Microsoft Windows Server 2003 Deployment Kit [Electronic resources] : Planning Server Deployments نسخه متنی

Deploying Print Servers

After your design team completes its work, the print server deployment team can implement the design for your new printing environment. Deploying print servers involves installing Windows Server 2003 on the servers, adding the servers to the network, and then adding the printers. Organizations that plan to deploy clustered print servers must take the additional step of configuring the clusters before creating the print spooler resource.

Figure 3.5 shows the tasks involved in deploying print servers.

Figure 3.5: Deploying Print Servers

Installing Windows Server 2003 on Print Servers

The details of the print server deployment process vary depending on whether your design specifies a clean installation or an upgrade installation. If you are upgrading existing stand-alone or clustered servers, the upgrade process also differs depending on the version of the Windows operating system installed on your existing print servers.

Deploying Print Servers with Clean Installations

If you deploy print servers with clean installations of Windows Server 2003, you can decide whether to create new printers or migrate existing printers to the new servers. If you create new printers, you can enforce the standard printer naming convention that the design team developed during the design phase. If you have existing printers, it is a good idea to migrate them by using Print Migrator 3.0.

Setting Up a New Print Server

The first step in setting up a new print server is to install and configure Windows Server 2003. Identify each operating system that the printer server must support to determine any special selections that you must make while setting up your server. For example, if you support computers running Windows NT 4.0, you must install additional drivers during the upgrade process. After installing Windows Server 2003, you can begin adding printers.

Migrating Printers by Using Print Migrator 3.0

By using Print Migrator 3.0, you can back up your current print server configuration and restore the settings on a new print server, eliminating the need to manually recreate print queues and printer ports, install drivers, and assign IP addresses. Having to manually perform these tasks is a significant obstacle for most organizations. Using Print Migrator greatly reduces the manual intervention required when migrating your print servers from previous versions of Windows.

For example, an administrator obtains three new high-end servers to use as print servers. Rather than manually configure each server, the administrator uses Print Migrator 3.0 to back up three of the existing print servers and then restores the settings on the new servers. For more information about Print Migrator 3.0, see "Choosing a Print Server Migration Method" earlier in this chapter.

To ensure that your printer migration goes smoothly, read the documentation provided with Print Migrator 3.0.

Deploying Print Servers with Upgrade Installations

Deploying an upgraded installation of Windows Server 2003 can be a simple process depending on the printer drivers installed on your servers. One of the biggest challenges of upgrading is resolving any printer driver problems. Before upgrading your servers, use the command-line utility Fixprnsv.exe, provided with Windows Server 2003, to help you identify any printer driver problems. If you are upgrading from Windows NT 4.0 or Windows 2000, consider the issues presented in the following sections.

Important

As with any major software installation, it is recommended that you back up the hard disk before beginning an upgrade.

Using Fixprnsv.exe to Resolve Driver Issues

To manage driver-related issues, use the command-line utility Fixprnsv.exe. Fixprnsv.exe automatically replaces incompatible printer drivers or those with known problems. It locates existing printer drivers that can replace unsuitable drivers. In many cases, IHVs provide new printer drivers for this purpose. If replacement drivers are available, Fixprnsv.exe replaces problem drivers with Microsoft-provided drivers. If Fixprnsv.exe does not find a suitable replacement driver, it displays a message advising you to check the printer manufacturer's Web site for a newer version of the driver. Fixprnsv.exe installs drivers only for printers that are already configured on the print server.

The Fixprnsv.exe utility is located on the Windows Server 2003 installation CD-ROM in the \Windows\Printers\ directory. For a list of commands for use with Fixprnsv.exe, use the following procedure.

To list the commands for Fixprnsv.exe

Insert the Windows Server 2003 installation CD-ROM in the CD-ROM drive.

At the command prompt, change to the drive that contains the CD-ROM and type:

fixprnsv.exe /?

Upgrading from Windows 2000

If you are upgrading a Windows 2000 print server that does not have Version 2 device drivers installed, your upgrade can be seamless. If your Windows 2000 print server has Version 2 drivers, you might encounter some of the issues involved in upgrading from Windows NT 4.0, which are discussed in the following section.

Upgrading from Windows NT 4.0

When upgrading from Windows NT 4.0 to Windows Server 2003, one or more of the following situations might occur:

Windows NT 4.0 drivers that shipped with the operating system are upgraded to the new version of these drivers in Windows 2000, Windows XP, or Windows Server 2003. The Windows NT 4.0 driver remains as an additional driver.

If the name of an IHV driver matches the name of a driver that ships with Windows 2000, Windows XP, or Windows Server 2003, the installation might upgrade the driver to the a Version 3 inbox driver (a driver that ships with Windows Server 2003). This upgrade occurs with no user intervention.

Unstable drivers are blocked and are not carried through the upgrade. Printers that use these drivers are removed during the upgrade process. If the printer is connected directly to the computer and has a recognized Plug and Play ID, Windows searches for a suitable driver. If a suitable driver is found, the printer is installed during the upgrade as a new printer.

Drivers that are not blocked and do not have name matches are carried through the upgrade unchanged.

Windows NT 4.0 inbox drivers

All Windows NT 4.0 Printer Control Language (PCL) drivers and Raster Device Drivers (RASDD) are upgraded to the latest Unidrv drivers as part of the upgrade process. The latest Unidrv drivers include UNIDRV5 for Windows 2000, and UNIDRV5.1 for Windows XP or Windows Server 2003. PostScript drivers that were shipped with Windows NT 4.0 are automatically upgraded to PostScript 5.0 in Windows 2000 or PostScript 5.2 in Windows XP or Windows Server 2003.

Note

Drivers that you have installed as additional drivers for Point and Print on clients running Windows 95, Windows 98, or Windows Millennium Edition are not preserved during an upgrade from Windows NT 4.0 to Windows 2000 or Windows Server 2003. After you configure the print server, you must reinstall these additional drivers.

IHV drivers with matching names

IHV Windows NT 4.0 drivers are upgraded to Windows 2000, Windows XP, or Windows Server 2003 drivers with no user intervention if the driver name matches the existing Windows NT 4.0 driver name or if a newer version of the driver is available. In this situation, the IHV driver is treated exactly the same as the Microsoft driver.

Because of interaction problems between Windows 2000 drivers and Windows NT 4.0 drivers in Point and Print environments, many IHVs recommend that you reinstall their Windows NT 4.0 driver following the upgrade. This applies to users who plan to use Point and Print between Windows NT and Windows 2000, Windows XP, or Windows Server 2003.

Blocked IHV drivers

Microsoft designed the upgrade path from Windows NT 4.0 so that the new operating system replaces an old driver if a newer driver is available. Windows preserves a driver during an upgrade if the installation utility does not find a newer version and does not identify a driver as causing problems in Windows 2000, Windows XP, or Windows Server 2003. A driver is blocked for one of two reasons:

Microsoft determines, through testing, that the driver causes substantial instability of the operating system.

The IHV requests that the driver be blocked based on the IHV's own testing and available updates.

The system file Printupg.inf contains a list of known bad drivers. Drivers in this list might have an alternative inbox driver. If an alternative driver does not exist, the driver is not upgraded during the operating system installation. Instead, you need to install a newer version of the driver from the IHV. The information found in Printupg.inf can be helpful in identifying whether or not a new version from an IHV is blocked. The upgrade report also contains information about all drivers slated for removal during the upgrade.

In addition, the Fixprnsv.exe tool automatically replaces known bad drivers if inbox substitutes are available. If a compatible driver cannot be located, Fixprnsv.exe reports that fact and refers the user to the IHV's Web site. By running Fixprnsv.exe prior to upgrading, you can identify printers that are slated for deletion during the upgrade ahead of time. Otherwise, you might discover after the upgrade that some printers are unexpectedly missing.

Non-blocked IHV drivers

Certain Windows NT 4.0 drivers are not blocked and do not match the driver name of an inbox driver. These drivers proceed through the upgrade process without being altered or replaced. Use Fixprnsv.exe to identify drivers that must be replaced. For drivers that are not blocked (either because they are not in the Printupg.inf file or because they have a later date than the date of similar drivers listed in Printupg.inf), Fixprnsv.exe takes no action.

Adding Printers

After installing Windows Server 2003 on the print server, you must add the printers to the server. Depending on the decisions that the design team made, adding printers can involve the following steps:

Adding spooler resources to server clusters

Installing printer ports

Adding additional printer drivers

Publishing printers in Active Directory

Connecting clients to printers

Restricting access to printers

Setting up Internet printing

Adding Spooler Resources to Server Clusters

In order to add printers to server clusters, you first need to create and configure print spooler resources. After creating the spooler resource, you can add printers, publish them in Active Directory, and add any additional drivers that your users require. You must also create and specify the spooler resource in order to use Print Migrator 3.0 to restore printers from another print server.

Creating a Spooler Resource

To create a spooler resource for a cluster, you must be the administrator of the cluster as well as of each node within the cluster. You must also have the administration software installed on your computer. Cluster Administrator is the graphical application that is supplied with the Cluster service to manage clusters. Alternatively, you can use Cluster.exe, a command-line tool, or develop custom administration tools by using the Cluster service command interfaces. Cluster Administrator is included in the Administrative Tools Pack (Adminpak.msi). The Cluster.exe tool and Adminpak.msi files are located in the Windows\System32 directory of a Windows 2003 Server.

The procedure for creating a print spooler resource is like the procedure for creating any resource in a cluster service. For more information about creating a cluster-managed printer, see "Create a cluster-managed printer in Help and Support Center for Windows Server 2003.

After you create the print spooler resource, migrate existing printers from existing print servers, if necessary, by using Print Migrator 3.0. For more information about Print Migrator, see "Choosing a Print Server Migration Method" earlier in this chapter.

Configuring the Resource

Configure the spooler resource by selecting the print spooler resource type in the Cluster Administrator window or by using Cluster.exe. Each cluster group can have only one print spooler resource, because resources are organized into interdependent groups that must fail over together.

After you create and configure the print spooler resource, you might need to install any third-party port monitors and print processors that are cluster-compatible on each node of the cluster. To do this, take each spooler resource offline, and then bring it online again so that the new resource is visible to the cluster. Then add printers to the clustered spooler. For more information about printing and the Cluster service, see "Print Spooler resource type" in Help and Support Center.

Adding a Printer to a Cluster

After creating a group and resources, you can add printers to the cluster. Each node must have connectivity to the remote print device. A printer that is locally connected to a node cannot be part of a cluster configuration, because the printer connects directly to the node and does not fail over if that node goes down.

Adding a printer to a cluster is very similar to adding the printer to any other computer, with the following exceptions:

You never start from the local Printers and Faxes folder. The cluster always appears remote, even if you are working on the active cluster node. Instead type the virtual server name (for example, \\Virtual_Server_Prn) in the Run dialog box, and then click the remote Printers and Faxes folder that is displayed.

If the Add Printer Wizard does not appear when you open the remote Printers and Faxes folder, you cannot continue. One of three things might be wrong:

The associated print spooler resource is not online or is not configured

You are not logged on as the administrator.

The spooler service is not started on the local computer. (This is unlikely.)

When a cluster group containing a print spooler resource fails over to another node, the document that is currently being sent to the printer is restarted on the other node after the failure. When you move a print spooler resource or take it offline, Cluster service waits until all documents are spooled or the configured wait time elapses. The cluster discards any documents that are submitted while the spooler resource is unavailable or the cluster is offline, and users must resubmit those print jobs.

For more information about clustering, see "Designing and Deploying Server Clusters" in this book.

Installing Printer Ports

If your users print over a network, you must create printer ports to enable connections between print servers and printers. You can install printer ports for stand-alone servers and clusters from the Printers and Faxes folder on the print server. The printer port can be one of two port types:

Standard TCP/IP port

LPR port

If you are using clustered print servers, you need to install the printers on each node and ensure that each node has the appropriate protocols, port monitors (not ports), and print processors installed. You can do this remotely, but you must address each node by its node name, not the cluster name. Ensure that the settings on all nodes are identical, because a specification made on one node does not carry over to the other nodes.

Standard TCP/IP Port

The standard port is the preferred printer port in Windows Server 2003. The standard port uses the standard TCP/IP port monitor (standard port monitor) and is designed for Windows Server 2003-based print servers that communicate with printers by using TCP/IP. For more information about the advantages of using the standard port and the prerequisites for installing a standard port, see "Determining the Print Server Network Connection Method" earlier in this chapter.

To install a standard port

In Control Panel, open the Printers and Faxes folder, right-click the printer that you want to configure, and click Properties.

On the Ports tab, click Add Port.

In the Printer Ports dialog box, select Standard TCP/IP port, and click New Port to launch the Add Standard TCP/IP Printer Port Wizard.

Complete the Add Standard TCP/IP Printer Port Wizard by using the information provided in Table 3.3.

Table 3.3: Using the Add Standard TCP/IP Printer Port Wizard
Wizard Page	Action
Printer Name or IP Address	To identify the printer that will be connected to the port, type its name in the Printer Name or its IP address in the IP Address box.
Port Name	In the Port Name box, type a port name, which can be any character string, or use the default name that the wizard supplies.
Additional Port Information Required	To configure a standard port, click Standard, and then select one of the listed devices. If you do not know the details of the port, try using the Generic Network Card. To create a custom configuration, click Custom, and then configure the port by usingthe Configure Standard TCP/IP Port Monitor screen that appears.

If the wizard cannot determine the appropriate protocol for the port, it prompts you for the information. Follow the vendor's instructions for selecting either the RAW or LPR option.

If you are not prompted for more information, continue to step 5. Review the port information, and click Finish.

The new port is listed on the Ports tab of the Properties property sheet.

Note

With Windows Server 2003, administrators can remotely configure and manage ports from any server running Windows Server 2003. This feature applies to local ports, the standard TCP/IP port, and LPR ports. You must configure AppleTalk ports locally on the server.

You can reconfigure the standard port monitor by adjust the settings in the property sheet for the print server.

Caution

The Configure Port dialog box does not validate the settings created in the following procedure. If they are incorrect, the port no longer works.

To reconfigure the standard TCP/IP port

In Control Panel, open the Printers and Faxes folder, right-click the appropriate printer, and click Properties.

On the Ports tab, click the Configure Port button.

In the Configure Standard TCP/IP Port Monitor dialog box, click either the RAW or LPR protocol.

To configure the protocol, take one of the following actions:

For RAW Settings, type the port number that the printer vendor specified (usually 9100).

For LPR Settings, type the LPR queue name that the printer vendor specified.

If the printer supports SNMP and RFC 1759, select the SNMP Status Enabled check box.

If SNMP Status Enabled is selected, you can change both the SNMP community name and the host device index:

The community name is usually "Public," but you can enter another community name if you want to limit access to the printer.

The device index is used mainly for multiport devices that support several printers; each port on a multiport device has a different device index, specified by the device vendor.

LPR Port

If your network includes clients that are running UNIX, install LPD, which acts as the client for printing according to RFC 1179 guidelines. For more information about the LPR port, see "Determining the Print Server Network Connection Method" earlier in this chapter.

To install an LPR port

In Control Panel, open the Printers and Faxes folder.

Under Printer Tasks, click Add a printer to open the Add Printer Wizard. Then click Next.

Complete the Add Printer Wizard by using the information provided in Table 3.4.

Table 3.4: Steps for Completing the Add Printer Wizard
Wizard Page	Action
Local or Network Printer	Click Local printer attached to this computer, clear the Automatically detect and install my Plug and Play printer check box, and then click Next
Select a Printer Port	Click Create a new port, and then select LPR Port.
Add LPR compatible printer	If LPR Port is not available, click Cancel to stop the Wizard. To add the LPR Port, install the optional networking component, Print Services for UNIX.
Name or address of server providing LPD	Type the Domain Name System (DNS) name or Internet Protocol (IP) address of the host for the printer that you are adding. The host might be the direct-connect TCP/IP printing device or the UNIX computer to which the printing device is connected. The DNS name can be the name specified for the host in the Hosts file.
Name of printer or print queue on that server	Type the name of the printer as it is identified by the host, which is either the direct-connect printer itself or the UNIX computer.

Configuring LPR to print text files to a PostScript printer in UNIX

In some cases, sending an ASCII text file to a PostScript printer on a UNIX-based computer can cause PostScript code to be output on the printer. This can occur because the PostScript printer is processing the text as RAW data without interpreting the PostScript code.

LPR sends a processing instruction in each print job in the form of a control command indicating the data format. Table 3.5 shows the LPR commands for specific data types. Under Lprmon, the default is 1 (RAW data); under Lpr.exe, the default is f (text).

Table 3.5: Control Commands for LPR Printing
LPR Control Command	Data Format Transmitted
f, p	Text data type
L	RAW data type
0	RAW data type formatted for a PostScript printer

Using the default value of 1 can cause the PostScript code to be printed on a UNIX-based system. The 1 value sets the RAW data type, which causes the text file to be printed ignoring the PostScript instructions. To correct this, set 0 (RAW data type formatted for a PostScript printer) as the default value. This might not be necessary on some UNIX systems, which include software that scans arriving documents for PostScript code with the 1 value. If the software detects the 1 value, the document goes directly to the printer; otherwise, the software adds PostScript code. You can change the default control command that LPR sends by editing the PrintSwitch entry in the registry.

Caution

Do not edit the registry unless you have no alternative. The registry editor bypasses standard safeguards, allowing settings that can damage your system, or even require you to reinstall Windows. If you must edit the registry, back it up first and see the Registry Reference on the Windows Server 2003 Deployment Kit companion CD, or at http://www.microsoft.com/reskit.

To change the default control command for a printer

In the registry editor, navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\LPRPort\ Ports\Port-name\IP Address or Host name: Printer-name

Double-click PrintSwitch.

In the Data type box, type REG_SZ, and then in the Value Data box, type the control command you want to specify. (See Table 3.5 for a list of control commands and the value data types that they represent.)

Respooling

Respooling is a method of spooling a document twice to enable the print monitor to locate the appropriate LPD print server. LPR must include an accurate byte count in the control file, but it cannot get the byte count from the local print provider. After Lprmon receives a document from the local print provider, it spools the document a second time to a temporary file in the default spool directory, finds the size of that file, and then sends the size to the LPD print server.

Status reporting

LPR is a one-way protocol and does not return a detailed error status report. If a problem occurs, the message is always ERROR. For more information about LPR or LPR errors, see the Microsoft Knowledge Base link on the Web Resources page at www.Microsoft.com/windows/reskits/webresources. Search the Knowledge Base using the keywords "LPR" or "LPR Errors".

Pooling printers

Printer pooling is especially useful in high-volume printing environments. Pooled printers appear to clients as a single printer, but printing throughput is increased because the load is distributed among the printers in the pool.

Before you set up a printer pool, consider the following issues:

Two or more printers are required; Windows Server 2003 does not limit the number of printers in a pool.

The printers in the pool must be of the same model, and they must use the same printer driver.

Printer ports can be of the same type or mixed (such as parallel, serial, and network).

If you want to ensure that documents are first sent to the faster printers, add the faster printers to the pool first and the slower printers last. Print jobs are routed in the order in which you create the ports.

Because users do not know which printer prints their documents, it is a good idea to locate all of the pooled printers in the same physical location. Otherwise, users might not be able to find their printed documents.

To create a printer pool

In Control Panel, open the Printers and Faxes folder, right-click the appropriate printer, and click Properties.

On the Ports tab, select the Enable printer pooling check box.

In the list of ports, select the check boxes for the ports connected to the printers that you want to pool.

Repeat steps 2 and 3 for each additional printer to be included in the printer pool.

Adding Additional Printer Drivers

By adding additional drivers to your print server, you can support clients that are running various versions of the Windows operating systems. It is preferable to use Version 3 drivers rather than Version 2 drivers as your primary drivers, because Version 2 drivers can cause the system to become unstable or stop responding. However, you might need to use Version 2 drivers as additional drivers if you support clients running Windows NT 4.0. If your server has known bad drivers when it is upgraded, those drivers are deleted during the upgrade process. Any additional drivers that are added must have the same name as the primary driver unless they are Windows 95, Windows 98, or Windows Millennium Edition drivers.

Note

With Windows Server 2003, you no longer need to install printer drivers on each node of a cluster. The drivers automatically propagate to the other nodes of the cluster after they are installed on the virtual server.

Publishing Printers in Active Directory

Publishing your shared printers in Active Directory can make locating printers across a network more efficient for your users. In Windows Server 2003, the print subsystem is tightly integrated with Active Directory, making it possible to search across a domain for printers at different locations. By using the standard printer object that Windows Server 2003 provides, you enable users to search for printer-based attributes such as printing capabilities (including PostScript, color, and paper size) and printer locations (allowing users to find printers located near them).

If you plan to publish printers to Active Directory, follow the naming standard that the print services design team created when you fill out the location fields on the printer properties pages across your network. This enables users to enter a standard string to search for printers by location. If you use subnets to define the sites within your organization, Active Directory can find nearby printers - a process that has formerly been difficult for both administrators and users.

For example, if you are in Los Angeles and want to find all the Los Angeles printers in your deployment, search for a network printer by using the Add Printer Wizard and type US/LAX in the Location dialog box. If US/LAX matches the printer location syntax in Active Directory, your search might return the following results:

US/LAX/1/101

US/LAX/2/103

These results indicate that two printers are available in Los Angeles, located in buildings 1 and 2, in rooms 101 and 103.

Printer publishing is controlled by the List in the Directory check box on the Sharing tab of the Properties sheet for each printer. Printers that are added by using the Add Printer Wizard are published by default, and the wizard does not let you change this setting. If you do not want to publish a printer in Active Directory, after adding the printer, open the printer property sheet, and clear the List in the directory check box on the Sharing tab.

The printer is placed in the Computer object in Active Directory on the print server. After publishing the printer in Active Directory, you can move or rename the object by using the Users and Computers snap-in in Active Directory.

To publish a printer in Active Directory

In Control Panel, open the Printers and Faxes folder.

Right-click the icon for the printer that you want to publish in Active Directory, and click Properties.

On the Sharing tab, select the List in the directory check box.

Connecting Clients to Printers

Generally, clients can establish a connection to a shared network printer hosted on a Windows Server 2003 print server in one of three ways:

Entering the Universal Naming Convention (UNC) path. In the Run dialog box, type the UNC path for the printer (for example, \\PrintServer\Printer), and then click OK.

Using the Add Printer Wizard. From the Printer and Faxes folder, select Add a Printer. When the Add Printer Wizard opens, click Next, select the network printer option, and either type or browse to the path for the shared printer.

Using drag-and-drop. In the Run dialog box, open the shared printers folder on the remote print server. Then drag the desired printer icon into the Printers and Faxes folder on the local workstation.

Restricting Access to Printers

If your design calls for restricting access to certain printers, you can do so by using printer permissions. To do this, it is recommended that you create a user group and then limit access to a printer to members of the group.

To create a local group

Right-click My Computer, and click Manage.

In the console tree, double-click Local Users and Groups.

To add the group, right-click Groups, and click New Group.

In the Group name box, type the name of the new local group.

To add users to the group, click Add, and enter the user names in the Enter the object names to select box.

To restrict access to a specific printer

In Control Panel, open the Printers and Faxes folder.

Right-click the icon for the printer to which you want to restrict access, and click Properties.

To remove extraneous group members, on the Security tab, remove all entries in the Groups or user names list box except Administrator and Creator Owner.

To grant access to the printer, click Add, and then enter the names of the groups and users that you want to grant access to this printer.

Enabling Internet Printing

By using Internet printing, you can manage print resources from your Web browser. To be able to print over the Internet, clients within the same Local Area Network (LAN) must use a remote procedure call (RPC) to connect to the print server. For more information about prerequisites for Internet printing, see the Server Management Guide of the Windows Server 2003 Resource Kit (or see the Server Management Guide on the Web at http://www.microsoft.com/reskit).

Installing a Printer from a Web Page

To install a printer for Internet printing, you can either view a Web page to find a printer that is identified by a URL, or — if the client is running Windows Server 2003, Windows XP Professional, Windows 2000, Windows 95, Windows 98, or Windows Millennium Edition — connect to a printer share through a Web page.

Open a web browser, and type: http://servername/printers. Under Printer Actions, click Connect. The installation page displays available options based on your permissions. Windows Server 2003 downloads the printer software to the client, and the printer is displayed in the Printers and Faxes folder on the client.

The installation route depends on whether the client and the print server are on the same intranet and are both running Windows XP Professional, Windows Server 2003, Windows 2000, or Windows NT 4.0. If they are, the client and print server communicate by means of an RPC, and the installed printer continues to use an RPC to link the client and the server even if HTTP is not specified in the address.

The installation uses HTTP instead of RPC in the following instances:

The client and server are not on the same intranet.

The client is not running Windows Server 2003, Windows XP Professional, Windows 2000, or Windows NT 4.0.

The printer contains an internal network adapter, supports Internet Printing Protocol 1.0, and is not connected to a server.

With HTTP, the print server generates a .cab file containing the required .inf and installation files and sends the .cab file to the client. On the client computer, the .cab file starts the Add Printer Wizard to complete the installation. A progress report is displayed in HTML while the wizard is working.

Important

Installation is not automatic for Web-based printers with internal network adapters. You must start the Add Printer Wizard, enter the printer's URL instead of a UNC path, and manually enter information that the wizard requires. You can use this method to install any URL-identified printer by means of HTTP.

Security for Internet Printing

Print server security is provided by IIS, which runs on the print server. IIS allows basic authentication, which all browsers support. The administrator must select basic authentication to enable the print server to support all browsers and all Internet clients. IIS and PWS allow the use of Integrated Windows authentication and Kerberos authentication, both of which are supported by Internet Explorer.

The authentication method for Internet printing in IIS or PWS is set in the print server's property sheet on the Directory Security tab.

By default, print jobs are sent over HTTP as RAW data. If it is important to keep this data secure, use either a Virtual Private Network (VPN) or Secure Socket Layer (SSL) connection.

To select an authentication method

In the console tree of the IIS console, expand the node for the server, expand the Web Sites node, expand the Default Web Site node, and then expand the Printers node.

Click the icon at the Printers node.

This node represents a virtual directory that is used to set all security for Internet printing. A list of Application Server Pages (ASP) appears in the details pane.

In the console tree, right-click the printer, click Properties, and then click the Directory Security tab.

Choose one of the following Directory Security options by clicking the respective Edit button:

Authentication and access control

IP address and domain name restrictions

Secure communications

Typically, administrators select Enable anonymous access, which allows a client to access each server resource by impersonating the Anonymous account IUSR_computername. No user action is required. If a user attempts to connect to another domain or proxy server that does not allow anonymous access, a dialog box prompts for the user name and password.

To choose anonymous access authentication

On the Directory Security tab of the Printers Properties page, click the Edit button for Authentication and access control.

Select the Enable Anonymous access check box.

Clear the Windows Integrated authentication check box.

Note

Integrated Windows authentication is checked by default and takes precedence over other types of authentication. To ensure that users are authenticated anonymously, clear all check boxes except Enable anonymous access.

Integrated Windows authentication is more secure, because it does not send the password. During Integrated Windows authentication, IIS applies either challenge and response encryption technology, or Kerberos encryption technology, depending on the capability of the client. For more information about IIS security, see the Internet Information Services (IIS) 6.0 Resource Guide of the Windows Server 2003 Resource Kit (or see the Internet Information Services (IIS) 6.0 Resource Guide on the Web at http://www.microsoft.com/reskit).