Previous Page
Next Page

3.11. Understanding Print Sharing Services

Printers and printing services are areas of Windows Server 2003 that haven't changed very much in the migration from Windows 2000. Given that, let's take a brief look at the relevant terminology associated with printing services and how Windows treats printing in general.

To Windows, a printer is the machinery that actually puts ink or toner on a page. There is also such a thing as a logical printer, which refers to the interface between the physical printer and the software that is instructing the printer to print. Think of the logical printer as the printer driver; you can indeed use the two terms interchangeably.

Some important points to consider:

  • It is possible and practical in some instances to have multiple logical printers for every physical printer. I cover some of the scenarios in which such a configuration would be useful in this section.

  • Conversely, you can associate one logical printer with multiple physical printers, creating a "printer cluster" of sorts. The technical term for this is a printer pool , and it's most commonly used when print jobs need to be directed to the first available printer. I also discuss that a bit later in this part of the chapter.

  • Different types of drivers are available for use in Windows Server 2003. Level 2 drivers are older drivers that were written for Windows NT which run in kernel mode, a function of the OS that makes the entire OS vulnerable to any instability on the part of the driver. Fortunately, this becomes an issue only when you upgrade NT systems to Windows Server 2003. Level 3 drivers, which are newer and are meant for Windows 2000, XP, and Server 2003, run in protected user mode, which separates them from the kernel and isolates them from the rest of the operating system in the event they crash.

3.11.1. Internet Printing

There's also a feature introduced in Windows 2000 but retained in Windows Server 2003 known as Internet printing , which enables you to print directly to the printer over an intranet or the Internet using the HTTP protocol. You do this either by using an Internet-enabled printer, which some of the more expensive printers are, or by using Windows Internet printing services, which involves using IIS.

Although the technology sounds neat and useful in theory, think about it in practice. All of us remember junk faxes and fax attacks: taping a sheet of paper completely covered in black ink to itself so that it would continually transmit and waste paper and ink on the receiving end. Think about a cracker compromising your Internet-attached printer and the wasted paper and toner there. Also, some of the more expensive printers retain the last few print jobs in memory in case they need to be repeateda sort of spooler cache. A cracker who penetrates the Windows Internet printer server could access the printer's memory and make off with copies of sensitive documents.

The bottom line is that this feature just isn't safe and isn't practical in today's hostile Internet environment. I strongly recommend against using this feature. Standard printing services are flexible enough for most of your needs, and if you really need to print over the Internet, do it to a Kinko's printer and have them deliver the job to you.

3.11.2. Setting Up Print Sharing

To configure a print server, use the Manage Your Server Wizard. Click Add or Remove a Role, and on the Server Role page, select Print Server and click Next. Then follow these steps:

  1. Select the appropriate versions of operating systems that are running on client workstations on your network, and then click Next.

  2. The wizard will summarize the choice you just made, in a ridiculously repetitive manner. Click Next to continue.

  3. The Add Printer Wizard is started. Here, you'll actually add the printer drivers to your system. If your printer supports Plug and Play, click Cancel on this wizardyour printer and Windows will communicate without you having to go through the wizard.

  4. On the Local or Network Printer page, choose whether to send print jobs directly to the printer, or to a secondary print server on another machine. If you want to send print jobs directly to a printer connected to the machine on which the wizard is running, or to a printer with its own network adapter, choose Local Printer. Otherwise, choose Network. Click Next when you're finished.

  5. If the wizard can't detect a Plug-and-Play printer, the New Printer Detection screen will appear. Choose the printer port (most likely it's LPT1 for a directly connected printer). If you have a printer with its own network adapter, click the Create a New Port button, and follow the instructions that came with your printer. This commonly involves setting up a standard TCP/IP port and specifying the printer's IP address as the destination for print jobs. Click Next to continue.

  6. If you selected a network printer or a printer attached to another computer, the Specify a Printer page appears. You can browse for a shared printer, type in the explicit pathname to the shared printer (e.g., \\printsrv\flr1-printer), or connect using TCP/IP to the remote printer. It's important to note that by selecting a network printer in this wizard, the print server role will not be fully installed on your serveryou must have a local printer attached to be an official Windows print server. To proceed, enter the appropriate information where requested, and click Next.

  7. On the Install Printer Software page, select the appropriate printer manufacturer and model. If it's not listed, find the appropriate drivers for the printer from the manufacturer, and click the Have Disk button to install those drivers. Click Next.

  8. The Name Your Printer page appears. The default name is the manufacturer and model of the printer, but you might want to consider changing it to make it easier for users to recognize what printer it is and where it's located. Also, on this screen, determine if you want to use this printer as the default printer, and select Yes or No accordingly. Note that this doesn't set this printer as the one that clients use by default. It simply sets it as the default printer from the print server console. Click Next to proceed.

  9. On the Printer Sharing page, Share Name is selected by default. Note that you must share a printer for this machine to act as a print server. The default share name is the first eight letters of the printer manufacturer and model, without spaces; you might change this name as well to something more meaningful to your users.

  10. On the Location and Comment page, type a description of the print server location, and then, in the Comment box, type a general notation about the printer's capabilities and features. This step is optional. After you finish, click Next.

  11. You can print a test page from the next screen to ensure you've configured the printer correctly. (The page prints when you finish the wizard, not immediately upon clicking Next.) Click Next when you're ready to proceed.

  12. Click Finish to complete the wizard, or select the box to restart the wizard so that you can add more shared printers.

  13. When you click Finish, the wizard installs the printer driver files. Then, if you chose to print a test page, the wizard attempts to print that page. If you selected All Windows clients in step 1, the Add Printer Driver Wizard starts after you complete the Add Printer Wizard. You can use the Add Printer Driver Wizard to install client printer drivers onto the print server, which then can distribute them to clients automatically. See later in this section for this procedure.

  14. After you complete the Add Printer Wizard and, if necessary, the Add Printer Driver Wizard, you see the This Server is Now a Print Server page. Review the logs to see what changes were made, and then click Finish.

You can remove the print server role through the Manage Your Server Wizard by clicking Add or Remove a Role, selecting Print Server, and clicking Remove. This will unshare and then remove any shared printers on that server, making them unavailable for use over the network.

3.11.3. The Print Management Console

The Print Management Console, a feature in Windows Server 2003 R2, unifies all printer and print server management tasks into one convenient, efficient interface. The PMC can manage all network printers on print servers running Windows 2000 Server, Windows Server 2003, or Windows Server 2003 R2, making it a great tool to get an all-encompassing picture of the printers in your organization.

To install the PMC, use the Add/Remove Programs applet within Control Panel. Select Windows Components, and under Management and Monitoring Tools, check the Print Management Console component. Click OK, and Windows will install the PMC for you.

Figure 3-42 shows the Print Management Console when you first load it.

Figure 3-42. The Print Management Console


You can add various print servers on your network to the list on the left side of the console by right-clicking on Print Servers and selecting Add/Remove Servers. Either type the name of the server or browse to it. Repeat as necessary.

3.11.3.1. Adding and viewing printers

Using the PMC, you can automatically add all printers located on the same subnet as the print servera task that involves detecting the printers, installing the appropriate drivers, creating and configuring the queues, and enabling sharing. This is all done by the PMC without any intervention from you, with the exception of being prompted for drivers for some more obscure printers. All you need is to (1) be on the subnet as the printers you want to autodetect and (2) have administrator credentials for the print server. Just right-click on the local print server within the PMC and select Automatically add network printers. Click Start, and you're done.

To give yourself a more organized view of the printers on your network, you can add printer filters, which restrict a view to only printers which meet a certain criteria. The PMC comes with three built-in filtersall printers (which isn't really a filter after all), printers that have a status of "Not Ready," and printers that currently have an active job. You might find it useful to create specific views of all printers in a building, printers that have the capability to print in color, or all printers out of paper. With each filter, you can specify that an email or script be run or sent when there are printers that satisfy the filter's criteriauseful for those problem printers.

To set up a filter:

  1. Right-click on the Custom Printer Filters folder, and then select Add New Printer Filter.

  2. The New Printer Filter Wizard will appear. Type a name and a description for the filter. You can also choose to include the number of printers that satisfy the criteria of the filter beside its name in the PMC by clicking the checkbox. Click Next to continue.

  3. The Define a Printer Filter screen appears.

  4. The Set Notifications (Optional) page appears. Choose either to set an email notification (which requires a destination email address and an outgoing SMTP server) or a script to run.

  5. Click Finish.

3.11.3.2. Performing mass administration tasks

By using the All Printers view of the PMC, you can perform some mass actions on all the printers listed, including pausing printing, resuming printing, canceling all jobs on all printers, listing all of the printers in Active Directory, or removing all printers from Active Directory. Just select the All Printers view in the PMC, and then select all printers in the righthand pane. Right-click anywhere in the pane, and then select the bulk action you'd like to perform.

3.11.3.3. Device drivers

The PMC can list, by server, each printer driver installed on your print servers. This is useful for seeing which print servers support which types of printers, and you also have a convenient interface to add, remove, or reinstall print drivers. You can perform all of these actions by expanding the particular print server in question in the left pane, right-clicking on the Drivers section of the tree, and selecting Manage Drivers. From there, you can:

  • Click Add to launch the Add Printer Driver Wizard.

  • Select a printer driver from the list and click the Remove button to clear it from that server.

  • Select a driver and click Reinstall to reinstall the driver.

  • Select a driver and click Properties to view the details for a particular driver.

3.11.4. Custom Printing Configurations

In this section, I'll look at some custom printing configurations and scenarios which you might encounter in your organization.

3.11.4.1. Controlling the print spooler service

The print spooler service controls all parts of printing in Windows, taking documents from applications that request printing services and distributing them to the correct printer drivers as needed. You can control the service through both the GUI and the command line.

To view the print spooler service status through Windows, follow these steps:

  1. Open the Computer Management snap-in.

  2. Expand the Services node.

  3. Find the Print Spooler service in the righthand pane, right-click it, and select Properties from the context menu.

  4. Click Start or Stop to perform either task on the service.

To start or stop the printer spooler from a command line, follow these steps:

  1. Open a command prompt.

  2. Execute the following commands, depending on your intent: net start spooler to start the spooler, or net stop spooler to stop it.

The spooler service can have dependencies from other services. If other services need the spooler to be running, you'll be prompted with a list of those services that need to be stopped before Windows will allow you to stop the service.

Also note that the print spooler service is authenticated through the Local Computer system account by default, not through a specific user account.

3.11.4.2. Configuring default printer settings

By using the Printing Defaults section of the properties page, you can set the default settings , such as paper size, layout orientation, tray selection, and number of copies printed, for all users who connect to that specific printer. Individual users can further customize these settings by using the properties page for the printer as listed on their client workstation, but those settings will apply only to that installation, not to all users who connect to the networked printer.

In security-sensitive environments, you might want to set the default paper source to Manual. This ensures that a document will not print until the user feeds the paper to the printer, so confidential information is not left on a printer tray. You also might consider purchasing a printer that supports a password authentication feature, which holds a print job from actually being printed until the user enters a password at the printer console. You usually find this feature on the more expensive network printers from HP, Tektronix, and others.

To configure default settings for a printer, follow these steps:

  1. Open the Printers and Faxes Control Panel applet.

  2. Right-click the printer you want to use and select Properties.

  3. Navigate to the Advanced tab and click Printing Defaults.

  4. Click the Layout and Paper/Quality tabs and the Advanced button on each to see the available choices and to specify the new default settings.

  5. Click OK to apply the new settings.

3.11.4.3. Choosing a separator page

A separator page is simply a piece of paper that follows a job to acknowledge a switch in printer language. It's useful for a high-volume shared network printer, where many people's jobs go, so that the users don't get confused about printer languages.

You need the Manage Printers permission set via your user account properties in Local Users and Groups inside the Control Panel for nondomain machines or Active Directory Users and Computers for domain computersto adjust the settings for the separator page. Note that in smaller networks or individualized security groups, it might be easier to assign the Manage Printers or Manage Documents permissions to the group that is associated with a particular printer. For example, if the accounting department has their own printer (called ACCTG1) that no one else uses, by granting the Manage Printers right to all members of the ACCTG1 Users group, you can delegate a good bit of administrative responsibility. Any member of the group can then add and delete documents from, modify, or otherwise manage the print queue itself.

To enable and choose a separator page, follow these steps:

  1. Open the Printers and Faxes Control Panel applet.

  2. Right-click the printer you want to use, and select Properties.

  3. Navigate to the Sharing tab and click Separator Page.

  4. Click Browse and find your C:\Windows\System32 folder or equivalent.

  5. Specify one of the following separator page files that Windows provides in the System32 folder:

    • The file pcl.sep prints a page after switching the printer to PCL printing.

    • The file sysprint.sep prints a page after switching the printer to PostScript printing.

    • The file pscript.sep does not print a page after switching the printer to PostScript printing.

3.11.4.4. Adding printer drivers for other operating systems

Take, for example, this scenario: you have clients running other operating system versions that need to connect to the same shared printer, and you want to automate driver installation for those clients.

Especially in larger organizations, it's generally a good idea to install drivers for other operating systems on the server to facilitate printer setup, deployment, and management. If the drivers for a particular printer are on a server on your network, it's easy to construct a login script or other GP-based automated install utility to deploy a new network printer to a group of users and desktops.

Storing drivers on the server also makes pushing updated revisions of the driver a lot easier. NT 4.0, Windows 2000, and XP Home clients check printer drivers on the print server each time the connection to the server is reestablished. NT 3.1, 3.5, and 3.51 clients look for an updated driver each time the client spooler service is started. New copies of the drivers are downloaded at each of these times if newer versions of the drivers are available from the server. Windows 9x-based print drivers are not capable of being kept current automatically, so you must manually update the drivers on these clients when you do a server-based update for other platforms.

To install printer drivers for other operating systems, follow these steps:

  1. Open the Printers and Faxes Control Panel applet.

  2. Right-click the printer you want to publish into the directory, click Properties, and navigate to the Sharing tab.

  3. Click Additional Drivers.

  4. Check the checkboxes for the additional operating systems your clients are running, and click OK.

3.11.4.5. Publishing shared printers into Active Directory

Publishing a printer to Active Directory accomplishes much the same effect as publishing a file share: your users can search for it within Start/Find or Start/Search (depending on the operating system) without needing to call the help desk to find the closest printer.

Of course, you must share a printer before you can publish it to the directory. If you add a printer to a server running Server 2003, it is shared by default. However, printers attached to computers running client operating systemsWindows XP, Windows 2000, Windows NT, and the likeare not shared by default. You must share them manually. As well, the user account you use to share and publish a printer into the directory must have the Manage Printers permission on the user account. Note that to publish a printer shared using a computer running Windows NT, you must use the Active Directory Users and Computers snap-in.

If you have Active Directory domains and your GP settings are still at their default configuration, the options to Automatically publish new printers in Active Directory and Allow printers to be published still are enabled. Therefore, the printer will be published by default.

The full name of a shared printer (for example, \\SERVER\LASER_PCL) should contain no more than 32 characters, for maximum legacy application compatibility.

To publish a printer to Active Directory, follow these steps:

  1. Open the Printers and Faxes Control Panel applet.

  2. Right-click the printer you want to publish into the directory, and navigate to the Sharing tab.

  3. Click Share This Printer, and enter a name for the printer share.

  4. Check the List in the Directory checkbox.

  5. Click OK.

3.11.4.6. Setting up alternate/restricted printing times

Printers are always available by default, but for various reasons you might want to restrict their availability. For example, if you have an expensive printer that is used only for producing camera-ready proofs and the proofs are due by 1:00 p.m. each day, you might want to set the printer as available only between 6:00 a.m. and 1:00 p.m. to help prevent wasting the expensive resources it uses for jobs other than those proofs.

To restrict printing to certain times of the day, follow these steps:

  1. Open the Printers and Faxes Control Panel applet.

  2. Right-click the printer you want to configure in this manner and select Properties.

  3. Navigate to the Advanced tab, and then click Available From.

  4. To set the time period that the printer will be available, click the up or down arrows, or alternatively, type a start and end time, such as "9:00 a.m. to 5:00 p.m."

  5. Click OK to finish the wizard.

3.11.4.7. Controlling print priority between groups

Let's say you want to give a user or a certain group priority access to a printer. How do you do that?

The process is simple, if non-intuitive: create two logical queues for the same physical printer, one with a higher priority than the other, and restrict the higher-priority queue to the members of the group that require it. Note that setting a priority on a single printer with only one print queue is effectively doing nothing. You must have two or more logical print queues for one physical printer to take advantage of the priority feature.

To control print priority between groups, follow these steps:

  1. Open the Printers and Faxes Control Panel applet.

  2. Right-click the printer you want to configure in this manner and select Properties.

  3. Navigate to the Advanced tab. In the Priority box, click the up or down arrows and click OK when you reach the priority level you want. Alternatively, you can type in a priority level between 1 and 99 and click OK (1 is the lowest priority, and 99 is the highest priority).

  4. Add another printer, configured exactly the same, using the Add Printer Wizard. This creates a second print queue for the same physical printer.

  5. Right-click New Logical Printer, select Properties, and navigate to the Advanced tab.

  6. Set a priority higher than that of the first printer queue, as defined in step 3.

  7. Configure the permissions on the higher-priority print queue to allow only certain groups to print to it. Leave the regular print queue open to all if you want.

  8. Instruct the regular group of users to use the first logical printer name and the group with higher priority to use the second logical printer name.

3.11.4.8. Using PostScript and PCL

If you want users to print to a printer that supports both PostScript and PCL, create two different print queues, one for each language. Users can then print to the appropriate queue, depending on the language they need.

You also can use this procedure for any printer that supports multiple languagesit is not restricted to just PostScript and PCL.


To print to a printer that supports both PostScript and PCL, follow these steps:

  1. Open the Printers and Faxes Control Panel applet.

  2. Double-click Add Printer and click Next.

  3. Follow the wizard until it prompts you to choose the make and model of the printer. Click the appropriate model under the respective manufacturer, with either PostScript (PS) or PCL as indicated. For example, for an HP LaserJet 8100 series printer, click HP LaserJet 8100 Series PS to configure a PostScript queue.

  4. Continue the wizard until that queue is created.

  5. Begin the wizard once again, this time to add a second logical queue (for the other printer language) for the same physical printer.

  6. When the wizard asks you to choose the make and model of the printer, click the appropriate model under the respective manufacturer and select the other language that's supported that you didn't configure in step 3.

  7. Continue the wizard until that queue is created.

It is highly recommended when you create a PCL print queue and a PostScript print queue that they both have the same name with the exception of adding a "_PS" on the end of the PostScript queue name. This way, when you sort your printers, it will be easy for you to tell which printers have an associated PS queue, as they will all sort together. It's a useful method for when you are deleting or performing maintenance on old printer queues.


3.11.4.9. Retaining all print jobs

For regulatory reasons, you might want to keep a copy, inside a print queue, of everything that is printed from that queue.

To retain documents in a print spool, follow these steps:

  1. Open the Printers and Faxes Control Panel applet.

  2. Right-click the printer you want to configure in this manner, and select Properties.

  3. Navigate to the Advanced tab, and check the Keep Printed Documents checkbox. Click OK to finish.

When retaining copies of the documents you print from a queue, you need to carefully monitor the disk space on the server that hosts the queue. To clear out the disk space occupied by the copies of the documents, uncheck the Keep Printed Documents checkbox as described in step 3.

3.11.4.10. Configuring printing to multiple physical printers

Printer pooling enables you, as the administrator, to create a set of printers that print multiple copies of documents when they are sent to the queue. This is useful in law or customer service applications, in which printed document review must be completed in a timely fashion.

To use printer pooling, you must have identical printers with identical drivers.

To set up a printer pool, follow these steps:

  1. Open the Printers and Faxes Control Panel applet.

  2. Right-click the printer you've set up and select Properties.

  3. Navigate to the Ports tab and select Enable Printer Pooling.

  4. Finally, select the ports to which the printers you want to pool are connected. Click OK to finish.

3.11.4.11. Adding color profiles

Color profiles help users of publishing software synchronize colors between their client computer's monitor and the color printer. Often, colors are mismatched and painted differently between each device, which can result in substandard output from the printer. By associating a color profile with a printer, publishing software on the client computer can use the profile to ensure the colors that are displayed on the screen are the colors that will be printed on the document itself.

Native to Windows is a color profile that is compatible with any device that supports the Image Color Management 2.0 specification. This file is: %SystemRoot%\System32\Spool\Drivers\Color\sRGB Color Space Profile.icm.

Logically, it follows that color profiles are supported only on color printers, and the Color Management tab within a printer's properties page is found only on printers that the driver installed on the server specifies as color printers.

To associate a color profile with a printer, follow these steps:

  1. Open the Printers and Faxes Control Panel applet.

  2. Right-click the color printer with which you want to associate a profile and click Properties.

  3. Navigate to the Color Management tab and click Add.

  4. Browse for the profile file. You typically can find them in the System32\Spool\Drivers\Color folder under the Windows root folder.

  5. Select the file and click Add to associate the profile with the printer.

3.11.4.12. Tracking the location of printers

If you have more than one Active Directory site, you can enable printer location tracking to help your users identify the geographic location of printers within the directory. To use printer location tracking, you need to have an IP address assignment system that corresponds closely to the physical layout of your sites, and a subnet object within Active Directory for each site.

Active Directory sitesas well as other Active Directory parlanceare covered in detail in Chapter 5, and Group Policy is discussed thoroughly in Chapter 6.


To enable printer location tracking, you must first create a subnet object for each site, which is named based on a common pattern that you determine. Configure a Group Policy object to preconfigure a printer search location for each user. Enter the printer's location (based on the naming convention assigned in the first phase of this procedure) inside its properties page and publish that information to the AD.

The following instructions step you through this process:

  1. Open the Active Directory Sites and Services snap-in.

  2. Right-click the subnet (under Sites and Services, choose Sites, and then Subnets), and choose Properties.

  3. On the next screen, click the site with which to associate the subnet and click OK. Figure 3-43 demonstrates this.

    Figure 3-43. Associating a site with a subnet

  4. Repeat as necessary for all subnets and sites.

  5. Once you've associated all sites in your tree with a subnet, right-click once more on each subnet, and navigate to the Location tab.

  6. Enter a descriptive location based on a common pattern. For example, many companies might want to consider using a consistent pattern such as country/state/city. Using this example, a subnet in the sales office in Charlotte might be identified as US/NC/Charlotte. Figure 3-44 shows this step.

    Figure 3-44. Entering a consistent location identifier for each subnet

  7. Repeat as necessary for all subnets and sites.

  8. Open Active Directory Users and Computers.

  9. Identify the organizational unit to which you want to enable printer location tracking, right-click it and select Properties.

  10. Navigate to the Group Policy tab, and click New... to create a new policy object. Name the object (in this example, we'll name it Printer Location Pre-population) and click OK.

  11. Select the new policy object, and click Edit.

  12. Navigate to the Printers section, under Computer Configuration and Administrative Templates.

  13. Double-click "Pre-populate printer search location text" within the policy template list. When you do this, Windows clients will automatically detect their subnet (based on their site within AD) and populate this information in the Search field, so when clients search for available printers geographically close to them, they will be presented with a complete list. Figure 3-45 shows this step.

  14. Now, open up the Printers and Faxes Control Panel on each server that hosts shared printers. Right-click a printer and select Properties.

  15. Type the printer location (alternately, click Browse to find it). Enter the location based on the naming convention used earlier and on the printer's location. For example, the color laser on the third floor of the Chicago office, as described earlier in this section, might be named US/IL/Chicago/Sales/Col-Laser-3.

  16. Repeat for all printers in the directory.

Figure 3-45. Enabling the printer prepopulation policy



Previous Page
Next Page