27
Microsoft ® Official Course Module 10 Implementing File and Print Services

20410B_10

Tags:

Embed Size (px)

Citation preview

Module10

Module 10Implementing File and Print Services

Microsoft Official CoursePresentation: 60 minutesLab: 45 minutesAfter completing this module students will be able to:Secure files and folders.Protect shared files and folders by using shadow copies.Configure network printing.Required MaterialsTo teach this module, you need the Microsoft Office PowerPoint file 20410B_10.pptx.Important: It is recommended that you use Office PowerPoint 2007 or a newer version to display the slides for this course. If you use PowerPoint Viewer or an older version of Office PowerPoint, all the features of the slides might not display correctly.Preparation tasksTo prepare for this module:Read all of the materials for this module.Practice performing the demonstrations and the lab exercises.Work through the Module Review and Takeaways section, and determine how you will use this section to reinforce student learning and promote knowledge transfer to on-the-job performance.120410B10: Implementing File and Print ServicesModule OverviewSecuring Files and FoldersProtecting Shared Files and Folders by Using Shadow CopiesConfiguring Network PrintingProvide a brief overview of the module contents.220410B10: Implementing File and Print ServicesLesson 1: Securing Files and FoldersWhat Are NTFS Permissions?What Are Shared Folders?Permissions InheritanceEffective PermissionsWhat Is AccessBased Enumeration?What Are Offline Files?Demonstration: Creating and Configuring a Shared FolderBriefly describe the lesson content.320410B10: Implementing File and Print ServicesWhat Are NTFS Permissions?NTFS permissions control access for files and folders on NTFS-formatted storage volumesNTFS Permissions:Are configured for files or foldersCan be allowed or deniedAre inherited from parent foldersPermissions conflict precedence:1. Explicitly assigned Deny2. Explicitly assigned Allow3. Inherited Deny4. Inherited Allow

This topic introduces the key concepts regarding NTFS file sharing permissions. It also touches briefly on topics that you will be discussing later in this lesson (for example, permissions types and inheritance).First, identify specifically what NTFS permissions are, and how you assign them.The examples in the handbook may be useful in illustrating the basic concepts of NTFS permissions.Reinforce the precedence rules as listed in the student handbook:Explicit DenyExplicit AllowInherited DenyInherited Allow420410B10: Implementing File and Print ServicesWhat Are Shared Folders?Folders can be shared, but individual files cannotShared folders are folders that grant network access to their contentsAccessing a shared folder using the UNC path:\\LON-SVR1\Sales (standard share)\\LON-SVR1\Sales$ (hidden share)

Discuss why shared folders are both necessary and helpful.Explain that you can secure shared folders by assigning permissions. For example, mention that a best practice is to grant only Authenticated Users access to the share.520410B10: Implementing File and Print ServicesPermissions InheritanceBlocking inheritance:You can block permission inheritanceInheritance is used to manage access to resources without assigning explicit permissions to each objectYou can apply blocking at the file or folder levelYou can set blocking on a folder to propagate the new permissions to child objectsBy default, permissions are inherited in a parent/child relationshipExplain how parent and child permissions work. Use the whiteboard to draw a directory structure and show how permissions propagate downward.Discuss how inheritance is useful to manage a large number of objects.Explain how blocking clears the permissions from an object and the result of this action.Explain how blocking and propagating to child objects can create scalable management of a large number of objects.620410B10: Implementing File and Print ServicesEffective PermissionsWhen combining shared folder and NTFS permissions, the most restrictive permission is appliedBoth the share and the NTFS file and folder permissions must have the correct permissions, otherwise the user or group will be denied access to the resourceExample: If a user or group is given the shared folder permission of Read and the NTFS permission of Write, the user or group will only be able to read the file because it is the more restrictive permission.Describe the key aspects of effective NTFS permissions, and point students to the effective permissions tool.Relate the key points for accessing a shared folder, and discuss how shared folder and NTFS permissions apply.720410B10: Implementing File and Print ServicesWhat Is AccessBased Enumeration?Access-based enumeration allows an administrator to control the visibility of shared folders according to the permissions set on the shared folderAccess Based Enumeration is:Built into Windows Server 2012Available for shared foldersConfigurable on a per shared folder basisIntroduce accessbased enumeration as defined on the slide. Accessbased enumeration uses the permissions that are set on a shared folder to determine what files and folders are visible to the end user.Ensure that students understand that accessbased enumeration is applicable only on shared folders and only at the root of the share.Ensure students are familiar with the procedure to enable accessbased enumeration on a file share.820410B10: Implementing File and Print ServicesWhat Are Offline Files?Offline file settings allow a client computer to cache network files locally for offline use when they are disconnected from the networkOffline Settings window

Introduce the Offline file settings, and explain how they enable clients to maintain offline copies of files and folders that are located on a network share.Mention that offline file capabilities have been built into the Windows Server operating system since Windows Server 2003.You may also want to include the client compatibility list: Windows XP, Windows Vista, Windows 7, Windows 8, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012.Introduce Always Offline mode to students. Explain its primary purpose, and mention the Windows operating system versions that are compatible.920410B10: Implementing File and Print ServicesDemonstration: Creating and Configuring a Shared FolderIn this demonstration, you will see how to:Create a shared folderAssign permissions for the shared folderConfigure access-based enumerationConfigure offline files

Preparation StepsIf necessary, start the 20410BLONSVR1 and 20410BLONDC1 virtual machines.Demonstration StepsCreate a shared folderSign in to LONSVR1 as Adatum\Administrator with a password of Pa$$w0rd.On the taskbar, click the Windows Explorer icon.In Windows Explorer, in the navigation pane, click Allfiles (E:).On the menu toolbar, click Home, click New folder, type Data, and then press Enter.Rightclick the Data folder, and then click Properties.In the Data Properties dialog box, click the Sharing tab, and then click Advanced Sharing.In the Advanced Sharing window, select the Share this folder check box, and then click Permissions.Assign permissions for the shared folderIn the Permissions for Data window, click Add.Type Authenticated Users, click Check names, and then click OK.In the Permissions for Data window, click Authenticated Users, and then under Allow, select the Change permission check box.Click OK to close the Permissions for Data window.Click OK to close the Advanced Sharing window.Click Close to close the Data Properties dialog box.1020410B10: Implementing File and Print Services(More notes on the next slide)Configure accessbased enumerationOn the taskbar, click the Server Manager icon.In Server Manager, in the navigation pane, click File and Storage Services.On the File and Storage Services page, in the navigation pane, click Shares.In the Shares pane, rightclick Data, and then click Properties.In the Data Properties dialog box, click Settings, and then select the Enable accessbased enumeration check box.Click OK to close the Data Properties dialog box.Close Server Manager.Configure Offline FilesOn the taskbar, click the Windows Explorer icon.In Windows Explorer, navigate to drive E, rightclick the Data folder, and then click Properties.In the Data Properties dialog box, click the Sharing tab, click Advanced Sharing, and then click Caching.In the Offline Settings window, select No files or programs from the shared folder are available offline, and then click OK.Click OK to close the Advanced Sharing window.Click Close to close the Data Properties dialog box.Note: Leave all virtual machines in their current state for the subsequent demonstration.1120410B10: Implementing File and Print ServicesLesson 2: Protecting Shared Files and Folders by Using Shadow CopiesWhat Are Shadow Copies?Considerations for Scheduling Shadow CopiesRestoring Data from a Shadow CopyDemonstration: Restoring Data from a Shadow CopyProvide a brief overview of the lesson content.1220410B10: Implementing File and Print ServicesWhat Are Shadow Copies?Allow access to previous versions of filesAre based on tracking disk changesDisk space is allocated on the same volumeWhen the space is full, older shadow copies are removedAre not a replacement for backupsAre not suitable for recovering databases

Describe how shadow copies are based on disk changes rather than copies of files. This is an important distinction between shadow copies and backups.Some students might be concerned about using too much disk space for shadow copies. However, this should not be a concern because you can control the amount of disk space allocated for shadow copies.Ensure that students understand why shadow copies are not a suitable replacement for backups, and are not suitable for recovering databases.1320410B10: Implementing File and Print ServicesConsiderations for Scheduling Shadow Copies

Default schedule is 7:00 A.M. and noonCreate a shadow copy schedule based on:Capacity of serverFrequency of changesImportance of changesDiscuss the default schedule, and whether it is suitable for students organizations. For most organizations, the default schedule is acceptable and provides a better ability to restore accidentally deleted or modified files than a server backup provides.1420410B10: Implementing File and Print ServicesRestoring Data from a Shadow CopyPrevious versions are accessible from the Properties dialog box of a file or folderAdministrators can restore previous versions directly on the serverUsers can restore previous versions over the networkAll users can:Restore a file or folderBrowse previous versions to select the correct oneCopy a file or folder to an alternate location

It is important the students understand the general process involved in restoring a previous version. You access previous versions from the Properties dialog box of a file or folder. Administrators can do this directly on the file server, but users can also perform this over the network.1520410B10: Implementing File and Print ServicesDemonstration: Restoring Data from a Shadow CopyIn this demonstration, you will see how to:Configure shadow copiesCreate a new fileCreate a shadow copyModify the fileRestore the previous version

Preparation StepsYou will need the 20410BLONSVR1 and 20410BLONDC1 virtual machines to complete this demonstration. They should already be running after the preceding demonstration.Demonstration StepsConfigure shadow copiesOn LONSVR1, on the taskbar, click the Windows Explorer icon.In Windows Explorer, rightclick Local Disk (C:), and then click Configure Shadow Copies.In the Shadow Copies window, click C:\, and then click Enable.In the Enable Shadow Copies window, click Yes.Click OK.Create a new fileIn Windows Explorer, browse to drive C, and then click New folder.In the Name field, type Data, and then press Enter.Browse to the Data folder on drive C.In the Data folder, rightclick an open area, point to New, and then click Text Document.In the Name field, type TestFile, and then press Enter.Doubleclick TestFile.txt to open the document.In Notepad, type Version 1.Close Notepad, and click Save to save the changes.1620410B10: Implementing File and Print Services(More notes on the next slide)Create a shadow copyIn Windows Explorer, rightclick Local Disk (C:), and then click Configure Shadow Copies.In the Shadow Copies window, click Create Now.When the shadow copy is complete, click OK.Modify the fileIn Windows Explorer, doubleclick TestFile.txt.In Notepad, type Version 2.Close Notepad, and click Save to save the changes.Restore the previous versionIn Windows Explorer, in the Data folder, rightclick TestFile.txt, and then click Restore previous versions.In the TestFile.txt Properties dialog box, on the Previous Versions tab, click the most recent file version, and then click Restore.In the warning window, click Restore.Click OK to close the success message.Click OK to close the TestFile.txt Properties dialog box.Doubleclick TestFile.txt to open the document, and verify that the previous version is restored.Close all open windows.Note: Leave all virtual machines in their current state for the subsequent demonstration.1720410B10: Implementing File and Print ServicesLesson 3: Configuring Network PrintingBenefits of Network PrintingWhat Is Enhanced Point and Print?Security Options for Network PrintingDemonstration: Creating Multiple Configurations for a Print DeviceWhat Is Printer Pooling?What Is Branch Office Direct Printing?Deploying Printers to ClientsBriefly describe the lesson content.1820410B10: Implementing File and Print ServicesBenefits of Network PrintingSimplified troubleshootingLower total cost of ownershipCentralized managementListing in AD DS

The intent of this topic is to introduce the rest of the lesson, which in subsequent topics will discuss network printing in more detail.1920410B10: Implementing File and Print ServicesWhat Is Enhanced Point and Print?Enhanced Point and Print uses the v4 driver model to provide a simplified management structure for network printer driversEnhanced Point and Print provides the following benefits:Print servers do not need to store client print driversDriver files are isolated, preventing file naming conflictsA single driver can support multiple devicesDriver packages are smaller and install fasterThe print driver and the printer user interface can be deployed independentlyIntroduce Enhanced Point and Print, emphasizing that is not so much an implemented feature as it is a by-product of the new version 4 (v4) driver model.Introduce the differences between version 3 (v3) and v4 drivers, and illustrate the benefits of using v4 drivers, especially for network print devices that are hosted by a Windows Server 2012 print server.2020410B10: Implementing File and Print ServicesSecurity Options for Network PrintingThe available permissions are:PrintManage this printerManage documentsThe default security allows everyone to:PrintManage their own print jobs

In most cases, default permission are acceptable for printers. However, some organizations might want to restrict printing to specific printerssuch as printers with high consumable costs, printers that print checks, or printers that are used to print highly confidential materials (for example, in a human resources or a legal department).2120410B10: Implementing File and Print ServicesDemonstration: Creating Multiple Configurations for a Print DeviceIn this demonstration, you will see how to:Create a shared printerCreate a second shared printer using the same portIncrease printing priority for a high priority print queue

Preparation StepsYou will need the 20410BLONSVR1 and 20410BLONDC1 virtual machines to complete this demonstration. They should already be running after the preceding demonstration.Demonstration StepsCreate a shared printerOn LONSVR1, point to the bottom left of the screen, and click the Start charm.In the Start box, type Devices, click Settings, and then click Devices and Printers.In the Devices and Printers window, click Add a printer.In the Add Printer window, click The printer that I want isnt listed. If any printers have been discovered on the network, they will usually appear in the printer list.Click Add a local printer or network printer with manual settings, and then click Next. Other connections options are also available in this window.Click Use an existing port, ensure that LPT1: (Printer Port) is selected, and then click Next. Other ports can be created manually here, including TCP/IP, for networkconnected printers.Leave the driver choice as the default, and then click Next.Change the printer name to AllUsers, and then click Next to finish the printer installation.On the Printer Sharing page, ensure that the printer is shared, and then click Next.Click Finish to close the Add Printer Wizard.Create a second shared printer using the same portIn the Devices and Printers window, click Add a printer.In the Add Printer window, click The printer that I want isnt listed.In the Add Printer window, click Add a local printer or network printer with manual settings, and then click Next.2220410B10: Implementing File and Print Services(More notes on the next slide)On the Choose a printer port page, click Next. This is the same port as was selected for the printer created in the previous task.On the Install the printer driver page, click Next to accept the default selection.This is the same printer driver as was used for the printer created in the previous task.On the Which version of the driver do you want to use page, click Next to reuse the same printer driver.On the Type a printer name page, in the Printer name text box, type Executives, and then click Next.On the Printer Sharing page, click Next to share the printer with the default settings.On the Youve successfully added Executives page, click Finish.In the Devices and Printers window, review the list of devices. Notice that only the Executives printer displays.Increase printing priority for a high priority print queueIn the Devices and Printers window, rightclick Executives, point to Printer properties, and then click Executives.On the Advanced tab, in the Priority box, type 10, and then click OK.Now jobs that are submitted to the Executives printer have higher priority that those submitted to the AllUsers printer, and will be printed first.2320410B10: Implementing File and Print ServicesWhat Is Printer Pooling?Printer pooling combines multiple physical printers into a single logical unitA printer pool:Increases availability and scalabilityRequires that all printers use the same driverRequires that all printers are in the same location

Printer pooling is often overlooked. Explain to students why it is beneficialespecially if there are capacity concerns about printing. Explain how printer pooling differs from just having multiple printers, because with printer pooling, other printers are made available automatically. A user does not have to look for a printer that is not busy, and then select it before printing.2420410B10: Implementing File and Print ServicesWhat Is Branch Office Direct Printing?Branch OfficeBranch Office Direct Printing enables client computers to print directly to network printers that are shared on a print server

Print requestPrint redirectPrint jobClient computerManaged PrinterPrint ServerMain OfficeIntroduce Branch Office Direct Printing and the methods for enabling it.Ensure that students understand the difference between printer pooling and Branch Office Direct Printing.2520410B10: Implementing File and Print ServicesDeploying Printers to ClientsYou can deploy printers to clients by using:GPO created by Print ManagementManual installationGroup Policy preferences

Some students may be unfamiliar with the options to deploy printers using Group Policy preferences or Group Policy Objects (GPOs) created by Print Management. Spend some extra time discussing these if students are interested.2620410B10: Implementing File and Print ServicesLab: Implementing File and Print ServicesExercise 1: Creating and Configuring a File ShareExercise 2: Configuring Shadow CopiesExercise 3: Creating and Configuring a Printer PoolLogon Information Virtual machines20410BLONCL120410BLONDC120410BLONSVRUser name Adatum\AdministratorPasswordPa$$w0rdEstimated Time: 45 minutesBefore the students begin the lab, read the lab scenario and display the next slide. Before each exercise, read the scenario associated with the exercise to the class. The scenarios will give context to the lab and exercises, and will help to facilitate the discussion at the end of the lab. Remind the students to complete the discussion questions after the last lab exercise.Exercise 1: Creating and Configuring a File ShareYour manager has asked you to create a new shared folder for use by all departments. There will be a single file share with separate folders for each department. To ensure that users only see files to which they have access, you need to enable accessbased enumeration on the share.There have been problems in other branch offices with conflicts when offline files are used for shared data structures. To avoid conflicts, you need to disable Offline Files for this share.Exercise 2: Configuring Shadow CopiesA. Datum Corporation stores daily backups offsite for disaster recovery. Every morning the backup from the previous night is taken offsite. To recover a file from backup requires the backup tapes to be shipped back onsite. The overall time to recover a file from backup can be a day or more.Your manager has asked you to ensure that shadow copies are enabled on the file server so you can restore recently modified or deleted files without using a backup tape. Because the data in this branch office changes frequently, you have been asked to configure a shadow copy to be created once per hour.Exercise 3: Creating and Configuring a Printer PoolYour manager has asked you to create a new shared printer for your branch office. However, instead of creating the shared printer on the local server in the branch office, he has asked you to create the shared printer in the head office and use Branch Office Direct Printing. This allows the printer to be managed in the head office, but prevents print jobs from traversing WAN links.To ensure high availability of this printer, you need to format it as a pooled printer. Two physical print devices of the same model have been installed in the branch office for this purpose.2720410B10: Implementing File and Print ServicesLab ScenarioYour manager has recently asked you to configure file and print services for the branch office. This requires you to configure a new shared folder that will be used by multiple departments, configure shadow copies on the file servers, and configure a printer pool.2820410B10: Implementing File and Print ServicesLab ReviewHow does implementing access-based enumeration benefit the users of the Data shared folder in this lab?Is there another way you could recover the file in the shadow copy exercise? What benefit do shadow copies provide in comparison?In Exercise 3, how could you configure Branch Office Direct Printing if you were in a remote location and did not have access to the Windows Server 2012 GUI for the print server?QuestionHow does implementing accessbased enumeration benefit the users of the Data shared folder in this lab?AnswerWith accessbased enumeration, users see only the folders for their department, which creates a more streamlined navigation experience. It also makes for a more secure network browsing experience, as users are unaware of other folders and files that exist in the directory tree to which they have not been granted access.QuestionIs there another way you could recover the file in the shadow copy exercise? What benefit do shadow copies provide in comparison?AnswerWithin the lab itself, the user could recover the file from the Recycle Bin. However, in a real-world scenario, if the Recycle Bin has been emptied, or if the file has been changed more than once, then the file cannot be recovered using this method.In comparison, shadow copies maintain multiple, persistent copies of modified files that can be recovered by an administrator or by an end user.QuestionIn Exercise 3, how could you configure Branch Office Direct Printing if you were in a remote location and did not have access to the Windows Server 2012 GUI for the print server?AnswerYou could configure Branch Office Direct Printing by connecting remotely using Windows PowerShell from a Windows 8 or Windows Server 2012 computer. Then, you could use the SetPrinter cmdlet to change the configuration.2920410B10: Implementing File and Print ServicesModule Review and TakeawaysReview QuestionsToolsReview QuestionsQuestionHow does inheritance affect explicitly assigned permissions on a file?AnswerWhile inherited permissions accumulate with explicit permissions, explicitly assigned permissions always supersede inherited permissions.QuestionWhy should you not use shadow copies as a means for data backup?AnswerWhile shadow copies can store copies of files and protect against issues like accidental deletion, they are still reliant on the local files system and Windows Server 2012 for their functionality. Hard drive corruption, or destruction of the local machine renders shadow copies useless in a disaster recovery situation.QuestionIn which scenarios could Branch Office Direct Printing be beneficial?AnswerBranch Office Direct Printing is typically best used when the wide area network (WAN) connection between a printer and a print server is slow or unreliable. When clients are located in the same physical location as the printer, and they use Branch Office Direct Printing, time to print is decreased and network bandwidth use is reduced because print jobs are sent from the client computer directly to the printer and not to the central server and then back to the branch office printer.

3020410B10: Implementing File and Print Services(More notes on the next slide)Tools

3120410B10: Implementing File and Print ServicesName of toolUsed forWhere to find itEffective Permissions ToolAssessing combined permissions for a file, folder, or shared folder.Under Advanced, on the Security tab of the Properties dialog box of a file, folder or shared folder.Net use commandline toolConfiguring Windows Server 2012 networking components.Command Prompt window.Print Management consoleManaging the print environment in Windows Server 2012.The Tools menu in Server Manager.


One Flew Over the Cuckoo's Nest

One Flew Over the Cuckoo's Nest

Documents
Disclaimer

Disclaimer

Documents
Improve the Color Quality Of Your Monitor

Improve the Color Quality Of Your Monitor

Documents
How Computer Keyboards Work

How Computer Keyboards Work

Documents
Heidegger Kritik

Heidegger Kritik

Documents
Personality Development

Personality Development

Documents
Explore The Levels of Creation

Explore The Levels of Creation

Documents
Chapter-01

Chapter-01

Documents
I Am a Holocaust Denier and I Am Unafraid

I Am a Holocaust Denier and I Am Unafraid

Documents
Who Killed God

Who Killed God

Documents
Plato - Symposium

Plato - Symposium

Documents
How Computer Monitors Work

How Computer Monitors Work

Documents
xCDC14a

xCDC14a

Documents
The Last Carnival I Ever Saw

The Last Carnival I Ever Saw

Documents
Barclays1

Barclays1

Documents
Do you admire Leonardo da Vinci?

Do you admire Leonardo da Vinci?

Documents
The Dutch Republic In International Trade

The Dutch Republic In International Trade

Documents
Oedipus The King: The Ideal Tragic Play

Oedipus The King: The Ideal Tragic Play

Documents
Algorithms

Algorithms

Documents
Tragic Heroes

Tragic Heroes

Documents
Chapter 23

Chapter 23

Documents
Aesops Fables

Aesops Fables

Documents
Keyboard Shortcuts for the Opera Browser for Mac OS X

Keyboard Shortcuts for the Opera Browser for Mac OS X

Documents
Acetone Peroxide

Acetone Peroxide

Documents
Physical Modelling Synthesis Overview

Physical Modelling Synthesis Overview

Documents
Steve Jobs' Commencement Speech at Stanford

Steve Jobs' Commencement Speech at Stanford

Documents
Daniel Zanella and Alexander Weygers

Daniel Zanella and Alexander Weygers

Documents
Star Wars Trivia!

Star Wars Trivia!

Documents
Introduction to Six Sigma

Introduction to Six Sigma

Documents
Effective Parenting: Establishing Boundaries

Effective Parenting: Establishing Boundaries

Documents