Inside Windows Server 1002003 [Electronic resources] نسخه متنی

Managing Print Services

For all its complexity and snarl of protocols, a Windows Server 2003 print server has surprisingly few configurable components:

Print queues.
The queues are listed in the Faxes and Printers window. You must open each one individually to see the jobs inside.

Print server properties.
The server properties are accessed from the main menu of the Printers and Faxes window. You can also use this window to manage ports and drivers and configure notification and event logging.

Printer security.
These settings permit you to control who can print to a printer, who can manage the printer itself, and who can manage jobs in the print queues.

Managing Print Queues

You can use the Printers and Faxes window to check the status of documents in the queue and manage both the printer as a whole and individual documents in the print queue. You must have at least Print Operator privileges in a domain or Power User privileges on a standalone machine to manage a print queue .

When you double-click a printer icon, a window opens to display the jobs in the queue. Right-click a printer icon to see the available options. Most of them are self-explanatory. Here are a few items of note:

S
ET AS
D
EFAULT .
This flags the associated printer as the default for all print jobs. Many applications make a standard Win32 API call for the default printer. If one is not selected, this API call fails.

U
SE P
RINTER O
FFLINE .
This enables you to queue up jobs while the print device is unavailable. Otherwise, you will get errors about the inability to print to the device.

P
AUSE P
RINTING .
This halts all despool activity but the spooler continues to accept new jobs.

Right-click on a document in the print queue to see your options. Users with standard print privileges can see all queued jobs but can only pause and cancel their own jobs.

If you cancel a job, the .spl and .shd files are deleted from the spool area. If you pause a job then resume it, it picks up at the next page. If you select Restart, the job begins from page 1 .

Open the Properties window for a document to see information about the print job (see Figure 16.36).

Figure 16.36. Print job properties .

The General tab gives information about the job, including the number of pages, assigned data type, and the name of the print processor, which is always Winprint even though the print processor is now Localspl. If the job came from a Macintosh, the print processor will be Sfmpsprt. You can also see when the job was submitted and the job's owner.

The Layout tab controls orientation. An Advanced button shows specialized options for the device. These options come from the minidriver coded by the vendor. Examples of printers with a rich feature set include the Xerox DocuCenter printers, which have options that enable you to do everything including build entire saddle-stitched books with separate covers.

The Paper/Quality tab has options for selecting resolution, color matching, paper source, and so forth.

Managing Print Server Properties

You can configure parameters for the entire print server instead of individual printers by selecting P

RINT | P

RINT S

ERVER P

ROPERTIES from the P

RINTERS AND F

AXES menu. Use the Advanced tab to respond to user complaints about their jobs not being printed :

The Notify When Remote Documents Are Printed option gives the user a pop-up when the job has finished despooling. This does not mean that it has printed successfully. Only the print device knows that.

You may want to uncheck the Log Spooler Information Events option. It generally puts too much information in the Event log, hiding any real problems in a sea of successful print events.

The Beep On Errors Of Remote Documents and Show Informational Notifications for Local Printers options are rarely of any use because you need to be standing right there at the print server when a user sends a problem job. They are useful for troubleshooting, though, so don't forget they're there.

The remaining notification items can normally be disabled except when troubleshooting.

Printer Security

Printer security is based on control of the printers themselves (the logical printers, not the physical devices), the documents in the print queues, and the ability to add documents to the queue. There are three basic rights required for this control :

Print.
The right to submit a print job to the printer.

Manage Printers.
The right to create and delete printers, pause and start the queues, and change printer properties.

Manage Documents.
The right to delete and change the properties of jobs in the queue other than the jobs submitted by that person.

Print jobs waiting in the queue are subject to NTFS permissions. The owner of the spooled files is the person who submitted the print job. The Manage Documents permission essentially gives the user the right to manage his own files in the \Windows\System32\Spool\Printers directory.

The ACL for a printer can be viewed by opening the Printer window, selecting

PRINTER |

PROPERTIES from the menu, then selecting the Security tab. The standard rights are as follows :

Administrators.
Full Control.

Creator/Owner.
Manage Documents.

Everyone.
Print.

Print Operators (Power Users on standalone machine).
Full Control.

Server Operators.
Full Control.

If you want to restrict access to a printerfor example, you don't want the whole company to print to the $150K IRIS color poster printeryou can assign users and groups to the ACL and give them appropriate rights.

The basic permissions for Fax are similar to the standard printer permissions. Additional permissions exposed by the Advanced view of the ACL Editor include permission to specify the fax priority and permission to view the fax archives .

Print Policies

Group policies make for a handy way to manage enterprise printing. There are nearly two dozen printer and fax policies that enable you to define who can print, what they can print, who is allowed to create and delete printers, and to define what a computer is supposed to do with any stored print jobs .

Here are printing policies I find very helpful:

Custom Support URL in the Printers Folder's Left Pane .
This policy has a very long name because it provides a very helpful service. The left pane of the Printers and Faxes window has a link called Get Help With Printing. This link normally points at the printer help at Microsoft's web site. You can specify your own internal web site using this group policy. This is a boon to the Help Desk.

Browse a Common Web Site to Find Printers .
When you enable this policy and give it an URL, the system puts a little Browse The Intranet link in the Specify A Printer window of the Add Printer Wizard. This link goes to the URL you specify, which would typically be the Printers virtual folder at a print server. This is a great way to give users a simple way to find their printers and download drivers.

Default Active Directory Path When Searching For Printers .
This is a nifty policy that focuses the Active Directory search in the Add Printer Wizard to a specified OU or domain rather than the entire Active Directory. It is not as nifty as it could be, however, because it does not affect the S
EARCH F
OR P
RINTERS feature in the Start menu Search option .

Prevent Addition of Printers .
Administrators who really are tired of dealing with printer issues can use this policy to take total control of printer creation. Enabling this policy removes the Add Printers options from the UI. Sophisticated users can still map to a printer with the NET USE command or the Add Hardware Wizard, but users with that kind of knowledge are rare. As an administrator, you can add new printers using scripts .

Managing Printer Properties

The Properties window for a printer in Printers and Faxes contains configuration parameters for the following:

Sharing

Port management

Security

Print device settings

Print device settings are exposed by printer minidrivers and filters installed from the vendor's driver files. They expose parameters such as trays, collator, stapler, page size, and so on. The settings are too diverse to cover in this book. Here are the remaining settings .

Sharing

The Sharing tab exposes two features in addition to simply sharing the printer. Additional Drivers brings up a checkbox list of alternate clients that can download drivers when they connect to the shared printer. Some of these drivers are on the Windows Server 2003 CD under the \Printers folder. The rest you'll need to download from the vendor's web site.

If you have the opposite situation, an NT4 print server with Windows Server 2003 or XP clients, you can install the updates drivers on the NT4 print server using the FIXPRNSV utility, located in the \Printers folder on the Windows Server 2003 CD.

You can also publish the shared printer in Active Directory using the List in Directory option. Publishing the printer helps users to find print resources quickly using the Search utility .

There are a few complexities associated with publishing printers in Active Directory. These complexities come from the capability of Active Directory to remove, or

prune , published printers that no longer point at active printers. This might be because the print server has been decommissioned or the printer has been removed or the network connections are broken.

The pruning agent runs at the domain controller every 8 hours. During its run, it attempts to contact each printer that has a published share in Active Directory. If it is unable to contact a printer for 3 consecutive retries, it deletes the PrintQueue object from Active Directory.

A print server running Windows 2000 or Windows Server 2003 will republish its shared printers when it comes back online. If you publish printers from downlevel clients, you will need to republish them when the server becomes available.

You can change the pruning parameters using a set of group policies. The policies are located in Computer Configuration | Administrative Templates | Printers. Here is a list of the policies :

Directory Pruning Interval .
This tells the domain controller how often to check the status of printers with PrintQueue objects in Active Directory. By default, this interval is set to 8 hours.

Directory Pruning Retry .
This tells the domain controller how many times to try the connection before declaring it dead. This is 2 retries, by default .

Directory Pruning Priority .
This tells the system what priority to give the Printer Pruner. By default, this is normal priority.

Check Published State .
This tells print servers to constantly republish their shares printers in Active Directory rather than waiting for a restart of the print server. Only set this policy if you are having significant network instabilities that cause your published printer shares to disappear. This would have to be pretty severe to cause a 24-hour disruption .

Ports

The Ports tab of the printer Properties window lists the port that has been assigned to the printer along with the other available ports and their printer assignments. If you want to change the port assigned to the print device, or change the properties of the port itself, do it from here.

This is the place to go if you have changed the IP address on a network printer interface and you want to change the address assigned to the Tcpmon port monitor.

If you have a user workgroup that produces a lot of paper reportsfor some reason, the Accounting department comes to mindyou can improve overall print throughput by installing multiple print devices that all despool from the same printer. This is called

printer pooling . You won't speed up any individual print job with printer pooling, but it keeps jobs from piling up in the queue.

If you use printer pooling, make sure all the print devices you plan on putting in the pool will work with the printer driver associated with the printer. They do not need to be the exact same make/model, but they do need to recognize the same printer control codes. For example, don't mix Postscript Level 2 and 3 printers in a pool with a Postscript 3 driver.

Advanced Settings

The Advanced tab in the Properties window contain a variety of selections. Table 16.2 lists the options, their functions , and gives examples and cautions when selecting the options .

Table 16.2. Advanced Printer Options
Option	Function	Examples and Cautions
`Available From`	Assign the hours that the printer will despool to its print device. Print jobs submitted at other times are queued.	If your organization has a color printer that employees can use after hours, you can create a printer and set the `Available From` option so that jobs print at night.
`Priority`	If you have multiple printers that despool to the same print device, Spooler will ordinarily alternate between the two queues. If you want jobs in one queue to print in front of jobs in another queue, set the `Priority` value higher.	You may have a large-format printer owned by the Art department but sometimes used by Technical Documentation. If the graphic designers grouse that they have to wait for the technical writersI speak from experience on this subjectyou can create a separate printer for the graphic designers with a higher priority.
`Driver`	If you get a new driver for a printer, or you change the print device associated with a printer, use this button to load the new driver. If the printer is shared, users who connect to it automatically download the new drivers.	If you change drivers, the installation script may change the name of the printer. If this happens, the connected print clients can no longer use the shared printer even though the share name has not changed. Before installing a driver into an existing printer, copy the printer name to the Clipboard in case you need to reapply it.
`Spool Print Documents ... / Start Printing Immediately`	This tells Spooler to accept the incoming print job, render the byte stream as it comes, and despool it to the print device simultaneously.	This option speeds up printing large documents. If the job fails to print for some reason and Spooler is notified of this by the print monitor, the job is permitted to complete spooling, and then it is set to the print device again.
`Print Directly to Printer`	This tells Spooler to bypass local storage of the job. The job is rendered on-the-fly and sent directly to the print device.	If the printer is shared, this option is ignored.
`Hold Mismatched Documents`	This tells Spooler to make sure the printer setup matches the document setup.	If the printer uses `a` raster driver but the incoming print job is Postscript, this option holds the job. A job cannot be moved to another queue, so the only alternative is to cancel the job and print it again to the correct printer.
`Print Spooled Documents First`	Spooler favors spooled jobs over incoming jobs. If two jobs spool at once, Spooler favors the larger job. This option is used in conjunction with the `Start Printing Immediately` option.	Under normal circumstances, Spooler chooses the next job to print based solely on the assigned priority. This means a high-priority, 500-page job that might take an hour to print would get attention while a little 1-page job that has already spooled sits and waits. With this option, the spooled job prints first.
`Keep Printed Documents`	This option holds the spool file after the document prints.	Sometimes it is important that a document print right the first time. For example, accounting packages print reports as part of the end-of-month and end-of-year closings. It is difficult to go back and print the report again if the job fails to complete. You can quickly run out of disk space if you leave it enabled for long.
`Enable Advanced Features`	With this option deselected, the Advanced options are not available.	If you experience compatibility problems when users take advantage of Advanced features exposed to the UI for their printer, you can deselect this option to disable certain of these features. The miniport driver must make explicit calls to this flag, however, so it might not resolve your problem.

Separator Pages

When many people use the same network printer, it can be difficult to sort through the jobs in the output tray. Separator pages (sometimes called

burst pages as a holdover from the old green bar tractor paper days) identify the start of each print job with a page that can be seen easily by riffling through the paper stack .

There are four default separator pages. The files are stored in the \Windows\System32 folder. They are as follows:

Pscript.sep.
Puts a dual-mode printer in Postscript mode but
does not print a separator page .

Sysprint.sep.
Prints a separator page on a Postscript printer.

Sysprtj.sep.
Same as Sysprint.sep with the addition of special fonts that support Japanese language modules.

Pcl.sep.
Puts a dual-mode printer in PCL mode, and then prints the username, date, and job number of the print job.

The following is a sample separator file:


\H1B\L%-12345X@PJL ENTER LANGUAGE=PCL
\H1B\L&l1T\0
\M\B\S\N\U
\U\LJob : \I
\U\LDate: \D
\U\LTime: \T
\E

Table 16.3 lists the escape codes and their functions. If you want to switch a printer from Postscript to PCL without printing a separator page, for example, use the following separator file :


\H1B\L%-12345X@PJL ENTER LANGUAGE=PCL\0

Table 16.3. Separator File Escape Codes and Their Functions
Escape Code	Function
`\N`	Username of the submitter.
`\I`	Job number.
`\D\T`	Date and time.
`\L` `xxxx`	This is an echo option. Prints the characters ( xxxx ) until another escape code is encountered. Use this to fill a line with characters to make the burst page distinctive.
`\F` `pathname`	Prints contents of the specified file, starting on an empty line, without any processing. Use for printing custom informational messages.
`\H` `nn`	Sets a printer-specific control sequence, where nn is a hexadecimal ASCII code. Refer to the printer manual for applicable codes.
`\W` `nn`	Sets the width of the separator page. The default width is 80; the maximum width is 256. Any printable characters beyond this width are truncated.
`\B\S`	Prints text in single-width block characters.
`\E`	Page eject. Use to start a new separator page or to end the separator page file. If you get an extra blank separator page when you print, remove this code from your separator page file.
`\` `n`	Skips n number of lines (from zero through nine).
`\B\M`	Prints text in double-width block characters.
`\U`	Turns off block character printing.

Printing from DOS

A DOS application running inside an NT Virtual DOS Machine (NTVDM) is as oblivious to innovations such as Graphic Device Interface (GDI) and Windows Driver Model (WDM) and font libraries as a washboard maker is to Maytags. The DOS application expects to push bytes down an LPT port or bits down a COM port and nothing else is going to make it happy.

One of the functions of the NTVDM driver is to convert DOS hardware function calls into equivalent Win32 API calls. This works fine for well-behaved DOS applications that play by the rules. Many don't. The most common problems involve DOS applications that try to punch bytes directly to the printer port, either for reasons of control or performance. Those jobs will refuse to print .

Some DOS applications slam a print file closed without sending an <EOF> byte. The print processor thinks the application is still printing. There are several symptoms of this problem:

Print job doesn't run until the application is closed.

Last page of a print job stays in the printer, requiring a page feed to clear it.

DOS jobs get mangled together with pages from different reports and documents mixed up in the same hopper. This is caused by applications that do calculations between pages of the report that are long enough to cause the LPT timer to time out and accept jobs from another source .

If you get these symptoms, try setting the default data type to FF Appended. If you are printing to a NetWare server, don't expect the CAPTURE command to solve the problem. The CAPTURE command is not supported on NT.

If you are trying to print to a nonstandard port, such as a network print device or an Infrared (IR) printer, or you are trying to print from DOS to a printer connected to a network print server, there is no LPT port to keep the DOS application happy. You must give it an LPT port using the NET USE command. This is true even if the machine itself is acting as the despool server for the printer .

Assume, for example, that you have a server running Windows Server 2003 that hosts a printer for a network print device such as an HP JetDirect card. The port for this device does not use LPT1 or LPT2; it uses a special port designed to print to the network device. If you want to print from a DOS application on this server, you must share the printer and redirect a printer port to the shared printer. If you do not want to share the printer, you won't be printing from DOS. The syntax for the printer port redirection is as follows:

net use lpt1: \\

server_name \

printer_share

The share name can be longer than eight characters. The DOS application prints to LPT1, just like it would on a DOS machine. You can use any LPT port number between one and nine, but most older DOS applications don't recognize anything above three. You don't need to put the colon on the port number. (I do it just to be consistent.)

Troubleshooting Printing Failures

When troubleshooting printing problems, start with the physical layer. Is the printer turned on? Is it plugged in? Is it connected to the computer? Does the serial printer have the right cable pinouts? I'm sure you know the drill. There are more subtle factors that can affect local printing after you've eliminated the common faults :

Bidirectional printing enabled.
The printer monitor for both PCL and Postscript printers expects to get status information back from the printer, which requires a bidirectional printer connection. An older parallel cable without a pinout for two-way communications will cause the system to either refuse to create the printer or print jobs will hang in the queue. Check CMOS for the printer port configuration. Often an EPP/ECP port is set to another configuration that does not support two-way communications.

Job in the wrong queue.
If you have a job in the queue that was supposed to be sent to another queue, you cannot drag and drop it to another printer. You must cancel the job and print it again to the correct printer. This is because the print job has already been rendered using the driver associated with the first queue. Moving it to another queue would mean it could possibly be incorrectly formatted for the target printer. It would be great to have an administrator's bypass on this so that jobs intended for the same type print device could be moved, but that's not in the product.

Jobs print partial pages or odd characters.
If the printed output includes control characters, Postscript code, lacks graphics characters that were in the document, or otherwise does not seem correct based on the screen display, look for a problem with the default data type. Open the Properties window for the printer, select the Advanced tab, click Print Processor, and select a different default data type. If you have UNIX clients who constantly complain that their jobs are getting fouled up in the print queue, for example, create a new printer for them and change the default data type for that printer to TEXT.

Slow or erratic printing performance.
If a user is printing locally and the jobs print very slowly, or performance gets erratic, you may need more memory or a faster processor or both. If the user demands fast printing but doesn't want to pay for hardware upgrades, try installing a separate print server to free the desktop from rendering the job.

Inadequate rights to spool directory.
If you set up a printer for a user and it worked fine, but now the user cannot get it to work, look at the NTFS permissions on the \Windows\System32\Spool directory. They might be restricting the user's access.

PnP error.
If the driver was installed automatically by PnP, check Device Manager to see if there is an error. The serial port might be sharing an IRQ with an add-on device. The parallel port might lack bidirectional capability or use a non-standard IOBase address. You do not ordinarily get IRQ problems with parallel ports, but watch out for add-on devices and security dongles that keep the port from working with a printer. If you have a second parallel port on a legacy machine, make sure that IRQ5 is enabled for legacy devices in BIOS and that this is the IRQ assigned by Device Manager.

Verify proper driver.
Windows Server 2003 uses Windows 2000 drivers with a preference for user-mode rather than kernel-mode drivers. Check the vendor's web site for the most current driver.

Command-Line Print Administration

Microsoft included several VBScript-based printer management utilities in Windows Server 2003. These scripts first made their appearance in the Windows 2000 Resource Kit. They use Windows Management Instrumentation (WMI) to display and manage printers, print jobs, and printer components such as ports, queues, and configuration.

Most of these scripts require you to have administrator, or at least printer admin, rights on the target server. Also, many of these tools require you to specify the printer name on the command line. This is a good reason to keep the names as short as possible .

There are six scripts; they correspond roughly to the tabs in the printer Properties window:

PrnPort .
This script enumerates, creates, configures, and deletes printer ports at a designated server. This is the functionality you would get in the Ports tab of the printer properties. Here is a sample listing:
```
C:\>prnport -l -s s1.company.com
Server name s1.company.com
Port name IP_10.1.1.81
Host address 192.168.0.81
Protocol RAW
Port number 9100
SNMP Disabled
Number of ports enumerated 1
```

PrnMngr .
This script adds and deletes printers and can be used to set a particular printer as the default. This is the functionality you would get from the Add Printer Wizard at the main Printers and Faxes window. Here is a sample listing:


C:\>prnmngr -l -s s1.company.com
Server name s1.company.com
Printer name testprn
Share name DeskJet648c
Driver name HP DeskJet 640C/642C/648C
Port name IP_10.1.1.81
Comment Standard letterhead paper
Location Bldg C, Floor 3, Cubicle 33C
Print processor WinPrint
Data type RAW
Parameters
Attributes 8776
Priority 1
Default priority 0
Status OK
Average pages per minute 0

PrnQctl .
This script can be used to view, stop, start, and manage the jobs in a print queue. You can also use PrnQctl to print a test page. This is the functionality you would get when you double-click the printer icon in the Printers and Faxes window and open the queue viewer .

PrnCnfg .
This script lists the configuration information for a printer that is normally displayed in the Advanced tab of the printer properties. Here is a sample listing:


C:\>prncnfg -s s1.company.com -p testprn -g
Server name s1.company.com
Printer name HP DeskJet 640C/642C/648C
Share name DeskJet648c
Driver name HP DeskJet 640C/642C/648C
Port name IP_10.1.1.51
Comment Standard letterhead paper
Location Bldg C, Floor 3, Cubicle 33C
Separator file
Print processor WinPrint
Data type RAW
Parameters
Priority 1
Default priority 0
Printer always available
Attributes local shared published do_complete_first

PrnJobs .
This script enumerates the jobs at a printer and gives the option of pausing a particular job, canceling it, or resuming it. This is the functionality you would get by right-clicking a job in the queue viewer. Here is an example listing:


C:\>prnjobs -s s1 -p testprn -l
Job id 14
Printer testprn
Document Test Page
Data type NT EMF 1.008
Driver name HP DeskJet 640C/642C/648C
Description newprn, 14
Elaspsed time 00:00:00
Machine name \\S1.company.com
Job status
Notify Administrator
Owner Administrator
Pages printed 0
Parameters
Size 75952
Status UNKNOWN
Status mask 0
Time submitted 12/16/2001 11:57:58
Total pages 1
Number of print jobs enumerated 1

PrnDrvr .
This script lists information about the print drivers that are loaded on a particular server. This helps to determine if the drivers are up-to-date. There is no UI window that gives information corresponding to this utility. Here is a sample listing :


C:\>prndrvr -s s1 -l
Server name s1
Driver name HP DeskJet 640C/642C/648C,3,Windows NT x86
Version 3
Environment Windows NT x86
Monitor name
Driver path C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRV.DLL
Data file C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPFDJ640.GPD
Config file C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL
Help file C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRV.HLP
Dependent files
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPVDJ50.INI
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPVUD50.DLL
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPVUI50.DLL
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPFIMG50.DLL
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPV600AL.DLL
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPFDJ6xx.GPD
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPFDJ69x.GPD
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPFDJ200.HLP
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPFNAM50.GPD
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIRES.DLL
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\STDNAMES.GPD
Number of printer drivers enumerated 1

An additional utility, PrintMig, is available in the Resource Kit. This is a standard executable that simplifies backup and restore of printer configurations out of the Registry. You can also use this utility to quickly and easily transport printer configurations to another server. This comes in handy in a business recovery scenario when your main print server goes down and you need to get the printers up on another server quickly. Figure 16.37 shows an example window that lists the printer elements installed on a server .

Figure 16.37. Printer Migration utility showing printer elements that can be backed up and restored elsewhere .

Printer Location Tracking

Each

Inside Windows® Server 2003
By William Boswell
	Publisher	: Addison Wesley
Date Published	: April 11, 2003
ISBN	: 0-7357-1158-5
Pages	: 1376