1 / 51

Chapter 6

Chapter 6. Managing Printers, Publishing, Auditing, and Desk Resources. Objectives. Create and modify shared printer resources Set up and manage published resources in Active Directory Audit access to shared resources Manage data storage. Creating and Modifying Shared Printer Resources.

elina
Télécharger la présentation

Chapter 6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources

  2. Objectives • Create and modify shared printer resources • Set up and manage published resources in Active Directory • Audit access to shared resources • Manage data storage

  3. Creating and Modifying Shared Printer Resources • Print device • Actual hardware device that produces a printed document • Main types of print devices • Local • Connected directly to a port on the print server or workstation • Network • Connects to a print server through its own network adapter and connection to the network

  4. Creating and Modifying Shared Printer Resources • Printer • Configuration object in Windows Server 2003 that controls connection to the print device • Print driver • Files containing information that Windows Server 2003 uses to convert raw print commands to a language that the printer understands • Print server • Computer in which the printers and print drivers are located

  5. Creating and Modifying Shared Printer Resources • Hardware requirements for setting up an efficient printing environment • One or more computers to act as print servers • Sufficient space on the hard drive for the print server • Sufficient RAM beyond that of the minimum Windows Server 2003 requirements

  6. Adding a Printer as a Local Print Device • To add and share a local print device • Must have administrator privileges on the computer that will act as the print server • Add Printer Wizard • Used to install and configure printers on systems running Windows Server 2003 • Accessed from the Printers and Faxes program on the Start menu

  7. Adding a local printer

  8. Adding a Printer as a Network Print Device • Add Printer Wizard • Can be used to add network print devices to a network • To add a network print device • A new TCP/IP port must be created to facilitate communication directly over the network

  9. Configuring a network printer

  10. Configuring an Existing Printer • Some configuration options that may need to be modified after installing a printer • Sharing • Permissions • Other advanced settings • To modify configurational options • Right-click the printer icon, and • Click Properties

  11. Modifying printer properties

  12. Configuring an Existing Printer (Continued) • Some of the most important configuration options are found under • Sharing tab • Allows you to • Enable or disable printer sharing and Active Directory publishing • Install additional drivers for other operating systems • Security tab • Allows you to • Control printer permissions

  13. Printer permissions

  14. Printer Pools and Priorities • Printer pool • Consists of a single printer that is connected to a number of print devices • Advantages • Provides better document distribution in high-volume environments • Reduces the time that users must wait for documents to print • Configured using the Ports tab of a printer’s properties window

  15. Printer Pools and Priorities (Continued) • Print priorities • Useful in cases where different groups of users need to have different levels of priority to a limited number of print devices • To configure printer priorities • Install two printers on the print server and connect them both to the same print device • Configure the priority of each printer by using the Advanced tab • Higher priority printers print first • Only allow specific users to print to a specific printer

  16. Setting Up and Updating Client Computers • Clients which automatically download the print driver when they initially connect to the printer • Windows 2000 • Windows Server 2003 • Windows XP

  17. Setting Up and Updating Client Computers (Continued) • Clients which automatically download the print driver, but only if there is a copy of the appropriate driver on the print server • Windows 95 • Windows 98 • Windows ME • Windows NT 4.0

  18. Setting Up and Updating Client Computers (Continued) • To install additional print drivers • Use the Additional Drivers dialog box from the Sharing tab • The necessary print driver must be manually installed on • Windows 3.x clients • Non-Microsoft clients, such as • Macintosh clients • UNIX clients

  19. Troubleshooting Printers • The two most common printing problems: • Print jobs become stuck in the print queue • Documents may appear in the print queue, but they do not print, and they cannot be deleted • Failure of a print device • A print device may fail because of • A paper jam • Hardware failure • A stuck print job

  20. Publishing Resources in Active Directory • When a shared resource is published into Active Directory • Active Directory contains an object that represents a link or direct information on how to use or connect to the shared resource • Benefit of publishing a shared resource • Network users can query Active Directory to find the resource

  21. Publishing Shared Folders into Active Directory • Published folder • An Active Directory object that points to an associated folder share on a file server • Clients can search the directory for a published folder by • The folder’s share name • Using preconfigured keywords • Active Directory Users and Computers tool • Can be used to publish shared folders

  22. Publishing Printers into Active Directory • Publishing shared printers can help users find network printer resources • A Windows Server 2003- or Windows 2000-compatible printer installed on a domain print server • Automatically published into Active Directory during installation • Printer shares created on pre-Windows 2000 print servers • Not published into Active Directory by default • Can be added manually to the directory

  23. Managing Published Printers • When a print server is removed from the network, its Active Directory object is automatically removed from the database • Benefit • Prevents users from trying to connect to print servers that are not actually running • Publishing settings of a printer • Determine whether the printer is published into Active Directory • Controlled via a check box on the Sharing tab of a printer’s properties window

  24. Searching for Objects in Active Directory • Tools used by users to find published objects • Search tool from the Start menu • Find tool from the Start menu • Tools used by administrators to find published objects • Active Directory Users and Computers Find command • Active Directory Users and Computers Saved Queries feature

  25. Auditing Access to Shared Resources • Monitoring network events • An important part of any network security strategy • Helps detect potential threats • Increases user accountability • Provides evidence of security breaches if or when they occur • Can be used for resource planning

  26. Auditing Access to Shared Resources (Continued) • Auditing • Used to monitor and track activities on a network • When an audited event occurs, a record of it is written to the security log • Event Viewer • Used to view the audit entries stored in the security log

  27. Auditing Access to Shared Resources (Continued) • Audit policy • Defines the events that Windows Server 2003 records in the security log as they occur • When implementing an audit policy, you need to determine • The events you want to track • Whether you want to track the successes and/or failures

  28. Events that can be monitored

  29. Configuring Auditing: Requirements • Requirements for configuring an audit policy • You must be • A member of the Administrators group, or • Assigned the Manage auditing and security log user right • Files or folders being audited must reside on an NTFS volume

  30. Setting Up an Audit Policy • To set up an audit policy, you must • Choose the events you wish to monitor • Decide whether to monitor the successes and/or failures of these events • To audit access to files, folders, printers, and Active Directory objects • The auditing settings must be configured on the specific resources

  31. Configuring an audit policy

  32. Auditing Object Access • To configure auditing settings for specific files or folders • Access the Advanced Security Settings on the particular resource • Auditing can also be configured for objects that are stored within Active Directory, such as • Computers • Users • Groups • OUs

  33. Best Practices • General guidelines for planning an audit policy • Only enable auditing for those events that can provide you with useful information • Review the audit entries in the security log on a regular basis • Enable auditing for sensitive and confidential information • Audit the Everyone group instead of the Users group • Audit the use of user rights assignment • Always audit the Administrators group

  34. Analyzing Security Logs • An entry is written to the security log each time an event defined within the audit policy occurs • Event Viewer • Can be used to examine the contents of the security log • Successful events • Represented by a key icon • Unsuccessful events • Represented by a lock icon • Available tools • Find option • Filter option

  35. The Event Viewer Security log

  36. Configuring the Event Viewer • If the security log become full, events may be overwritten depending on configured settings • Options for avoiding this problem • Audit only those events that are essential • Change the default settings or properties of the security log • Review and archive the security log files on a regular basis • Security Properties dialog box • Used to configure the properties of the security log

  37. Configuring log properties

  38. Security log configuration options

  39. Managing Data Storage • Features provided in Windows Server 2003 for managing data storage • Dynamic disk • Overcomes many of the limitations and restrictions imposed by the traditional basic disk • Disk quotas • Provide administrators with a way to track and limit the amount of disk space available to users

  40. Basic versus Dynamic Disks: Basic Disks • Basic disk • The traditional storage type • Divides physical disk space into primary partitions, extended partitions, and logical drives • All disks are automatically initialized as basic when Windows Server 2003 is installed

  41. Dynamic Disks • Divides physical disk space into volumes • Some reasons for implementing dynamic disks • Volumes can be extended • RAID volumes can be configured • Missing or offline disks can be reactivated • Changes to disks can be made without having to restart the computer • Mirrored and RAID-5 volumes can be applied • The Disk Management snap-in can be used to • Centrally configure and manage volumes • Convert a basic disk to a dynamic disk

  42. Graphical view within Disk Management

  43. Configuring Volumes • Upgrading from a basic disk to a dynamic disk • Administrative privileges are needed • Disk must contain at least 1 MB of free space • Possible data loss • When upgrading from basic to dynamic • No data is lost • When reverting back to a basic disk • All volumes must be deleted, then • Data can be restored from backup

  44. Configuring Volumes (Continued) • Once upgraded, the disk can only be locally accessed by operating systems that support dynamic disks • Converting to a dynamic disk does not affect network access to shared resources on the disk • Once upgraded, primary and extended partitions become simple volumes

  45. Configuring Volumes (Continued) • Windows Server 2003 volumes: • Simple volume • Spanned volume • Striped volume • RAID 5 volume • Mirrored volume

  46. Disk Quotas • Using disk quotas: • Prevents users from consuming all available disk space • Encourages users to delete old files as they reach their disk quota • Allows an administrator to track disk usage for future planning • Allows administrators to track when users are reaching their available limits • To configure disk quotas • Access the properties of a volume, and • Click the Quota tab

  47. Disk quota configuration parameters

  48. Managing File and Folder Compression • Data compression • Can reduce the amount of disk space that folders and files take up • Can only be used on volumes that are formatted with NTFS • To configure compression • Enable or disable the compression attribute of a file or folder within Windows Explorer • If a file is copied to another folder within the same NTFS volume • The file automatically inherits the compression attribute of the destination folder

  49. Managing File and Folder Compression (Continued) • If a file or folder is moved within the same NTFS volume • The file retains its compression attribute • If a file or folder is copied between NTFS volumes • The file or folder inherits the compression attribute of the destination folder • If a file or folder is moved between NTFS volumes • The file or folder inherits the compression attribute of the destination folder

  50. Summary • Two kinds of printer devices can be shared: • A local print device • A network print device • Both printer and folder shares can be published into Active Directory to make it easy for clients to find the shared resources • Auditing can be used in Windows Server 2003 to monitor and track activities on a network • When an event occurs, a record of it is written to the security log

More Related