You
learned that the Windows printer model is best leveraged when a logical
printer is created to support a physical device—either directly attached
to the computer or attached to the network—and when that logical
printer is shared to printer clients. That logical printer on the print
server becomes a central point of configuration and management. The
drivers that you install on the printer are downloaded automatically by
Windows clients, and the settings you configure for the printer are
distributed as the settings for each of the printer’s clients.
This lesson
takes this virtualization of printers as logical devices to the next
level. After examining printer properties, including printer security,
you will learn how to create printer pools to provide faster turnaround
for client print jobs. You will also learn how to make better use of
your printers by creating more than one logical printer for a device to
configure, manage, or monitor print jobs or printer usage more
effectively. Finally, you will learn how to manage Active Directory
printer objects and Internet printing.
Managing Printer Properties
Printers and
print jobs are managed from their properties dialog boxes. These
properties dialog boxes can be accessed from the Printers And Faxes
folder. Right-click a printer and select Properties to configure a
printer. Double-click a printer and, in the print queue, right-click a
print job and choose Properties to configure a print job. The initial
properties of a print job are inherited from the properties of the
printer itself. But a print job’s default properties can be modified
independently of the printer’s.
Controlling Printer Security
Windows Server 2003
allows you to control printer usage and administration by assigning
permissions through the Security tab of the printer’s Properties dialog
box. You can assign permissions to control who can use a printer and who
can administer the printer or documents processed by the printer. A
typical printer Security tab of a printer’s Properties dialog box is
shown in Figure 1.
You
can use a printer’s access control list (ACL) to restrict usage of a
printer and to delegate administration of a printer to users who are not
otherwise administrators. Windows Server 2003 provides three levels of
printer permissions: Print, Manage Printers, and Manage Documents.
By default, the
Print permission is assigned to the Everyone group. Choosing this
permission allows all users to send documents to the printer. To
restrict printer usage, remove this permission and assign Allow Print
permission to other groups or individual users. Alternatively, you can
deny Print permission to groups or users. As with file system ACLs,
denied permissions override allowed permissions. Also, like file system
ACLs, it is best practice to restrict access by assigning allow
permissions to a more restricted group of users rather than granting
permissions to a broader group and then having to manage access by
assigning additional deny permissions.
The Manage Documents
permission provides the ability to cancel, pause, resume, or restart a
print job. The Creator Owner group is allowed Manage Documents
permission. Because a permission assigned to Creator Owner is inherited
by the user that creates an object, this permission enables a user to
cancel, pause, resume, or restart a print job that he or she has
created. The Administrators, Print Operators and Server Operators groups
are also allowed the Manage Documents permission, which means they can
cancel, pause, resume, or restart any
document in the print queue. Those three groups are also assigned the
Allow Manage Printers permission, which enables them to modify printer
settings and configuration, including the ACL itself.
Tip
If
a printer’s security is not a major concern, you can delegate
administration of the printer by assigning a group, such as the Printer Users group, Manage Documents, or even Manage Printers permission. |
Assigning Forms to Paper Trays
If a print device
has multiple trays that regularly hold different paper sizes, you can
assign a form to a specific tray. A form defines a paper size. When
users print a document of a particular paper size, Windows Server 2003
automatically routes the print job to the paper tray that holds the
correct form. Examples of forms include Legal, Letter, A4, Envelope, and
Executive.
To assign a form to a paper tray, select the Device Settings tab of the printer’s Properties dialog box, as shown in Figure 2.
The number of trays shown in the Form To Tray Assignment section
obviously depends on the type of printer you have installed, and the
number of trays it supports. Further down the Device Settings tree are
settings to indicate the installation state of printer options, such as
additional paper trays, paper handling units, fonts, and printer memory.
Print Job Defaults
The
General tab of the printer’s Properties dialog box includes a Printing
Preferences button, and the Advanced tab includes a Printing Defaults
button. Both of these buttons display a dialog box that lets you control
the manner in which jobs are printed by the logical printer, including
page orientation (portrait or landscape), double-sided printing (if
supported), paper source, resolution, and other document settings. These
dialog boxes are identical to each other, and are also identical to the
dialog box a user receives when clicking Properties in a Print dialog
box.
Why are there three
print job Properties dialog boxes? The Printing Defaults dialog box
configures default settings for all users of the logical printer. If the
printer is shared, its printing defaults become the default properties
for all printers connected from clients to the shared printer. The
Printing Preferences dialog box configures the user-specific, personal
preferences for a printer. Any settings in the Printing Preferences
dialog box override printing defaults. The Properties dialog box that
can be accessed by clicking Properties in a Print dialog box configures
the properties for the specific job that is printed. Those properties
will override both printing defaults and printing preferences. This
triad of print job property sets allows administrators to configure a
printer centrally, by setting printing defaults on the shared logical
printer, and allows flexibility and decentralized configuration by users
or on a document-by-document basis.
Printer Schedule
The Advanced tab of a printer’s Properties dialog box, as shown in Figure 3,
allows you to configure numerous additional settings that drive the
behavior of the logical printer, its print processor and spool. Among
the more useful and interesting setting is printer’s schedule.
The
logical printer’s schedule determines when a job is released from the
spool, or queue, and sent to the printer itself. A user with Allow Print
permission can send a job to the printer at any time, but the job will
be held until the printer’s schedule allows it to be directed to the
printer’s port. Such a configuration is not appropriate for normal,
day-to-day printers. However a schedule is invaluable for situations in
which users are printing large jobs, and you want those jobs to print
after hours, or during periods of low use. By configuring a printer’s
schedule to be available during night hours, users can send the job to
the printer during the day, the printer will complete the jobs
overnight, and the users can pick up those printing jobs the next
morning.
Tip
When
you set up a printer pool, place the print devices in the same physical
location so that users can easily locate their documents. When users
print to a printer pool, there is no way to know which individual
printer actually printed the job. |
Setting Up a Printer Pool
A printer pool
is one logical printer that supports multiple physical printers, either
attached to the server, attached to the network, or a combination
thereof. When you create a printer pool, users’ documents are sent to
the first available printer—the logical printer representing the pool
automatically checks for an available port.
Printer pooling is
configured from the Ports tab of the printer’s Properties dialog box. To
set up printer pooling, select the Enable Printer Pooling check box,
and then select or add the ports containing print devices that will be
part of the pool. Figure 4 shows a printer pool connected to three network-attached printers.
Configuring Multiple Logical Printers for a Single Printer
Although a printer pool
is a single logical printer that supports multiple ports, or printers,
the reverse structure is more common and more powerful: multiple logical
printers supporting a single port, or printer. By creating more than
one logical printer directing jobs to the same physical printer, you can
configure different properties, printing defaults, security settings,
auditing, and monitoring for each logical printer.
For example, you might
want to allow executives at Contoso Ltd. to print jobs immediately,
bypassing documents that are being printed by other users. To do so, you
can create a second logical printer directing to the same port (the
same physical printer) as the other users, but with a higher priority.
Use the Add Printer
Wizard to generate an additional logical printer. To achieve a multiple
logical printer-single port structure, additional printers use the same
port as an existing logical printer. The printer name and share name
are unique. After the new printer has been added, open its properties
and configure the drivers, ACL, printing defaults, and other settings of
the new logical printer.
To configure high priority
for the new logical printer, click the Advanced tab and set the
priority, in the range of 1 (lowest) to 99 (highest). Assuming that you
assigned 99 to the executives’ logical printer, and 1 to the printer
used by all users, documents sent to the executives’ printer will print
before documents queued in the users’ printer. An executive’s document
will not interrupt a user’s print job. However, when the printer is
free, it will accept jobs from the higher-priority printer before
accepting jobs from the lower-priority printer. To prevent users from
printing to the executives’ printer, configure its ACL and remove the
print permission assigned to the Everyone group, and instead allow only
the executives’ security group print permission.
Windows Server 2003 Printer Integration with Active Directory
The print
subsystem of Windows Server 2003 is tightly integrated with Active
Directory, making it easy for users and administrators to search for and
connect to printers throughout an enterprise. All required interaction
between printers and Active Directory is configured, by default, to work
without administrative intervention. You only need to make changes if
the default behavior is not acceptable.
When
a logical printer is added to a Windows Server 2003 print server, the
printer is automatically published to Active Directory. The print server
creates a printQueue object and populates its properties based on the
driver and settings of the logical printer.
Off the Record
The
printer objects are not easy to find in Active Directory Users and
Computers. You must use the Find Objects In Active Directory button on
the MMC toolbar or select View Users, Groups, And Computers As
Containers from the View menu, at which point printer objects will
become visible inside the printer server. The print is placed in the
print server’s computer object in the Active Directory service. The
object can be moved to any OU. |
When any change occurs in
the printer’s configuration, the Active Directory printer object is
updated. All the configuration information is sent again to the Active
Directory store even if some of it has remained unchanged.
Planning
Creation
and updating of printer objects happens relatively quickly, but objects
and attributes must be replicated before they affect the results of a
Find Printers operation from a client. Replication latency depends on
the size of your enterprise, and your replication topology. |
If a print server disappears
from the network, its printer object is removed from the Active
Directory. The printer Pruner service confirms the existence of shared
printers represented in Active Directory by contacting the shared
printer every eight hours. A printer object will be pruned if the
service is unable to contact the printer two times in a row. This might
occur if a print server is taken offline. It will happen regularly if
printers are shared on Windows 2000 or Windows XP workstations that are
shut off overnight or on weekends. However, a print server will recreate
the printer objects for its printers when the machine starts, or when
the spooler service is restarted. So, again, administrative intervention
is not required.
Publishing Windows Printers
Printers that are added
by using the Add Printer Wizard are published by default. The Add
Printer Wizard does not allow you to prevent the printer from being
published to the Active Directory service when you install or add a
printer.
If you want to re-publish a printer (for example, after updating its name or other properties), or if you do not
want a shared printer published in Active Directory, open the printer’s
Properties dialog box, click the Sharing tab, and select or clear the
List In The Directory check box.
Note
A
printer connected to a local port is likely to be detected and
installed automatically by Plug And Play. In this case, you must share
and publish the printer manually using the Sharing tab. |
Logical printers that
are shared on computers running Windows NT 4 or Windows NT 3.51 are not
published automatically, but can be manually published using the Active
Directory Users And Computers MMC console. Simply right-click the OU or
other container in which you want to create the printer and choose New
Printer.
Planning
You
should add only printer objects that map to printers on pre-Windows
2000 computers. Do not add printer objects for printers on computers
running Windows 2000 or later; allow those printers to publish
themselves automatically. |
Manually Configuring Printer Publishing Behavior
All the default
system behaviors described above can be modified using local or group
policy. Printer policies are located in the Computer Configuration node,
under Administrative Templates. For a description of each of these
policies, open the Properties dialog box for a specific policy and click
the Explain tab.
Printer Location Tracking
Printer location
tracking is a feature, disabled by default, that significantly eases a
user’s search for a printer in a large enterprise by pre-populating the
Location box of the Find Printers dialog box, so that the result set
will automatically be filtered to list printers in geographic proximity
to the user.
To prepare for printer location tracking, you must have one or more sites or
one or more subnets. Site and subnet objects are created and maintained
using the Active Directory Sites And Services MMC snap-in or console.
You must also configure the Location tab of the site or subnet
Properties dialog box using a naming convention that creates a hierarchy
of locations, separated by slashes. For example, the location USA/
NYC/1802Americas/42/B might refer to a building at 1802 Avenue of the
Americas in Manhattan, on the 42nd floor in Area B. A location may span
more than one subnet, or more than one site.
You must then enable printer location tracking using the Pre-Populate Printer Search Location Text policy.
Active
Directory is able to identify a computer’s site or subnet affiliation
based on the computer’s IP address. When the Find Printers dialog box is
invoked, the computer’s location, as defined in its corresponding site
or subnet object, will be automatically placed in the Location box. A
Browse button will also appear, enabling a user to browse the location
hierarchy for printers in other locations.
This
powerful feature simplifies printer administration and setup
considerably. However, it obviously requires careful planning on the
back end to ensure that all subnets are defined, and that a reasonable,
hierarchical location naming convention has been applied consistently.
More information about this feature is available in the online Help and
Support Center.
Internet Printing
Windows Server 2003
supports an additional set of functionality through the Internet
Printing Protocol (IPP), which enables users to connect to printers and
send print jobs over encapsulated Hypertext Transfer Protocol (HTTP).
Internet printing also gives administrators the option to manage and
configure printers using any variety of Internet browsers and platforms.
Setting Up Internet Printing
Internet printing is
not installed or enabled by default in Windows Server 2003. You must
install Internet Information Services (IIS).
Internet printing is available for installation when you install IIS.
To install Internet printing, perform the following steps:
1. | Open Add/Remove Programs in Control Panel and click Add/Remove Windows Components.
|
2. | Select Application Server and click Details.
|
3. | Select Internet Information Services (IIS) and click Details.
|
4. | Select Internet Printing.
|
Once IIS and
Internet printing are installed, you can disable or enable the feature
using the IIS snap-in or console. Expand the server’s node and click Web
Service Extensions. In the details pane, select Internet Printing, and
click Prohibit or Allow.
Internet printing creates a Printers virtual directory under the Default Web site. This virtual directory points to %Systemroot%\Web\Printers.
The printer site is accessed using Microsoft Internet Explorer 4.01 and
later by typing the address of the print server in the Address box
followed by the Printers virtual directory name. For example, to access
the Internet printing page for Server01, type http://Server01/printers/.
Note
You can configure authentication and access security for Internet printing using the virtual directory’s Properties dialog box. |
Using and Managing Internet Printers
You can connect to http://printserver/printers
to view all printers on the print server. After locating the desired
printer and clicking it, a Web page for that printer is displayed.
As a shortcut, if you
know the exact name of the printer to which you want to connect, type
the address of the printer using the following format:
http://printserver/printersharename/
Once the printer’s
Web page is displayed, you can connect to or manage the printer,
assuming you have been allowed appropriate security permissions. When
you click Connect on the printer’s Web page, the server generates a .cab
file that contains the appropriate printer driver files and downloads
the .cab file to the client computer. The printer that is installed is
displayed in the Printers folder on the client. The printer can then be
used and managed from the Printers And Faxes folder like any other
printer. Using a Web browser to manage printers has several advantages:
It
allows you to administer printers from any computer running a Web
browser, regardless of whether the computer is running Windows Server
2003 or has the correct printer drivers installed.
It
allows you to customize the interface. For example, you can create your
own Web page containing a floor plan with the locations of the printers
and the links to the printers.
It provides a summary page listing the status of all printers on a print server.
Internet
printing can report real-time print device data, such as whether the
print device is in power-saving mode, if the printer driver makes such
information available. This information is not available from the
Printers And Faxes window.
Practice: Advanced Printer Configuration and Management
In this practice,
you will configure printer pooling and configure a second logical
printer to a single network-attached printer.
Exercise 1: Configure Printer Pooling
1. | From the Printers And Faxes window, create a new printer.
|
2. | Open the properties of PrinterPool.
|
3. | |
4. | Select the Enable Printer Pooling check box, and then click the check box next to the port IP_10.0.0.51.
|
5. | Click Apply. Both network ports are now selected.
Will users sending print jobs to HPLJ8100 benefit from printer pooling?
No. Printer pooling was configured for the shared printer named
PrinterPool. Print jobs sent to PrinterPool can print to the printers at
10.0.0.51 and 10.0.0.52. Print jobs sent to HPLJ8100 can print only to
the printer at 10.0.0.51.
|
Exercise 2: Configure Multiple Logical Printers for a Single Printer
1. | From the Printers And Faxes window, create a new printer.
|
2. | Open the properties of PriorityPrinter.
|
3. | Click the Advanced tab.
|
4. | Set the Priority to 99 (highest).
|
Exercise 3: Examine Active Directory Printer Objects
1. | Open Active Directory Users And Computers.
|
2. | From the View menu, select Users, Groups, And Computers As Containers.
|
3. | Expand the Domain Controllers OU. Note that Server01 appears as a subcontainer.
|
4. | Select Server01 in the tree.
The printer objects appear in the details pane. If objects do
not appear for the printers you created in Exercises 1 and 2, wait a few
minutes. The print server may take a moment to publish its printers to
Active Directory. You may need to press F5 (refresh) to see the printer
objects once they are published.
|
5. | Open the properties of the PriorityPrinter object.
Note the differences between the properties that are published
to Active Directory and the properties that you would see for the
printer in the Printers And Faxes folder. Active Directory maintains a
more limited number of properties—the properties that are most likely to
be used in a search for a printer. Note also that changing a property
in Active Directory does not change the property of the printer; but
changing a property of the printer will, eventually, update the
corresponding property in the Active Directory printer object.
|
