Module 10

Configuring and
Troubleshooting Network
File and Print Services
Module Overview
• Configuring and Troubleshooting File Shares

• Encrypting Network Files with EFS

• Encrypting Partitions with BitLocker

• Configuring and Troubleshooting Network Printing

Lesson 1: Configuring and Troubleshooting
File Shares
• What Is a File Share?

• Demonstration: How to Create a File Share

• What Are NTFS Permissions?

• Demonstration: How to Configure NTFS Permissions

• Troubleshooting Network File Access Permissions

• What Is Access-Based Enumeration?

• File Access Enhancements in Windows Server 2008

What Is a File Share?

A file share is a folder on a server that has been configured

for access over the network

• File share permissions are:

• Full Control
• Change
• Read

• Access file shares by using:

• A UNC path
• Mapped drive letter
Demonstration: How to Create a File Share
This demonstration shows how to:
• Create a file share by using simplified interface

• Create a file share by using advanced sharing

• Configure advanced sharing for a file share

 What Are NTFS Permissions?

NTFS permissions control which users or groups can access or

modify files and folders on NTFS formatted partitions

The basic NTFS permissions are:

• Full Control

• Modify

• Read & Execute

• List folder contents

• Read

• Write
Demonstration: How to Configure NTFS Permissions
This demonstration shows how to:
• Configure NTFS permissions

• View advanced NTFS permissions

• View inherited permissions

Troubleshooting Network File Access Permissions

The troubleshooting steps are:

• Check effective NTFS permissions

• Deny permission overrides allow permission

• Verify share permissions

• Assigning Full Control to the Everyone group
simplifies permission assignment
What Is Access-Based Enumeration?

Access-based enumeration:

• Hides files and folder that you do not have read access to

• Simplifies file browsing for users

• Is enabled automatically when sharing is enabled using

the simplified sharing interface

• Can be enabled and disabled in Share and

Storage Management
File Access Enhancements in Windows Server 2008
Windows Server 2008 includes SMB 2.0:

• Enhances performance over slow networks

• Combines multiple commands into a single request

• Allows larger reads and writes

Windows Server 2008 R2 includes SMB 2.1:

• Client oplock leasing

• Large MTU support

• Better support for sleep modes

Lesson 2: Encrypting Network Files with EFS
• What Is Encrypting File System?

• How EFS Works

• Recovering EFS Encrypted Files

• Demonstration: How to Encrypt a File by Using EFS

What Is Encrypting File System?

• EFS is a feature that can encrypt files stored on an

NTFS formatted partition

• EFS Encryption acts as an additional layer of security

• EFS can be used with no configuration

How EFS works

• Symmetric encryption is used to protect the file data

• File Encryption Key (FEK)

• Public key encryption is used to protect the symmetric key

• User certificate with public key and private key
• Also certificate of recovery agent

EFS
Recovering EFS Encrypted Files
To ensure you can recover EFS encrypted files:

• Back up user certificates

• Configure a recovery agent

Demonstration: How to Encrypt a File by Using EFS
This demonstration shows how to:
• Verify that a computer account supports EFS on a network
share
• Use EFS to encrypt a file on a network share

• View the certificate used for encryption

• Test access to an encrypted file

Lesson 3: Encrypting Partitions with BitLocker
• What Is BitLocker?

• How BitLocker Works

• Recovering BitLocker Encrypted Drives

• Demonstration: How to Encrypt a Partition by Using

BitLocker
 What Is BitLocker?

A feature in Windows Server 2008 that allows you to encrypt

entire partitions

Benefits for BitLocker are:

• Data protection for stolen drives

• Safe shipping of preconfigured servers

• Easier decommissioning of drives

• Maintaining system integrity

How BitLocker Works

• To use BitLocker there must be two partitions:

• System – with boot files
• Boot – with operating system files (C:)

• A Full Volume Encryption Key encrypts each partition

• A Volume Master Key encrypts the

Full Volume Encryption Keys

• The encrypted Volume Master Key is stored on the system

partition

• The key for decrypting the Volume Master Key is stored

in a TPM
Recovering BitLocker Encrypted Drives
BitLocker encrypted drives can be recovered by using:

• A recovery password
• In Active Directory
• Saved or printed immediately after encryption

• A recovery key from USB flash drive

• Saved immediately after encryption

• A data recovery agent

• Configured by using Group Policy
Demonstration: How to Encrypt a Partition by
Using BitLocker
This demonstration shows how to:
• Install the BitLocker feature

• Configure Bitlocker to not require a TPM

• Enable BitLocker when a TPM is unavailable

• Access the recovery password

Lesson 4: Configuring and Troubleshooting
Network Printing
• Benefits of Network Printing

• Security Options for Network Printing

• Demonstration: How to Create Multiple Configurations for

a Print Device
• What Is Printer Pooling?

• Deploying Printers to Clients

• Discussion: Troubleshooting Network Printing

Benefits of Network Printing

• Centralized management

• Simplified troubleshooting

• Lower total cost of ownership

• Listing in Active Directory

Security Options for Network Printing

• The default security allows everyone to:

• Print
• Manage their own print jobs

• The available permissions are:

• Print
• Manage this printer
• Manage documents
Demonstration: How to Create Multiple
Configurations for a Print Device
This demonstration shows how to:
• Create a shared printer

• Create a second printer using the same port

• Increase the priority of the second printer

 What Is Printer Pooling?

Printer pooling is a way to combine multiple physical printers into

a single logical unit

A printer pool:

• Increases availability and scalability

• Requires that all printers use the same driver

• Requires all printers in the same location

Deploying Printers to Clients
You can deploy printers to clients by using:

• Group Policy preferences

• Group Policy objects created by Print Management

• Manual installation
Discussion: Troubleshooting Network Printing

What are some common network

printing problems and their
resolution?

5 min
Lab: Configuring and Troubleshooting Network
File and Print Services
• Exercise 1: Creating and Configuring a File Share

• Exercise 2: Encrypting and Recovering Files

• Exercise 3: Creating and Configuring a Printer Pool

Logon information
6421B-NYC-DC1
Virtual machine
6421B-NYC-CL1
User name Contoso\Administrator
Password Pa$$w0rd
Estimated time: 75 minutes
Lab Scenario
• You are configuring a new file server that will hold files shared by
multiple departments. The first two departments to move their
files to this location are the Marketing and Production
departments. You need to configure the file share so that each
department has access to view and modify only their own files.
In addition, users should not see files and folders that they do
not have access to.
• Your organization wants to allow users to start encrypting files
by using EFS. However, there are concerns about recoverability.
To enhance the management of the certificates used for EFS, you
are going to configure an internal certification authority to issue
certificates to users. You will also configure a recovery agent for
EFS and verify that the recovery agent can recover files.
• The Marketing department has a single central copy room that
stores the printer for the entire floor. Over the last year, the
capacity of your printer has become a concern. In particular,
when a user prints a large job, it prevents other users from
obtaining their print jobs for 10 or 15 minutes. To resolve this
problem, you have purchased two new identical printers to
configure as a printer pool for the Marketing department.
Lab Review
• In Exercise 1, why did Adam only see the Marketing
folder?
• In Exercise 2, why was the Administrator account able to
open the encrypted file?
• When two ports are enabled for a printer, how do you
know where a print job will be directed?
Module Review and Takeaways
• Review Questions

• Tools