Vol. 17, #20 - May 14, 2012 - Issue #879 Image

Printing Pitfalls

  1. Editor's Corner
    • From the Mailbag
    • Mailbag Overflow
    • Printing Pitfalls
    • Tip of the Week
    • Recommended for Learning
    • Quote of the Week
  2. Admin Toolbox
    • Admin Tools We Think You Shouldn't Be Without
  3. Events Calendar
    • Americas
    • Europe
    • Asia/Pacific
  4. Webcast Calendar
    • IPv6 Address Autoconfiguration and DHCPv6
    • This Week's Webcasts
    • Register for Webcasts
  5. Tech Briefing
    • Still need MDT 2010 Update 1?
    • Study of Commercially Deployed Single Sign On
    • Back to the basics with Microsoft software licensing options
    • Introducing Windows 8 Enterprise and Enhanced Software Assurance for Today's Modern Workforce
    • Don't Be Afraid To Learn PowerShell, You'll Need It & You'll Learn To Love It!
    • Virtualizing your Domain Controllers
  6. Windows Server News
    • Cloud computing benefits may trump public cloud security fears
    • VDI assessment guide
    • VMware to Hyper-V converts share lessons learned
  7. WServerNews FAVE Links
    • This Week's Links We Like. Fun Stuff.
  8. WServerNews - Product of the Week
    • Take Control of Group Policy with SDM Software

Take Control of Group Policy

Take Control of Group Policy with SDM Software Optimize, Consolidate or Migrate your GPOs with the help of SDM Software's GPO Reporting Pak. The Reporting Pak, with GPO Compare and GPO Exporter, provides unprecedented visibility into your Group Policy environment. Get reports on unused GPOs, conflicting or duplicate settings, unlinked GPOs and more.

Download a trial version now!

Editor's Corner

Save this newsletter so you can refer back to itand find helpful tips, tools and other resources that can help you when you face some planning decision, management task or troubleshooting headache!

From the Mailbag

The April 30, 2012 issue Logon Legalese generated a lot of responses pointing out that the primary motivation for implementing logon warning banners is so you can prove in court that a hacker or disgruntled employee knows he's doing something wrong if he breaks into or simply misuses one of your organization's computers. For example, reader Kevin said:

The historical basis for the banner is based on a court case years ago. An interloper hacked into a computer and gained access to data to which the individual had no right. The courts ruled the organization could not prosecute because the computer screen said 'Welcome' thus the organization invited the miscreant to hack into the system. This also avoids the interloper being able to claim, "Gee- I didn't KNOW I was not allowed on that system." The logon screen is because the legal system is even more brain dead than end-users. You have to prove in court the hacker was informed the system was not open for casual use.

He also added:

(Of course by that reasoning, we should all wear "You are not authorized to kill me" signs.)

Another reader named Darrell who is a retired ISSO reinforced this argument by pointing out that:

It does not matter if the good guys read the banner they are allowed to access the system. The bad guy is not going to read it anyway because he/she knows they are doing something illegal. The reason for having a pre and/or post logon banner is legal. If you catch someone breaking into your system, most prosecutors will not touch the case if you do not have a logon banner stating that it is illegal to logon to the system unless you are an authorized user. Prosecution of the hacker is the reason for the logon banner.

A third (anonymous) reader chimed in with another reason for implementing logon banners, namely the issue of monitoring employee use of your computing resources:

They also provide consent to monitoring. Whether users read the notifications or not, they have been notified, and have no basis for challenging any disciplinary or legal action on the basis they were not told.

Several other readers echoed much along the same lines, and of course this all makes sense, especially if you work in a government agency, the finance industry or the military, or if you plan on monitoring how users access computing resources. I suppose that living here in Canada where people are nice and nobody ever sues anyone except in Toronto (lol) probably gives me a different perspective on this whole matter...

Time for the obligatory XKCD comic:
http://www.wservernews.com/go/1336642461008

And FWIW it's really not that cold up here...

Anyways, thanks to all the readers who work in paranoid, high security environments where logon banners are a requirement. What I'd *really* like to hear is how readers in such organizations have implemented logon banners on PCs running Windows 7, especially pre-logon banners. Send me an email at wsn@mtit.com

Mailbag Overflow

Check out Trench Tales, a series of articles on WindowsNetworking.com where we publish additional tips and comments from our newsletter readers that we're unable to include in our Mailbag column due to space limitations:

Printing Pitfalls

The Print server role isn't one of the sexier roles of Windows Servers, which probably explains why the Windows Printing Team Blog hasn't been updated for over two years:
http://www.wservernews.com/go/1336642423961

But since the much-vaunted paperless office still hasn't arrived for most of us, print servers are still essential in most business environments. Security improvements like UAC in Windows Vista and later, coupled with the phase-out of 32-bit servers with Windows Server 2008, have led to some frustrations in the formerly benign and placid area of getting stuff printed. Let's look at a few issues and how to resolve them.

Installing drivers from print servers

Allowing standard users (i.e. users who aren't local admins on their computers) to install print drivers from print servers can be done by enabling and configuring this Group Policy setting:

Computer Configuration\Policies\Administrative Templates\Control Panel\Printers\Point and Print Restrictions

Specify the names of trusted print servers on your network and configure the two security prompt settings to Do not Show Warning Or Elevation Prompt. And if you still have Windows XP clients in your environment, you should configure the similarly named policy setting found under User Configuration.

For more information see "Control Printer Driver Installation Security" in the TechNet Library at:
http://www.wservernews.com/go/1336642444305

Using Windows 7 x64 with legacy 32-bit print servers

If your current environment is still Windows XP PCs and 32-bit Windows Server 2003 SP2 servers (yikes) and you plan on migrating your PCs to Windows 7 x64 but keeping your old servers for a while (yikes again!), will your 64-bit Windows 7 users have any problems printing to your 32-bit print servers?  

Nope. As long as you add 64-bit drivers for your printers to your print servers (if your dusty old printers have 64-bit drivers available for them) everything should be OK.

For more info, see the post "How to: Add 64-bit print drivers on 32-bit Windows Server 2003 or Windows Server 2008 print server" from awhile back on the TechNet blog called "The troubleshooters and problem solvers" at:
http://www.wservernews.com/go/1336642529133

Migrating to Windows Server 2008 R2 print servers when you still have Windows XP clients

What if your current environment is Windows XP/Windows Server 2003 and you plan on using the Print Migration Wizard (Printbrm.exe) to migrate your print servers to Windows Server 2008 R2 while keeping at least some of your clients running Windows XP for a bit longer? (Hmm, you like playing with fire, don't you--I'll bet you're still driving an 82 Datsun too.) Do you need to make any changes to your Windows XP clients or can they just keep their current print drivers since you're not changing the printers, just the print servers?

Yep. You'll need to delete all printer connections and driver references on your Windows XP clients and create new printer connections for them. To do this you'll probably need to do some custom scripting that leverages the Prnmngr.vbs and Prndrvr.vbs scripts. See here for a list of in-box commands and scripts in Windows 7:
http://www.wservernews.com/go/1336642608821

Also see the Print Services Migration Guide in the TechNet Library:
http://www.wservernews.com/go/1336642587759

Enumerating the drivers on a Windows installation

How can I know what printer drivers are available in-box in Windows? And how about out-of-box drivers? Michael Murgolo of The Deployment Guys blog has a script and post that shows you how to obtain this information:
http://www.wservernews.com/go/1336642594821

This could be useful if you're planning a print server migration for your environment.

Print/Fax Forum on TechNet

Finally, if you have printing problems in your Windows Server environment, a good place to seek help is the Print/Fax TechNet Forum, which is maintained by MVPs and by Product Group experts at Microsoft:
http://www.wservernews.com/go/1336642600415

Got more printing tips?

Share your expertise with our readers by sending your printing tips wsn@mtit.com

Tip of the Week

You like keyboard accelerators a.k.a. shortcut keys? Here's a nifty one you probably don't know about. When you open Windows Explorer and select Details view, you'll see your files and folders organized as a list with four columns called Name, Date Modified, Type, and Size. You can also add additional columns like Title, Authors and so on by right-clicking on the column header. And compressed folders like the one in this figure show even more columns by default:

Image

Unfortunately Explorer doesn't automatically try to justify columns in Details view, which can result in wasted space and a lot of horizontal scrolling when you have a lot of columns displayed.

Shortcut key to the rescue! By simply pressing the keystroke combination of CTRL and + where + is the plus sign on the *numeric* keyboard, you can make Explorer shrink the columns so you can see more details without scrolling:

Image

Got any Windows or Office keyboard accelerators to recommend to our readers? Let us know at wsn@mtit.com

Recommended for Learning

Using MacOS X Lion Server (O'Reilly) is a well-written book that walks you step by step through planning, installing and implementing MacOS X Lion servers as file servers, mail servers and other network services like VPN for small organizations. If the primary client OS in your environment is Mac OS X and you don't need Active Directory, then Lion servers may be a good solution that can meet your needs. But before you deploy Lion servers in your environment, get this book and read it through so you can learn what it can do and what it can't.
http://www.wservernews.com/go/1336643034402

Switching to the Mac: The Missing Manual, Lion Edition (O'Reilly) is a guide for Windows users who want to learn how to use a Mac. It's very detailed and covers just about everything you'll need to know. It's also maddening sometimes for an experienced Windows user like myself. A few examples will illustrate what I mean:

"Apple expects is customers not to shut down their machines between sessions, and that's fine. Instead, you're encouraged to use sleep mode (formerly called Standby on the PC)."

Um, how is that different from Windows PCs? I never shut down my PC.

"When it comes to managing your programs, the Applications folder...is something like the Program Files folder in Windows--but without the worry. You should feel free to open this folder and double-click things. In fact, that's exactly what you're supposed to do... Better yet, on the Mac, programs bear their real, plain-English names, like Microsoft Word, rather than eight-letter abbreviations, like WINWORD.EXE."

Oh, come on, this isn't Windows 3.1 anymore. And who needs to open a folder and double-click on an icon to run a program? If I want to open Microsoft Word on my Windows 7 computer, I just click the Start button (or press the Windows key) and type "word" and press ENTER and let Windows Search do its magic.

Opening the book at a random page (not kidding) I found this:

"Fast User Switching works just as it does in Windows."

Wow, so Mac is finally catching up with Windows in this feature area?

OK I'm starting to get a bit snarky so I guess it's time to finish this review and move on. The bottom line is that I personally see no reason for me to switch to the Mac. But if I did want to make the move, I'd definitely buy this book--and probably tear out my hair in frustration after every few pages!
http://www.wservernews.com/go/1336643047059

Quote of the Week

"Try to regard all encounters and situations, including your job, as a game, as the world of illusion. Pull back a little and enjoy it all. Do our best, but don't fall apart if everything doesn't pan out the way you'd like it to. Remember that things are seldom what they seem." --Herb Cohen from his book "You Can Negotiate Anything"

Herb has over four decades of experience negotiating in situations ranging from mergers and acquisitions to hostage situations, and what he says here is right on the money. If you follow Herb's advice you'll not only enjoy life more but also have more success in your career because you'll have less stress. I highly recommend this book because the art of negotiation is basically part of everything we do in life from running a business to raising your kids:
http://www.wservernews.com/go/1336643098293

Another terrific book by Herb that I've personally learned a lot from and can highly recommend is "Negotiate This!: By Caring, But Not T-H-A-T Much":
http://www.wservernews.com/go/1336643104559

Got any other books on deal-making/negotiating you'd like to recommend? Email me at wsn@mtit.com

Save this newsletter so you can refer back to it later for tips, tools and other resources you might need to do your job or troubleshoot some problem you're dealing with.

Forward this newsletter to a friend or colleague who might find the tips and tools in it helpful for performing their job.

Send us feedback if you have questions, comments or suggestions concerning anything in this newsletter: wsn@mtit.com

Cheers!
Mitch Tulloch

 

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

Compare, Report, Consolidate and Simplify Group Policy.
http://www.wservernews.com/go/1336717413492

Download a free, fully functioning 30-day trial of Virtualization Manager from SolarWinds and take control of your virtualized environment.
http://www.wservernews.com/go/1336654086836

Using Microsoft Hyper-V? Altaro Hyper-V Backup Freeware Edition is an easy to use Hyper-V aware backup solution. Watch YouTube Video.
http://www.wservernews.com/go/1336654093743

Are your Hyper-V virtual machines locking up? Convert their saved state to a memory dump so you can debug the problem:
http://www.wservernews.com/go/1336643424561

Perform live kernel debugging on running Hyper-V virtual machines using MoonSols' LiveCloudKd:
http://www.wservernews.com/go/1336643427092

 

Events Calendar

Americas

Europe

Asia/Pacific

Add your event

Contact Michael Vella at michaelv@techgenix.com to get your conference or other event listed in our Events Calendar.

 

Webcast Calendar

IPv6 Address Autoconfiguration and DHCPv6

June 6, 2012 - O'Reilly will have IPv6 expert and author Joseph Davies of Microsoft Corporation demonstrate the various ways you can configure IPv6 addresses and configuration settings.
http://www.wservernews.com/go/1336647641624

This Week's Webcasts

Register for Webcasts

 Add your Webcast

Contact Michael Vella at michaelv@techgenix.com to get your webcast listed in our Webcasts Calendar.

Tech Briefing

Still need MDT 2010 Update 1?

The Microsoft Download Center now has MDT 2012 as the main download for Microsoft Deployment Toolkit, but if you still need the earlier version you can find out how to get it in this blog post by Michael Niehaus:
http://www.wservernews.com/go/1336651034583

Study of Commercially Deployed Single Sign On

Steve Syfuhs in his blog Steve On Security discusses a paper from Microsoft Research that analyses different commercial Single Sign On services that are currently available:
http://www.wservernews.com/go/1336651039834

Back to the basics with Microsoft software licensing options

Ruth Morton guides you through the licensing maze with this post on the Canadian IT Manager's Blog:
http://www.wservernews.com/go/1336653155502

Introducing Windows 8 Enterprise and Enhanced Software Assurance for Today's Modern Workforce

Erwin Visser describes what Windows 8 Enterprise edition can offer business customers in this post on the Windows For Your Business Blog:
http://www.wservernews.com/go/1336651044880

Don't Be Afraid To Learn PowerShell, You'll Need It & You'll Learn To Love It!

Feeling too old to learn another scripting language? Check out this post by Belgium MVP Didier Van Hoye from his blog Working Hard in IT:
http://www.wservernews.com/go/1336651049224

Virtualizing your Domain Controllers

Microsoft Certified Trainer (MCT) and consultant Mitch Garvis outlines some best practices are for domain controllers in a virtualized environment in his blog The World According to Mitch:
http://www.wservernews.com/go/1336651054724

 

Windows Server News

Cloud computing benefits may trump public cloud security fears

Companies can reap the benefits of cloud, if they develop smart strategies. Two IT advisers explain when public cloud makes sense and when to say no in this popular article.
http://www.wservernews.com/go/1336651150287

VDI assessment guide

Wait! Don't implement VDI technology until you know your goals and needs. A VDI assessment should consider the benefits of a VDI environment and its effects on end users>
http://www.wservernews.com/go/1336651158397

VMware to Hyper-V converts share lessons learned

Some IT pros will move from VMware to Hyper-V when new virtualization management tools in Microsoft's System Center 2012 and a new version of Hyper-V hit later this year. Though switching hypervisors can be a challenge, some say that the cost savings make it a worthwhile move. Learn more in this expert tip.
http://www.wservernews.com/go/1336651163803

Five reasons a VDI project stalls: What's the holdup?

Here's one way to send a VDI project down the tubes: Ignore the end user experience. See four more factors that can hit the brakes on your implementation.
http://www.wservernews.com/go/1336651169319

 

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

Image

The Purdue Society of Professional Engineers built the World's most complex Rube Goldberg Machine with 300 steps involved in blowing up and popping a balloon:
http://www.wservernews.com/go/1336651213506

Evacuated Tube Transport could take you from New York to LA in 45 minutes:
http://www.wservernews.com/go/1336651215506

The best space shuttle launch video I have seen so far - with high quality audio and 1080p:
http://www.wservernews.com/go/1336651217506

A big red push button on a quiet square in a small town in Belgium with a sign "Push to add drama". See what happens next:
http://www.wservernews.com/go/1336651223021

John Collins folds paper airplanes for a living, and recently designed a plane that broke the world record for longest flight. Here, he shares a few of his secrets:
http://www.wservernews.com/go/1336651226615

Creating the illusion of a static flow of water with sound waves in a simple experiment, using a thin water hose taped to a loudspeaker:
http://www.wservernews.com/go/1336651228959

 

WServerNews - Product of the Week

Take Control of Group Policy

Take Control of Group Policy with SDM Software Optimize, Consolidate or Migrate your GPOs with the help of SDM Software's GPO Reporting Pak. The Reporting Pak, with GPO Compare and GPO Exporter, provides unprecedented visibility into your Group Policy environment. Get reports on unused GPOs, conflicting or duplicate settings, unlinked GPOs and more.

Download a trial version now!

WServerNews - Editors

Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit from Microsoft Press and has published hundreds of articles for IT pros. Mitch is also a seven-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com

Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also Head of Research for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.