Planning File and Print Services

Lesson 5

Skills Matrix
Technology Skill

Objective Domain

Objective #

Deploying File Servers

Plan file and print

server roles

1.5

File Services Role

The File Services role and the other
storage-related features included
with Windows Server 2008 provide
tools that enable system
administrators to address problems
like these on a scale appropriate to a
large enterprise network.

Arranging Shares
One of the most important steps in
designing a file-sharing strategy is to
decide how many shares to create and
where to create them.
Depending on the size of your
organization, you might have one single
file server, or many servers scattered
around the network.
Even if you split the Home and Public
shares among multiple servers, you can
still make them appear as a single unified
directory tree using the Windows Server

Arranging Shares
A well-designed sharing strategy
provides each user with three
resources:
A private storage space, such as a
home folder, to which the user has
exclusive access.
A public storage space, where each
user can store files that they want
colleagues to be able to access.
Access to a shared work space for
communal and collaborative

Controlling Access
On most enterprise networks, the
principle of least privileges should
apply.
This principle states that users
should have only the privileges they
need to perform their required tasks,
and no more.

Controlling Access
A users private storage space should be
exactly that, private and inaccessible, if
not invisible, to other users.
This is a place in which each user can
store his or her private files, without
exposing them to other users.
Each user should, therefore, have full
privileges to his or her private storage,
with the ability to create, delete, read,
write, and modify files.
Other users should have no privileges to
that space at all.

Controlling Access to Private Folders

The easiest way
to create private
folders with the
appropriate
permissions for
each user is to
create a home
folder through
each Active
Directory user
object.

Controlling Access to Public Folders

Each user should also have full privileges
to his or her public folder. This is a space
where users can share files informally.
Users should be able to list the contents of
all public folders and read the files stored
there, but not be able to modify or delete
files in any folder but their own.
Users should also be able to navigate
throughout the Public folder tree so that
they can read any users files and copy
them to their own folders.

Assigning Permissions
To simplify the administration process, you
should always assign permissions to
security groups and not to individuals.
Assigning permissions to groups enables
you to add new users or move them to
other job assignments without modifying
the permissions themselves.
On a large Active Directory network, you
might also consider the standard practice
of assigning the NTFS permissions to a
domain local group, placing the user
objects to receive the permissions in a
global (or universal) group, and making
the global group a member of a domain
local group.

Mapping Drives
After you have created the folders for each
user and assigned permissions to the
folders, the next step is to make sure that
users can access their folders.
Folder Redirection settings in Group Policy
to map each users Documents folder to his
or her home folder on the network share.
Another way to provide users with easy and
consistent access to their files is to map
drive letters to each users directories
using the Drive Maps feature in Group
Policy so that they can always find their
files in the same place using Windows
Explorer.

Creating Folder Shares

After you have devised a file sharing
strategy for your network, you can begin
to create the shares that enable users to
access your server drives.
Your file sharing strategy should include
the following information:
What folders you will share.
What names you will assign to the shares.
What permissions you will grant users to
the shares.
What Offline Files settings you will use for
the shares.

File Sharing Dialog Box

Share and Storage Management

Console

Share Folder Location Page

The NTFS Permissions Page

The NTFS Permissions Dialog Box

The Share Protocols Page

The SMB Settings Page

The Advanced Dialog Box

The Caching Tab

The SMB Permissions Page

The Share Permissions Dialog Box

The DFS Namespace Publishing Page

The Review Settings and Create Page

Distributed File System (DFS)

The Distributed File System (DFS)
implemented in the Windows Server 2008 File
Services role includes two technologies:
DFS Namespaces
DFS Replication
DFS address these problems and enable
administrators to do the following:
Simplify the process of locating files.
Control the amount of traffic passing over WAN
links.
Provide users at remote sites with local file
server access.
Configure the network to survive a WAN link
failure
Facilitate consistent backups.

DFS Namespace
DFS is a virtual namespace technology
that enables administrators to create a
single directory tree that contains
references to shared folders on various file
servers, all over the network.
This directory tree is virtual; it does not
exist as a true copy of the folders on
different servers.
Instead, it is a collection of references to
the original folders, which users can
browse as though it were an actual server
share.
The actual shared folders are referred to

DFS Namespace

Replicating Shares
The DFS Replication role service
performs these tasks.
DFS Replication is a multimaster
replication engine that can create
and maintain copies of shared folders
on different servers throughout an
enterprise network.

DFS Replication
DFS Replication service copies files
from one location to another.
However, DFS Replication also works
in tandem with DFS Namespace to
provide unified services:
Data distribution.
Load balancing.
Data collection.

Configuring DFS
Implementing DFS on a Windows
Server 2008 computer is more
complicated than simply installing
the File Services role and the
Distributed File System role services.
After the role and role services are in
place, you have to perform at least
some of the following configuration
tasks:
Create a namespace.
Add folders to the namespace.

The DFS Management Console

The Namespace Server Page

The Namespace Name and Settings

Page

The Edit Settings Dialog Box

The Namespace Type Page

The Review Settings

and Create Namespace Page

The New Folder Dialog Box

The Add Folder Target Dialog Box

The Browse for Shared Folders Dialog

Box

DFS Replication Groups

To enable replication for a DFS folder with
multiple targets, you must create a
replication group, which is a collection
of servers, known as members, each of
which contains a target for a particular
DFS folder.
In its simplest form, a folder with two
targets requires a replication group with
two members: the servers hosting the
targets.
At regular intervals, the DFS Replication
engine on the namespace server triggers
replication events between the two

DFS Replication Groups

DFS Replication need not be so simple,
however, because it is also highly scalable
and configurable.
A replication group can have up to 256
members, with 256 replicated folders, and
each server can be a member of up to 256
replication groups, with as many as 256
connections (128 incoming and 128
outgoing).
A member server can support up to one
terabyte of replicated files, with up to
eight million replicated files per volume.

Replication Groups

Replication Groups
No matter which topology you use, DFS
replication between two members is
always bidirectional by default.
This means that the Replicate Folder
Wizard always establishes two
connections, one in each direction,
between every pair of computers involved
in a replication relationship.
To create unidirectional replication
relationships, you can either disable
selected connections between the
members of a replication group in the DFS
Management console or use share
permissions to prevent the replication
process from updating files on certain

The Replication Group

and Replicated Folder Name Page

The Replication Eligibility Page

The Primary Member Page

The Topology Selection Page

The Replication Group Schedule

and Bandwidth Page

The Edit Schedule Dialog Box

File Server Resource Manager

Provides tools that enable file server
administrators to monitor and regulate
their server storage, by performing the
following tasks:

Establish quotas that limit the amount of

storage space allotted to each user.
Create screens that prevent users from
storing specific types of files on server
drives.
Create templates that simplify the process
of applying quotas and screens.
Automatically send email messages to
users and/or administrators when quotas
are exceeded or nearly exceeded.
Generate reports providing details of users

Quotas
In Windows Server 2008, a quota is simply
a limit on the disk space a user is
permitted to consume in a particular
volume or folder.
Quotas are based on file ownership.
Windows automatically makes a user the
owner of all files that he or she creates on
a server volume.
The quota system tracks all of the files
owned by each user and totals their sizes.
When the total size of a given users files
reaches the quota specified by the server
administrator, the system takes action,

Quotas
The actions the system takes when a user
approaches or reaches a quota are highly
configurable:
A hard quota prohibits users from
consuming any disk space beyond the
allotted amount.
A soft quota allows the user storage
space beyond the allotted amount and just
sends an email notification to the user
and/or administrator.
Administrators can also specify the
thresholds at which the system should send
notifications and configure the quota server
to generate event log entries and reports in

The File Server Resource Manager

Console

The Create Quota Template Dialog Box

The Email Message Tab

The Event Log Tab

The Comment Tab

The Report Tab

The Create Quota Dialog Box

File Screen
FSRM, in addition to creating storage
quotas, enables administrators to
create file screens, which prevent
users from storing specific types of
files on a server drive.

The Create File Screen Dialog Box

The Settings Tab of a File Screen

Properties

Storage Reports
FSRM can create the following
reports:
Duplicated Files
File Screening Audit
Files by File Group
Files by Owner
Large Files
Least Recently Accessed Files
Most Recently Accessed Files
Quota Usage

The Settings Tab of the Storage Reports

Task Properties Dialog Box

The Delivery Tab

The Schedule Dialog Box

Windows Print Architecture

Printing in Microsoft Windows
typically involves the following four
components:
Print device
Printer
Print Server
Print Driver

Windows Print Architecture

Direct Printing
The simplest print architecture
consists of one print device
connected to one computer, also
known as a locally attached print
device.
When you connect a print device
directly to a Windows Server 2008
computer and print from an
application running on that system,
the computer supplies the printer,
printer driver, and print server

Direct Printing

Locally Attached Printer Sharing

In addition to printing from an
application running on that
computer, you can also share the
printer (and the print device) with
other users on the same network.
In this arrangement, the computer
with the locally attached print device
functions as a print server.

Locally Attached Printer Sharing

Networked-Attached Printing
You can connect a print device directly to the
network.
Many print device models are equipped with
network interface adapters while others have
have expansion slots into which you can
install a network printing adapter, purchased
separately.
Finally, for print devices with no networking
capabilities, standalone network print servers
are available, which enable you to attach one
or more print devices and connect to the
network.
Print devices so equipped have their own IP
addresses and typically an embedded Web-

Network-Attached Print Device

Network-Attached Print Device

Print Services Role

When you install the Print Services
role using Server Managers Add
Roles Wizard, you can select from the
following role services:
Print Server
LPD Service
Internet Printing

Print Services Node in Server Manager

The Print Management Console

The Sharing Tab

The Additional Drivers Dialog Box

Deploying with Group Policy

The Browse for a Group

Policy Object Dialog Box

PushPrinterConnections.exe
Clients running earlier versions of
Windows, including Windows XP and
Windows Server 2003, do not support
automatic policy-based printer
deployments.
To enable the GPO to deploy printers on
these computers, you must configure the
systems to run a utility called
PushPrinterConnections.exe.
The most convenient way to do this is to
configure the same GPO you used for the
printer deployment to run the program

Fax Server
By installing the Fax Server role, you
enable a Windows Server 2008
computer to send and receive faxes
for clients.
The clients send their faxes using a
standard printer interface, which
connects to a fax server on the
network as easily as connecting to a
local fax modem.

Fax Server
The basic steps involved in setting up
a fax server are as follows:
Add the Fax Server role.
Add the Desktop Experience feature.
Share the fax printer.
Configure the fax device.
Configure incoming fax routing.
Designate fax users.

Fax Services Role

Installing the Fax Server role adds the Fax
Service Manager snap-in to the Server
Manager console. Using the Fax Service
Manager, administrators can perform the
following tasks:
View and configure fax devices, such as
modems.
Specify routing policies for inbound faxes.
Specify rules for outbound faxes.
Manage fax users.
Configure fax logging and archiving.

Desktop Experience Feature

The Fax Service Manager can
configure various fax server
functions, but it cannot actually send
outgoing faxes or view incoming
ones.
To send and view faxes, you must
use the Windows Fax and Scan
program.

Summary
The Distributed File System (DFS)
includes two technologies, DFS
Namespaces and DFS Replication,
that can simplify the process of
locating files, control the amount of
traffic passing over WAN links,
provide users at remote sites with
local file server access, configure the
network to survive a WAN link failure,
and facilitate consistent backups.

Summary
DFS is a virtual namespace
technology that enables you to
create a single directory tree that
contains references to shared folders
located on various file servers all
over the network.
DFS Replication works in tandem with
DFS Namespaces to provide unified
services such as data distribution,
load balancing, and data collection.

Summary
The File Server Resource Manager
console provides tools that enable
file server administrators to monitor
and regulate their server storage by
establishing quotas that limit the
amount of storage space allotted to
each user, creating screens that
prevent users from storing specific
types of files on server drives, and
generating reports providing details
of users storage activities.

Summary
Printing in Microsoft Windows
typically involves the following four
components: print device, printer,
print server, and print driver.
The simplest form of print
architecture consists of one print
device connected to one computer,
known as a locally attached print
device. You can share this printer
(and the print device) with other
users on the same network.

Summary
With network-attached print devices,
the administrators primary
deployment decision is which
computer will function as the print
server.
The Print Management snap-in for
MMC is an administrative tool that
consolidates the controls for the
printing components throughout the
enterprise into a single console.

Summary
Windows Server 2008 includes a Fax
Server role that enables users to
send faxes from and receive them to
their desktops.