 145-147
VPNs, configuring, 592-594
sharing 1021
S
SANs (storage area networks), Storage
Manager for SANs, 523-526
scheduling
backups, 472-474
FSRM storage report generation,
509-511
scopes (DHCP)
creating, 101-104
exclusions, 107
multicast scopes, 105-106
options, configuring, 108-116
properties, configuring, 107
split scopes, 106
superscopes, 104-105
secondary name servers, 254-255
secondary zones, 250
creating, 261-262
second-level domains, 213
secure zone transfers, configuring,
282-283
security
authentication
remote access authentication protocols,
574-575
VPNs, 591-592
encryption, EFS, 384-395
NAP, 658-663
components, 660-662
enforcement options, 659
policies, configuring, 684-688
SHVs, 658, 680-688
password protected sharing, 361
resource records, configuring, 317-318
VPNs
audit policies, 599-600
configuring, 595-598
Windows Firewall, configuring,
165-172
Security tab (Printer Properties dialog
box), 552-555
self-assessment, 12
server cache (DNS), updating, 334-335
server feature (DirectAccess),
installing, 703-706
server isolation, 201
server lists, 326-328
server requirements, DirectAccess,
700-701
server-side targeting, configuring
(WSUS), 740
servers, adding to DFS namespaces,
441-443
session layer, 34
SHA (system health agent), 680
shadow copies
folders, recovering, 480-482
managing with command line, 480
managing with Windows Explorer,
478-479
Share and Storage Management
Console, 421-425
shared resources
managing, 425
provisioning, 422-424
sharing, 358
best practices, 383-384
files, Offline Files feature, 408-413
folders, 362-363
properties, modifying, 363-367
public folder sharing, 361
password protected sharing, 361
printers, 362-363, 545-546
shared folders, managing, 368-369
1022
SHVs (system health validators)
SHVs (system health validators), 658,
680-688
WSHV, configuring, 681-684
slave servers, 256-257
smart cards, 576
SNMP (Simple Network Management
Protocol)
communities, 826-828
configuring, 829-833
installing, 828-829
messages, 825-826
MIB, 824-825
SOA resource records, configuring
properties, 309-311
socket pooling (DNS), 238-239
soft quotas, 519
source initiated Event Subscriptions,
configuring, 810
source port randomization, 238-239
specifying
aliases, 844-845
BranchCache firewall rules, 417-418
storage report parameters, 507-508
split scopes, 106
split-brain DNS configuration, 714
SRV resource records, 305
standards for wireless networking, 620
static addressing, IPv4, 41-44
static routing, configuring, 145-147
Storage Manager for SANs, 523-526
LUNs, 523-524
storage reports (FSRM), 506-511
options, 508-509
parameters, specifying, 507-508
report generation, scheduling, 509-511
strategies for studying, 6
stub zones, 251
study strategies, 6
styles of learning, 5
subnet masks, 42, 44
netmasks, 137
subnetting, 44-46
bitwise logical AND operation, 45
suffix search order lists, 328-330
supernetting, 47
superscopes, 104-105
syntax, IPv6 addressing, 56-59
System State
recovering, 486-488
Windows Server Backup, 464-465
system-defined Data Collector Sets,
768-771
T
Take Ownership permission, 377-379
Task Scheduler, 814-816
TCP (Transmission Control Protocol),
38
TCP/IP, component protocols, 38-40
connectivity, troubleshooting, 70-75
four-layer model, 35-37, 40-41
history of, 33-34
IPv4 addressing
address classes, 41
components, 42
configuring, 48-52-54
dynamic addressing, 48
four-phase leasing process (DHCP),
89-92
updates (WSUS)
interoperability with IPv6, 62-65
leases, renewing, 92-93
migrating to IPv6 with Group Policy,
66-67
NAT, 584-590
private addressing, 48
static addressing, 41-44
subnet masks, 44
subnetting, 44-46
supernetting, 47
troubleshooting, 75-80
IPv6 addressing, 54-67
address classes, 58
benefits of, 55-56
configuring, 59-61
interoperability with IPv4, 62-65
prefixes, 56
syntax, 56-59
troubleshooting, 75-80
templates
NPS, configuring, 647-648
quota templates, creating, 520-522
templates (file screens), creating,
503-505
Teredo addresses, 65
testing updates, 738-742
topics for exam, 4
top-level domains, 212-213
TPM (Trusted Platform Module), 395
tracert command, troubleshooting
IPv4/IPv6 connectivity, 74
transactional NTFS, 359
transferring ownership of files/folders,
377-379
transparent caching, configuring
Offline Files feature, 413
transport layer
OSI Reference model, 34
TCP/IP model, 36-37
Transport mode (IPsec), 191
Triple DES, 193
troubleshooting
DHCP servers, 121-123
disk performance, 784-786
IPv4 addressing, 75-80
IPv4/IPv6 connectivity
TCP/IP utilities, 70-75
Windows Server 2008 diagnostics
tools, 68-75
IPv6 addressing, 75-80
memory performance, 781-783
NetBIOS, 344-345
network performance, 786-787
printers, 561-563
processor utilization, 783-784
zones, 287-290
Trust Anchors tab, configuring DNS
server properties, 235-237
Tunnel mode (IPsec), 191
U
UDP (User Datagram Protocol), 38-39
UNC (universal naming convention)
path, 433
unicast IPv6 addresses, 56-57
unique local IPv6 unicast addresses, 58
updates (WSUS)
approving, 742-744
declining, 744
testing, 738-742
1023
1024
updating with WSUS
updating with WSUS, 724-727
user profiles, restoring with Windows
Server Backup, 486
user-defined Data Collector Sets,
771-777
V
viewing
effective permissions, 380-381
logs in Event Viewer, 800-802
WSUS reports, 745-747
volume quotas, managing with FSRM,
516-523
VPNs (virtual private networks), 590
audit policies, 599-600
authentication, 591-592
configuring on RRAS, 592-594
connections, creating, 594-596
data encryption, 592
deploying BranchCache on, 419-420
encapsulation, 591
NAP enforcement, 668-670
packet filters, configuring, 601-603
Reconnect feature, enabling, 598-599
remote access policies, 601
security, configuring, 595-598
VSS (Volume Shadow Copy Service),
477-482
shadow copies
folders, recovering, 480-482
managing with command line, 480
managing with Windows Explorer,
478-479
W
wbadmin command
data backups, performing, 474-475
full server recoveries, performing,
491-492
WEP (Wired Equivalent Privacy), 622
Windows Explorer, managing shadow
copies, 478-479
Windows Firewall, configuring. See also
Windows Firewall with Advanced
Security
Windows Firewall with Advanced
Security, 172-191, 848-849
connection security rules, configuring,
180-184
Connection Security Rules subnode,
847-848
inbound/outbound rules, configuring,
176-180
multiple firewall profiles, configuring,
174-176
notifications, configuring, 189
policies, creating with Group Policy,
198-199
policies, importing/exporting, 190-191
rule properties, configuring, 184-189
Windows Search Service, 359
Windows Server 2008
connectivity, troubleshooting, 68-70
DFS
improvements to, 434-435
installing, 435-437
DHCP server installation, 96-100
DNS, installing, 218-222
File Services, installing, 359-360
NPS, installing, 634-635
WSUS (Windows Server Update Service)
Offline Files feature, 408-413
Print and Document Services server
role, installing, 540-541
RAS client, configuring, 583
RRAS, 136-147
configuring, 140-141
installing, 138-140
Storage Manager for SANs, 523-526
WSUS, installing, 728-731
Windows Server Backup, 464-477
backup catalog, restoring, 475-476
backups
permissions, 466
scheduling, 472-474
bare metal backups, performing, 472
bare metal recoveries, performing,
488-491
features, 465
file server, backing up, 467-472
installing, 466-467
recovering data, 482-486
removable media, backing up
data to, 472
System State, 464-465
system state, recovering, 486-488
user profiles, recovering, 486
Windows Update, 724-727
Windows XP clients, creating wireless
access policies, 628-630
WindowsImageBackup folder, 471
WINS (Windows Internet Naming
Service) address, 42
WINS servers
installing, 340
integrating with DNS, 269-270
name resolution, 340-344
wireless networking
access policies, configuring, 623-628
authentication
EAP, 621-622
planning, 621-622
encryption methods, planning, 622-623
standards, 620
WSHV (Windows Security Health
Validator), configuring, 681-684
WSUS (Windows Server Update
Service), 724-727
client computers, configuring, 748-753
client-side targeting, configuring,
741-742
computer groups, 738-740
configuring, 733-737
on disconnected networks, 747-748
installing, 728-731
reports, viewing, 745-747
server-side targeting, configuring, 740
updates
approving, 742-744
declining, 744
testing, 738-742
1025
1026
zone scavenging
X-Y-Z
zone scavenging, 267-269
zone transfers
full zone transfers, 277-278
incremental zone transfers,
278-279-280
zones, 249-253
AD-integrated zones, 250
forward lookup zones, 251-252
GlobalNames zones, 252-253, 262-263
primary zones, 249
properties, configuring, 263-270
reverse lookup zones, 251-252, 259-261
secondary zones, 250, 261-262
stub zones, 251
troubleshooting, 287-290
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement