6

Adding Roles to Windows Server 2022

Now that you have had a chance to get to know the two most crucial roles of Windows Server 2022, AD DS and DNS, and learned how to install them, it is time to get acquainted with the other roles and features of Windows Server 2022. Adding roles to Windows Server will help you define its function in an organization’s network.

This chapter will explain the role and the importance of roles in determining how Windows Server functions when providing network services. First, you will get to know most of the roles and features that Windows Server 2022 supports. You will also learn how to add roles and set them up correctly when required. Then, you will understand application servers, web services, remote access, and file and print services. In addition to learning about roles, features will also be explained, along with the steps to add them to a server.

Finally, this chapter includes an exercise where you will install the Internet Information Services (IIS) and Print and Document Services (PDS) roles.

In a nutshell, the following topics will be covered in this chapter:

• Understanding server roles and features
• Understanding application servers
• Understanding web services
• Understanding Remote Access
• Understanding file and print services
• Understanding user rights, NTFS permissions, and share permissions
• Chapter exercise – installing the Web Server (IIS) and PDS roles

Technical requirements

To complete the exercises in this chapter, you will need the following equipment:

• A PC with Windows 11 Pro with at least 16 GB of RAM, 1 TB of HDD, and access to the internet
• Virtual machine 1 (file server) with Windows Server 2022 Standard (Desktop Experience) with at least 4 GB of RAM, 100 GB of HDD, and access to the internet
• Virtual machine 2 (web server) with Windows Server 2022 Standard (Desktop Experience) with at least 4 GB of RAM, 100 GB of HDD, and access to the internet
• Virtual machine 3 (print server) with Windows Server 2022 Standard (Desktop Experience) with at least 4 GB of RAM, 100 GB of HDD, and access to the internet

Understanding server roles and features

First, you should determine the function of a server within an organization’s IT infrastructure before adding a proper role to it. The following sections will familiarize you with Windows Server 2022 roles, role services, and features.

Server roles

When adding a role in Windows Server 2022, as shown in Figure 6.3, usually, you need to determine the function of the server by the role (that is, network service) it is running in your organization's infrastructure. That way, the server role is the server’s primary function. In the best-case scenario, the server should only have one role. However, the server can have multiple roles too. So, always try to understand the exact function the server needs to perform when choosing the required hardware.

Role services

Other than adding roles to the server and determining the server’s function, there are situations when you need to add role services. This raises questions such as, “What are role services?”

First, let’s try to understand role services with an example. Let’s assume that you want to have an internet print server so that employees can print from outside the company’s network (that is, via an extranet). First, you add the PDS role to the server, and then you add Internet Printing as a role service, as shown in Figure 6.21. That way, you augment the functionality of the role.

Server features

As we’ve discussed, other than roles and role services, features (see Figure 6.2) can be added to the server to support a given function. There are times when the following must be done:

• Installing .NET Framework 3.5 is required to help the role that is being added.
• Installing an IP Address Management (IPAM) feature is required to support the DHCP or DNS roles in the organization’s network infrastructure.
• Installing the WINS server, alongside DNS, is required to solve problems that arise from NetBIOS name resolution in routed environments.

These situations are just some instances where feature installation is required.

Server Manager

Server Manager is commonly used to add roles in Windows Server 2022. Introduced with Windows Server 2008, Server Manager is a Windows administrative tool that administrators use to add, set up, and manage server roles. Its user interface is simple and easy to navigate. Usually, the Scope pane lists the roles that have been installed, whereas the Details pane displays the details of an established role. Therefore, it can be concluded that Server Manager (see Figure 6.1) is the one-stop administrative console for installing roles, configuring services, managing resources, and managing tasks in Windows Server 2022, both locally and on remote servers:

Figure 6.1 – Server Manager’s user interface in Windows Server 2022

So far, you have learned what server roles and features are. The next section will walk you through the concept of application servers and their types.

Understanding application servers

When searching for the meaning of the word application in the Merriam-Webster dictionary, one of the definitions presented is also an act of putting something to use. From that, it can be understood that an application server is a server that provides usable services on a particular network. You will get acquainted with some well-known application servers in the following sections.

Let’s begin by understanding what mail servers are and how to set them up.

Email server

In its simplest terms, an email server, often called a mail server, is a server that sends and receives emails. For a server to function as an email server, it must have email server software installed. Therefore, the Exchange Server client/server application will turn a server into an email server in Windows-based servers. Exchange Server then enables the system administrator to manage and create email accounts on the server. To send and receive emails, Exchange Server utilizes network protocols. The main features and communication protocols that are used by an email server are as follows:

• The Mail Transport Agent (MTA) is responsible for transporting the mail between mail servers.
• The Mail Delivery Agent (MDA) is responsible for delivering the mail from the server to a user’s inbox.
• The Mail User Agent (MUA) is responsible for providing a platform for composing and reading emails.
• The Simple Mail Transfer Protocol (SMTP) uses port 25 and powers the MTA in transferring the mail between servers.
• The Post Office Protocol (POP) uses port 110 and is responsible for downloading emails from the server to the user's local computer.
• The Internet Message Access Protocol (IMAP) uses port 143 and is responsible for retrieving emails from the mail server and sending them to a user’s mail application.

While Exchange Server is considered an advanced email server, in simple terms, you can set up an email service that only sends and forwards the emails in Windows Server 2022 by adding the SMTP Server feature. To add the SMTP Server feature to Windows Server 2022, as shown in Figure 6.2, follow these steps:

1. Click on Add roles and features in Server Manager’s WELCOME TO SERVER MANAGER section.
2. On the Before you begin page, click Next.
3. Click Next on the Installation Type page.
4. On the Server Selection page, click Next.
5. There is no role to add, so click Next on the Server Roles page.
6. Select SMTP Server from the Features list:

Figure 6.2 – Adding the SMTP Server feature to Windows Server 2022

7. There is no role service to add, so click Next.
8. On the Confirmation page, click Install.

Important note

Exchange Server 2022 is Microsoft’s application for setting up a mail server in an organization’s network. To do that, you should install and configure Exchange Server 2022.

Next, let’s learn about the database server and its access protocols.

Database server

Simply put, a database server is considered a high-power computer that provides authorized users with database services and data access. Moreover, a database server stores data in a central location that can be backed up, enabling applications and users to access data across the network. Therefore, the SQL Server client/server application will turn a server into a database server in Windows-based servers. Microsoft (MS) SQL Server enables the system administrator to manage and create tables on the server. Furthermore, to provide data access, MS SQL Server requires protocols. The main features and communication protocols that are utilized by a database server are as follows:

• Data is the raw material of the database and, as such, is the main component of a database server. Without data, there is no database.
• A database application is an application through which the user interacts with the database server.
• Users are the people who use the database.
• Open Database Connectivity (ODBC) is a protocol that enables applications to access data in a database server.
• Java Database Connectivity (JDBC) is Sun Microsystem’s protocol that enables Java applications to access data in a database server.
• Object Linking and Embedding Database (OLEDB) is Microsoft’s protocol that enables applications to access data in a database server.

Important note

SQL Server 2022 is Microsoft’s application for setting up a database server in an organization’s network. To do that, you need to install and configure SQL Server 2022.

Next, let’s learn what collaboration servers are.

Collaboration server

As its name suggests, a collaboration server provides centralized tools and resources to facilitate communication and interaction in the virtual workspace. This means that users from the same organization can exchange collaborative documents, instant messages, personal and group calendars, video meetings, and other services. Therefore, the SharePoint Server client/server application will turn a server into a collaboration server for Windows-based servers. SharePoint Server enables the system administrator to manage and create sites, libraries, documents, and more on the server. Furthermore, SharePoint Server utilizes networking protocols to provide access to sites, libraries, documents, and other resources.

Important note

SharePoint Server 2022 is Microsoft’s application for setting up a collaboration server in an organization’s network. To do that, you need to install and configure SharePoint Server 2022.

Next, let’s learn what monitoring platforms are.

Monitoring server

Simply put, a monitoring platform can involve anything from monitoring the health of servers to monitoring their performance. However, in a broader context, a monitoring platform can manage the entire IT environment and collect data on issues across networks by monitoring servers on-premise, in the cloud, or by monitoring a hybrid environment from a central console. These platforms are designed to track the status of critical client/server applications, network services, IT infrastructures, websites, and other services. Moreover, monitoring platforms employ configurable alerts to quickly detect problems and notify system administrators of critical issues that must be resolved. Therefore, the System Center Operations Manager (SCOM) client/server application will turn a server into a monitoring server for Windows-based servers.

SCOM Server enables the system administrator to manage and monitor devices and services in an enterprise environment. From this, it is evident that server monitoring is an ongoing and complex process that, in addition to monitoring key server components such as CPU, memory, disk usage, and network interface, monitors network applications and services on the servers.

Important note

System Center 2022 is Microsoft’s application for setting up a monitoring server in an organization’s network. To do that, you must install and configure System Center 2022, including SCOM.

Next, let’s learn what threat management servers are.

Data protection server

The data protection server establishes a platform that supports business continuity and disaster recovery (BCDR) strategies by facilitating an organization’s data backup and recovery. Therefore, the System Center Data Protection Manager (DPM) client/server application will turn a server into a data protection server for Windows-based servers. In addition, DPM enables the system administrator to run the following:

• Application-aware backups for Exchange Server, SQL Server, and SharePoint Server
• Files, folders, and volumes backups
• System state backups
• Virtual machine (VM) backups on Hyper-V for both Windows and Linux

Important note

System Center 2022 is Microsoft’s application for setting up a data protection server in a corporate network. To do that, you must install and configure System Center 2022, including DPM.

This section has taught you about some well-known application servers that are used today in on-premises environments. Aside from helping you get to know some of the most used client/server applications nowadays, it has helped you learn about their features, components, protocols, and capabilities. The following section will teach you about the various available web services.

Understanding web services

A web service is usually a network service but in web technology. Moreover, a web service represents communication between the browser and the web server based on the request/response paradigm. Commonly, it takes place over the internet using the Hypertext Transfer Protocol (HTTP) communication protocol. Therefore, to better understand web services, you must familiarize yourself with IIS, WWW, and FTP.

In the next section, you’ll learn what IIS is.

IIS

IIS is Microsoft’s web server, which provides reliable, manageable, and scalable web applications. IIS supports communication protocols such as HTTP, HTTPS, FTP, FTPS, SMTP, and NNTP for communication between the browser and the web server. In addition, for dynamic content on the server side, Microsoft has developed a scripting technology called Active Server Pages (ASP).

In IIS version 10, Microsoft has significantly increased security by providing support for scripts that take a long time to execute, including HTTP/2. Additionally, they added Microsoft Edge based on Chromium, a new browser released in January 2020. Other key features introduced with IIS 10 in Windows Server 2022 include upgraded HTTP/3 server-side cipher suite negotiation, IIS administration PowerShell cmdlets, wildcard host headers, and more. All these improvements have increased IIS’s overall performance and security.

To set up a web server in Windows Server 2022, you need to add IIS as a role to the server, as shown in the following screenshot:

Figure 6.3 – Adding the Web Server (IIS) role in Windows Server 2022

IIS Manager is an administrator console that’s used to manage the web server in Windows Server 2022, as shown in the following screenshot. IIS Manager can be accessed from Server Manager, Windows Administrative Tools, and the Run dialog box by running the inetmgr command.

Figure 6.4 – IIS Manager in Windows Server 2022

Next, let’s learn about the World Wide Web (WWW), which is among the most used services on the internet.

WWW

Often, people confuse the internet with the WWW. Perhaps using the WWW while connected to the internet means they feel that the WWW is the internet! Who knows? However, like many other internet services, the WWW is also an internet service that’s accessed through the HTTP protocol. It consists of electronic documents compiled with Hypertext Markup Language (HTML), as shown in the following screenshot:

Figure 6.5 – A website and its source code

Next, let’s learn about the FTP communication protocol, which is used to share files over the internet, and how to set it up.

FTP

File Transfer Protocol (FTP), as the name suggests, transfers files between computers over the internet. Moreover, it sends and receives corporate data in a corporate network. However, on websites and web servers, it is used to upload and download files. It is built on a client/server network architecture, so it uses port 21 to establish a session and port 20 to transfer data.

To set up an FTP server in Windows Server 2022, first, you need to add Web Server (IIS) as a role and then FTP Server as a role service, as shown in the following screenshot:

Figure 6.6 – Adding FTP Server as a server role in Windows Server 2022

Next, we will learn about worker processes, which help requests reach out to the web server application pool, and how to access them.

Separate worker processes

From an IIS perspective, a web directory represents a website with an application pool. As we are talking about a collection of applications, it is evident that there is more than one application. Furthermore, the same worker process supports each application in the application pool. This means that a worker process that serves an application pool is separated by another worker process that helps another application pool too. Hence, if a specific web application does not work, it does not affect the applications running in other application pools.

To access an application’s pool worker processes, select Application Pools; then, from the Actions pane on the right-hand side of the IIS Manager administrative console, select Advanced Settings..., as shown here:

Figure 6.7 – An application’s pool worker process in IIS

Now, let’s learn how to add additional components to Windows Server’s IIS.

Adding components to the IIS

Upon adding the Web Server (IIS) role, you will encounter the Role Services step (see Figure 6.6) in the What is FTP? section, where you will add the required components for IIS. You can add the necessary features even after you have added Web Server (IIS) to the server. First, however, you must use the Add Roles and Features Wizard from Server Manager to add additional components to Windows Server’s IIS.

Now, let’s learn about a site or website, a group of HTML documents on a web server.

Sites

A site, often referred to as a website, is a collection of web pages grouped to represent the content on the intranet or internet via web services. Commonly, HTML is issued to compile web pages and design a website. However, various scripting languages add dynamic content to a specific website. An example of a single web page website can be considered by adding Web Server (IIS) as a role in Windows Server 2022. Then, the default website is automatically created, as shown in the following screenshot:

Figure 6.8 – Localhost in Windows Server 2022 powered by IIS

However, if you right-click Sites and select Add Website..., as shown in the following screenshot, you can add additional websites to Windows Server’s IIS:

Figure 6.9 - Adding a website via IIS Manager in Windows Server 2022

Now, let’s learn about the software ports that are used by client/server applications.

Ports

As you may know, there are hardware and software ports. A hardware port is any physical interface in a computer, peripheral device, or network device that allows interconnection for communication and management. By contrast, a software port (often known as an application port) is any logical endpoint where applications from the server communicate with other applications on LAN, WAN, and the internet. For example, a web server uses ports 80 and 443 for the HTTP and HTTPS protocols, respectively.

The following table lists the well-known application ports:

Table 6.1 – Well-known application ports

Now, let’s learn about the Secure Sockets Layer (SSL), which can add security to communication between browsers and web servers.

SSL

SSL is a communication technology that encrypts the communication channel between a website on a web server and a browser on a server, as shown in Figure 6.10. The browser connects to a secure website with SSL over the HTTPS protocol on port 443. In such a secure infrastructure, certificates play an important role in encrypting all transmitted data. Certificates are used mutually by the website and the browser to negotiate a secure session between browser-to-server or server-to-server communications.

Figure 6.10 – Secured communication between a browser and a website

The preceding screenshot shows that Packt’s website uses the HTTPS protocol instead of HTTP. As explained earlier, this website uses either Secure Sockets Layer (SSL) or Transport Layer Security (TLS) to secure communications between the browser on the server and Packt’s website on a web server.

Certificates

As discussed in the previous section, a certificate is responsible for securing the communication channel between a website and a browser. The certificate, also known as a digital certificate, is an electronic document that ensures that entities can exchange data securely over the internet. Usually, certificates are issued by a secure entity known as a Certificate Authority (CA), as shown in the following screenshot. In addition, the secure web infrastructure commonly utilizes a public key infrastructure (PKI), which uses certificates to prove the ownership of the public key:

Figure 6.11 – Certificate issued by a CA

Important note

You can learn more about PKI at https://docs.oracle.com/cd/B10501_01/network.920/a96582/pki.htm.

This section has taught you about various web services and components. The next section will teach you about the Remote Access role in Windows Server 2022.

Understanding Remote Access

The Remote Access (RA) role in Windows Server 2022 enables remote access to resources within a corporate network. Moreover, remote access refers to the ability to monitor and control access to a computer or network anywhere at any time. It enables corporate users to work from a remote location by maintaining access to a corporate network. In Windows Server 2022, RA consists of a logical grouping of the following network access technologies:

• DirectAccess, introduced in Windows Server 2008 R2, uses IPsec to encrypt communication between the DirectAccess client and the DirectAccess server. In addition, it encapsulates IPv6 traffic over IPv4 to reach the intranet over the internet. As a result, access to a corporate intranet can be enabled without a Virtual Private Network (VPN).
• Routing and Remote Access Service (RRAS), the Remote Access Service (RAS) successor in Windows NT, was introduced in Windows 2000 and represented a combined service that establishes links between remote locations over VPN and dial-up traffic paths between the sub-networks.
• Web Application Proxy acts as a recursive proxy in Windows Server 2022. It uses Active Directory Federation Services (AD FS) to authenticate corporate users so that they can access web applications on the corporate intranet through an extranet.

To set up a Remote Access server in Windows Server 2022, you need to add Remote Access as a role to the server, as shown in the following screenshot:

Figure 6.12 – Adding the Remote Access role in Windows Server 2022

Now, let’s learn about the Remote Assistance feature and how to add it to the server.

Remote Assistance

Remote Assistance in Windows Server 2022 is a feature that enables a trusted helper to access the invitee’s desktop remotely to assist in troubleshooting computer-related issues. In Help Desk terms, remote assistance refers to a computer activity where technical support is provided from a remote location over the internet. You must use the Add Roles and Features Wizard area to add the Remote Assistance feature to the server, as shown in the following screenshot:

Figure 6.13 – Adding the Remote Assistance feature in Windows Server 2022

Now, let’s look at the Remote Server Administration Tools feature, which allows you to administer servers remotely.

RSAT

Remote Server Administration Tools (RSAT) in Windows Server 2022 enables system administrators to manage the server roles and features of remote servers running Windows Server 2022 (both in GUI and CLI modes). RSAT is also available for client computers running Windows 10 and 11.

To enable Remote Server Administration Tools in Windows Server 2022, use the Add Roles and Features Wizard area, as shown in the following screenshot:

Figure 6.14 – Adding the RSAT feature in Windows Server 2022

Now, let’s learn about Remote Desktop Services (RDS), a communication protocol that enables remote access to the server.

RDS

Known as Terminal Services (TS) until Windows Server 2008, RDS earned its name and identity with the release of Windows Server 2008 R2. This role allows you to set up a GUI with remote access to computers within an organization’s network and over the internet. Additionally, RDS delivers individual, virtualized applications to users’ desktops. To set up an RDS server in Windows Server 2022, you need to add the Remote Desktop Services role to the server, as shown in the following screenshot:

Figure 6.15 – Adding the RDS role in Windows Server 2022

Now, let’s learn about the RDS Licensing server and how to set it up.

RDS Licensing

The RDS Licensing server manages RDS Client Access Licenses (CALs). Users and computers use RDS CALs to access a Remote Desktop Session Host (RDSH) server. The RDS Licensing server provides two concurrent connections free of cost by default. If you need additional RDS CALs, then you need to purchase them.

To set up an RDS Licensing server in an organization’s network with Windows Server 2022, first, you need to add the Remote Desktop Services role and then add the Remote Desktop Licensing role services, as shown in the following screenshot:

Figure 6.16 – Adding Remote Desktop Licensing role services in Windows Server 2022

Now, let’s understand the Remote Desktop Gateway (RDG) server, which helps users access the company’s intranet over the internet.

RDG

A Remote Desktop Gateway (RDG) server, which is part of the RDS role, is a role service in Windows Server 2022 that enables authorized users to connect to computers within an organization’s network and over the internet using a Remote Desktop Connection (RDC) client. To set up an RDG server in your organization’s network with Windows Server 2022, first, you need to add the Remote Desktop Services role and then add Remote Desktop Gateway role services, as shown in the following screenshot:

Figure 6.17 – Adding Remote Desktop Gateway role services in Windows Server 2022

Next, we’ll turn our attention to Virtual Private Networks (VPNs), which allow us to set up secure communications. We’ll also briefly look at how to deploy them.

VPN

As you may know, a Virtual Private Network (VPN) is a logical internet connection for securely transmitting data. As its name suggests, a VPN creates a virtual point-to-point link between two computers on the WAN and the internet. A VPN enables remote users to connect to a corporate network over the internet using tunneling protocols and data encryption algorithms. This kind of network is usually deployed in two ways:

• The remote access VPN connects remote users (telecommuters) with the server on their organization's private network.
• The site-to-site VPN enables organizations to connect two separate networks over the internet.

To set up a VPN server in Windows Server 2022, first, add the Remote Access role and then add the DirectAccess and VPN (RAS) role services, as shown in the following screenshot:

Figure 6.18 – Adding the DirectAccess and VPN (RAS) role services in Windows Server 2022

Now, let’s learn about the Application Virtualization (App-V) service, which represents a virtualized application that runs within the simulated environment.

App-V

Microsoft App-V delivers virtualized applications to users. These virtualized applications are installed on a server and are provided to users in a service format. In addition, Microsoft App-V contains a centralized management system that administrators use to control how much access users have to each application. From a user’s perspective, users interact with the virtualized applications the way it is supposed to run on a local machine. To set up an App-V server, download the Microsoft Desktop Optimization Pack (MDOP) from Microsoft’s website.

Important note

You can learn more about MDOP at https://technet.microsoft.com/en-us/windows/mdop.aspx?.

Now, let’s learn about the various ports that are used by client/server applications and communications protocols.

Multiple ports

As discussed earlier in the Understanding RDS section, port 3389 is used by RDS to send and receive data. However, that is only for accessing one computer at a time. So, what happens when you try to access more than one computer simultaneously through RDS?

While the first computer uses port 3389, sequential port numbers are assigned to other computers on the LAN, starting with 3390. Similarly, an IP socket is used to access multiple computers simultaneously from a remote location. An IP socket is a combination of an IP address and a port number that tells the application where to deliver the data:

• Syntax: Public_IP_address:Port_number
• Example: 192.168.2.10:8080

This section taught you about the Remote Access role in Windows Server 2022 and its various role services and features. The next section will teach you about file and print services.

Understanding file and print services

It can be stated that file and print services are as old as computer networks themselves! That is because computer networks were born out of the need to share resources. Hence, file and print services were among the pioneering services in computer networks. These two services, which will be discussed in detail in the following sections, have been transformed into essential services, whether for home or corporate networks. These days, every Network Operating System (NOS), including Windows Server 2022, can provide file and print services.

File Services role

In Windows Server 2022, the File and Storage Services role is automatically added upon installing an operating system, as shown in the following screenshot. Does that surprise you? Maybe not, because you should remind yourself that you have just installed a NOS on the server!

Figure 6.19 – The File and Storage Services role in Windows Server 2022

As mentioned earlier, file services have always been essential network services. From file sharing to work folders or DFS namespaces to BranchCache for network files, it is all about the data’s availability and access from anywhere at any time.

PDS role

PDS is a service that enables centralized printing on a network. However, as its name suggests, PDS offers more than just a network printing service. It also provides a service for document scanning. With a scanning service, users receive scanned documents from the network scanner and send them to shared network resources. Usually, PDS is added as a role in Windows Server 2022, as shown in the following screenshot. Hence, to set up a print server in Windows Server 2022, select the Print and Document Services role to add Print Server role services:

Figure 6.20 – Adding the Print and Document Services role in Windows Server 2022

The following role services can be installed as part of PDS, as shown in the following screenshot:

• Print Server allows you to manage printing queues and deploy and migrate print servers.
• Internet Printing allows you to set up a website that users can use to print over Internet Client Printing (ICP).
• Line Printer Daemon (LPD) Service enables Unix-based computers and non-Windows OSs to use Line Printer Remote (LPR) to print:

Figure 6.21 – Adding Print and Document Services role services in Windows Server 2022

In the following sections, we will look at various concepts related to a printer. We will begin with the local printer.

Local printer

As the name suggests, a local printer is a printer that is physically connected to a computer through either the parallel port (referred to as the printer port) or USB port. This printer primarily serves the computer that it is connected to. However, if a host computer shares the printer, it also serves other computers on the network.

Network printer

A network printer, as shown in the following screenshot, unlike a local printer, is a dedicated printer on the computer network that provides printing services. Moreover, a network printer uses either Ethernet or a Wi-Fi interface and can be accessed by multiple devices simultaneously on the same network. Also, the network printer can be accessed over the internet if such a setup exists:

Figure 6.22 – Adding Print Server role services in Windows Server 2022

The preceding screenshot shows the information on a network printer. As you can see, accessing a network printer is very important regarding its IP address as it allows you to connect to the printer and print on a LAN or over the internet (if the printer uses a public IP address).

Printer pooling

Printer pooling in Windows Server 2022 is a feature that helps configure two or more physical printers into one logical printer. Printers installed on the print server must be almost identical or able to use the exact print driver. From the client’s perspective (referred to as the frontend), though several physical network printers are available at the backend, it looks like a single printer. This logical connection of printers balances their load, hence increasing their usability and, at the same time, providing users with efficient printing:

Figure 6.23 – Adding printers with printer pooling in Windows Server 2022

You can set up printer pooling in Windows Server 2022 by adding the Print and Document Services and Print Server role services. Then, you must install the necessary printers and configure printer pooling through the Print Management administrative console, as shown in the preceding screenshot.

Web printing

So far, we’ve learned that the network printer tries to relate web printing with printing over a web browser to understand it better and easier. That said, before setting up web printing in your organization’s network, you must add the Print and Document Services role and Internet Printing as a role service. In addition, the Web Server (IIS) role is required:

Figure 6.24 – Web printing in Windows Server 2022

Enter http://servername/printers in your browser’s web address bar to access printers via a web browser. You should get something similar to the preceding screenshot.

Web management

Like local and network printing, web printing also has its way of managing print jobs. Hence, users can manage print jobs with web printing management jobs through the web browser similar to how they would when accessing a local printer or network printer. For example, to manage printers through a web interface, enter http://servername/printers in your browser’s address bar and select the printer. The next page, as shown in the following screenshot, lists the print jobs that can be managed. First, however, you must add the Internet Printing role services to the server once you add the PDS role:

Figure 6.25 – Web printing management in Windows Server 2022

Now, let’s understand printer driver deployment, which must be installed on a local or remote server to connect to the printer and run printing tasks.

Printer driver deployment

When managing printers from the Print Management administrative console, everything from driver deployment to adding printers can be accomplished, as shown in the following screenshot. That said, the printer driver deployment represents adding and updating a printer driver in the Print Management administrator console and installing the printer driver on one or more workplace computers:

Figure 6.26 – Deploying print drivers and the Print Management console in Windows Server 2022

In this section, you learned about the PDS role, which can help you set up a print server in your organization. In the next section, we’ll briefly look at user rights, NTFS permissions, and share permissions so that we can access files and folders from a local computer and network.

Understanding user rights, NTFS permissions, and share permissions

First things first, let’s become familiar with user rights and permissions. If you open the Properties area of a folder in any Windows OS and then click on the Security tab, you will see the permissions for the <user> unit under the group or user names section. That section lists the following permission types:

• Full control allows you to read, write, modify, execute, change attributes and permissions, and delete files and subfolders.
• Modify allows you to view, modify, add, and delete files and sub-folders.
• Read & execute allows you to run and manage files.
• List folder contents allows you to view data files and a list of a folder’s content.
• Read allows you to view files and file properties.
• Write allows you to write in a file.
• Special permissions provides access to additional advanced permissions.

However, note that each permission may contain either an allowed or denied setting, as shown in the following screenshot. Users are then allowed or denied access to the files and folders based on the assigned user rights. This means that every user’s assigned allowed or denied setting contains specific permissions that determine the user’s type of access to the objects:

Figure 6.27 – NTFS permissions in Windows Server 2022

Another thing you must consider is comparing New Technology File System (NTFS) permissions with share permissions. Keeping in mind that NTFS is a native filesystem in Windows Server 2022, when we talk about NTFS permissions, we are dealing with file and folder access to the local server, on the server’s storage device. In contrast, share permission has more to do with accessing files and folders shared over the network. Since we’ve already covered NTFS permissions, let’s look at what shared permissions offer, as shown in the following screenshot:

• Full Control allows you to read, modify, and edit permissions and take ownership.
• Change allows you to read, execute, write, and delete files and subfolders.
• Read allows you to list and view the content:

Figure 6.28 – Share Permissions in Windows Server 2022

Another perspective on user rights involves their assignment through Local Group Policy Editor (gpedit.msc), Local Security Policy, or Default Domain Policy by navigating to the Computer ConfigurationWindows SettingsSecurity SettingsPoliciesUser Rights Assignment path. If the server is a domain member, then you will notice that some policies have already been configured, as shown in the following screenshot:

Figure 6.29 – User Rights Assignment in Windows Server 2022

In this section, we learned that there is a clear difference between user rights and permissions. While user rights have to do with user accounts, permissions have to do with access to objects (files and folders). Now, let’s learn about file server auditing, a monitoring method that determines who modified the organization’s data, when it was changed, and why.

Understanding file server auditing

Since a file server stores critical and sensitive data for an organization, auditing is significant in assessing management controls in its IT infrastructure. Thus, auditing the file server is necessary to record who has done what and when with the data.

To configure auditing in Windows Server 2022, open Local Group Policy Editor (gpedit.msc), Local Security Policy, or Default Domain Policy and navigate to the Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesAudit Policy path, as shown in the following screenshot:

Figure 6.30 – Auditing in Windows Server 2022

In this section, you learned about the file and print services in Windows Server 2022 and their various features. Next, we will move on to this chapter’s exercise, where we will look at installing the Web Server (IIS) and Print and Document Services roles.

Chapter exercise – installing the Web Server (IIS) and 
PDS roles

In this exercise, you will learn how to install the Web Server (IIS) and Print and Document Services roles.

Installing the Web Server (IIS) role

To install the Web Server (IIS) role in Windows Server 2022, follow these steps:

1. Click the Start button. Then, in the Start menu, click Server Manager.
2. Click on the Add roles and features hyperlink in the Server Manager window.
3. Shortly, the Add Roles and Features Wizard area will open, as shown in the following screenshot:

Figure 6.31 – The Add Roles and Features Wizard area in Windows Server 2022

4. Accept the Role-based or feature-based installation option and click Next.
5. Ensure that the correct server is highlighted from the server pool. Then, accept the Select a server from the server pool option and click Next.
6. Select the Web Server (IIS) role from the list of roles.
7. Click the Add Features button when the Add features required for Web Server (IIS) popup appears.
8. No feature is required to add the Web Server (IIS) role at this stage, so click Next.
9. In the Web Server (IIS) definition and the things to note regarding installing Web Server (IIS), click Next.
10. Either accept the Web Server (IIS) role services or customize them to your needs.
11. Confirm your installation selections for the Web Server (IIS) role by clicking the Install button.
12. When the installation completes, click the Close button to close the Add Roles and Features Wizard area.
13. With that, the Web Server (IIS) role will be installed. A server restart is not required.

Installing a PDS role

To install a Print and Documents Service role in Windows Server 2022, follow these steps:

1. Click the Start button. Then, in the Start menu, click Server Manager.
2. Click on the Add roles and features hyperlink in the Server Manager window.
3. Shortly, the Add Roles and Features Wizard area will open.
4. Accept the Role-based or feature-based installation option and click Next.
5. Ensure that the correct server is highlighted from the server pool. Then, accept the Select a server from the server pool option and click Next, as shown in the following screenshot:

Figure 6.32 – Accepting the defaults

6. From the list of roles, select the Print and Document Services role.
7. Click the Add Features button when the Add features that are required for Print and Document Services dialog box pops up.
8. At this stage, no feature is required to add a PDS role, so click Next.
9. In the PDS definition and the things to note regarding PDS installation, click Next.
10. Either accept the PDS role services or customize them to your needs.
11. Confirm the installation selections for the PDS role by clicking the Install button.
12. When the installation completes, click the Close button to close the Add Roles and Features Wizard area.

With that, the PDS role will be installed. A server restart is not required.

Summary

In this chapter, you got acquainted with well-known client/server application servers such as the email server, database server, collaboration server, monitoring server, and data protection server.

Then, you learned about the Web Server (IIS) role, which can help you set up a web and FTP server and secure communication between the web server and a browser through SSL and digital certificates. Furthermore, you learned about Remote Access services, which help establish remote access to the organization’s computers and servers. Then, you became familiar with user rights, NTFS permissions, and share permissions, which will help you understand the concepts of accessing and securing files locally and on the network.

Finally, this chapter concluded with an exercise that showed you how to install the Web Server (IIS) and Print and Document Services roles.

The next chapter will teach you about Group Policy in Windows Server 2022, which can be used to add more controls to user and computer accounts.

Questions

Answer the following questions to test your knowledge of this chapter:

1. A server role is a primary task that a server should perform. (True | False)
2. ________ transfers files from computer to computer, computer to a server, or vice versa, both on LAN and WAN.
3. Which of the following are NTFS permissions in Windows Server 2022? (Choose 3)
   1. Modify
   2. Write
   3. Change
   4. Read
4. A web service is a communication between two devices based on the request/response methodology that uses the FTP protocol. (True | False)
5. ________ is any logical endpoint where applications from your computer communicate with other applications on other computers, both on LAN and WAN.
6. Which of the following protocols are utilized by mail servers? (Choose 2)
   1. File Transfer Protocol (FTP)
   2. Hypertext Transfer Protocol (HTTP)
   3. Simple Mail Transfer Protocol (SMTP)
   4. Post Office Protocol (POP)
7. Remote assistance is a feature that enables a helper to access the host’s desktop remotely to assist with resolving issues. (True | False)
8. ________ is responsible for securing the communication channel between a website and a browser.
9. Which of the following ports is used by RDS?
   1. 25
   2. 110
   3. 443
   4. 3389
10. Web printing enables users to print files to network printers through Windows Explorer. (True | False)
11. ________ have to do with user access to shared folders and drives on the network.
12. Which of the following are share permissions? (Choose 2)
    1. Read
    2. Change
    3. Write
    4. Modify
13. Discuss the Remote Access and Remote Desktop Services roles.
14. Discuss user rights, NTFS permissions, and share permissions.

Further reading

To learn more about the topics that were covered in this chapter, take a look at the following resources:

• IIS Web Server Overview: https://docs.microsoft.com/en-us/iis/get-started/introduction-to-iis/iis-web-server-overview
• DirectAccess: https://docs.microsoft.com/en-us/windows-server/remote/remote-access/directaccess/directaccess
• User Rights Assignment: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-rights-assignment