Windows NT 4.0 File and Print Services Configuration Guide

Tyler Maginnis | January 18, 2024

Windows NT 4.0File ServicesPrint ServicesNetwork SharesNTFSSecurity

Need Professional Windows NT Server 4.0?

Get expert assistance with your windows nt server 4.0 implementation and management. Tyler on Tech Louisville provides priority support for Louisville businesses.

Call Now: (202) 948-8888 Email for Quote

Same-day service available for Louisville area

Windows NT 4.0 File and Print Services Configuration Guide

Introduction

File and print services are core functions of Windows NT Server 4.0, enabling centralized storage and printer management. This guide covers setup, configuration, security, and optimization of these essential services.

File Services Overview

File Systems

  • Features: File/folder permissions, compression, auditing
  • Maximum Volume Size: 16 TB (theoretical)
  • Maximum File Size: 16 TB (theoretical)
  • Security: Full ACL support

FAT16

  • Features: Basic file storage, no security
  • Maximum Volume Size: 2 GB (4 GB with large cluster size)
  • Maximum File Size: 2 GB
  • Use Cases: Dual-boot systems, removable media

Planning File Services

  1. Storage Requirements
  2. Current data size
  3. Growth projections
  4. Backup considerations

  5. Performance requirements

  6. Directory Structure D:\ ├── Shared\ │ ├── Company\ │ ├── Departments\ │ │ ├── Sales\ │ │ ├── Marketing\ │ │ └── Finance\ │ └── Public\ ├── Users\ │ └── %username%\ └── Applications\

Creating and Managing Shares

Creating Shares via GUI

  1. Windows Explorer Method
  2. Right-click folder → Sharing
  3. Select "Shared As"
  4. Enter share name
  5. Set user limit (default: Maximum)

  6. Configure permissions

  7. Server Manager Method Server Manager → Computer → Shared Directories New Share → Enter path and share name Configure permissions

Share Permissions

Permission Levels

  • No Access: Explicitly deny access
  • Read: View files and folders
  • Change: Read, write, delete files
  • Full Control: All permissions including change permissions

Best Practices

Share Permissions: Everyone - Full Control
NTFS Permissions: Implement actual security
Result: Most restrictive combination applies

Administrative Shares

Default administrative shares: - C$, D$, etc.: Root of each drive - ADMIN$: Windows directory - IPC$: Inter-process communication - PRINT$: Printer drivers

Hidden Shares

Create hidden shares by appending $:

Share Name: Data$
Access via: \\server\Data$
Not visible in browse list

NTFS Permissions

Standard Permissions

  1. File Permissions
  2. Read (R): View file contents
  3. Write (W): Modify file
  4. Execute (X): Run programs
  5. Delete (D): Delete file
  6. Change Permissions (P): Modify ACL

  7. Take Ownership (O): Become owner

  8. Folder Permissions

  9. List (R): View folder contents
  10. Add (W): Create files/subfolders
  11. Add & Read (RW): Create and view
  12. Change (RWD): Full access except permissions
  13. Full Control (All): Complete access

Special Permissions

Access via Security → Advanced:

Directory Permissions:
- Traverse Folder/Execute File
- List Folder/Read Data
- Read Attributes
- Read Extended Attributes
- Create Files/Write Data
- Create Folders/Append Data
- Write Attributes
- Write Extended Attributes
- Delete Subfolders and Files
- Delete
- Read Permissions
- Change Permissions
- Take Ownership

Permission Inheritance

  1. Default Behavior
  2. Permissions inherit from parent
  3. Explicit permissions override inherited

  4. Can break inheritance

  5. Managing Inheritance Security → Advanced → [ ] Replace Permissions on Subdirectories [ ] Replace Permissions on Existing Files

Effective Permissions

Rules for determining access: 1. User permissions combine with group permissions 2. Most permissive wins (except Deny) 3. Deny always overrides Allow 4. Share and NTFS permissions combine (most restrictive)

Configuring User Home Directories

Server Configuration

  1. Create Home Directory Structure mkdir D:\Home Share as: Home$ Share Permissions: Everyone - Full Control

  2. NTFS Permissions D:\Home Administrators: Full Control CREATOR OWNER: Full Control (Subfolders and Files only) Domain Users: Create Folders (This Folder only)

User Configuration

  1. Individual Setup User Manager → User Properties → Profile Connect H: to \\server\home$\%username%

  2. Bulk Configuration batch for /f %%u in (users.txt) do ( net user %%u /homedir:\\server\home$\%%u /domain )

Home Directory Features

  • Automatic creation on first logon
  • Correct permissions set automatically
  • User has full control of their folder
  • Administrators maintain access

Department Shares

Creating Department Structure

  1. Create Folders D:\Shared\Departments\Sales D:\Shared\Departments\Marketing D:\Shared\Departments\Finance

  2. Set Permissions ``` Sales folder:

  3. Sales group: Change
  4. Sales Managers: Full Control
  5. Administrators: Full Control
  6. All others: No access ```

Access-Based Enumeration (Not available in NT 4.0)

Users see all shares but get "Access Denied" if no permissions

Workaround Using Multiple Shares

Create separate shares for each department: - \\server\Sales$ - \\server\Marketing$ - \\server\Finance$

Installing Print Services

  1. Add Printer Start → Settings → Printers Double-click "Add Printer" Choose "My Computer" for local printer Select port (LPT1, COM1, or TCP/IP)

  2. Network Printer Setup

  3. Install TCP/IP Printing service
  4. Create Standard TCP/IP Port
  5. Enter printer IP address

Printer Sharing

  1. Share Printer Printer Properties → Sharing [X] Shared Share Name: HP_Laser_Sales

  2. Additional Drivers Sharing tab → Additional Drivers Select other Windows versions Provide driver files

Default groups and permissions: - Everyone: Print - Creator Owner: Manage Documents - Administrators: Full Control - Power Users: Full Control

Custom permissions: - Print: Submit print jobs - Manage Documents: Delete any job - Manage Printer: Configure printer

Printer Pooling

  1. Install identical printers
  2. Printer Properties → Ports
  3. Select multiple ports
  4. Enable printer pooling

Priority Settings

Printer Properties  Advanced
Priority: 1 (lowest) to 99 (highest)
Create multiple printer objects for same device
Assign different priorities to different groups

Scheduling

Printer Properties  Advanced
Available from: 8:00 AM To: 6:00 PM
Create after-hours printer for large jobs

  1. Enable Auditing Printer Properties → Security → Auditing Add users/groups to audit Select events to audit

  2. Events to Monitor

  3. Print
  4. Delete
  5. Change Permissions
  6. Take Ownership

Disk Quotas (Third-Party Solutions)

NT 4.0 lacks built-in quotas. Options: 1. Directory Size Monitoring Scripts 2. Third-party Tools 3. Manual Monitoring

Sample Monitoring Script

@echo off
REM CheckUserSpace.bat

for /d %%u in (D:\Home\*) do (
    dir "%%u" /s | find "bytes" >> userspace.log
)

File System Maintenance

Disk Maintenance Tools

  1. CHKDSK chkdsk D: /f /r /f - Fix errors /r - Recover bad sectors

  2. Disk Defragmenter

  3. Not included in NT 4.0
  4. Use third-party tools

  5. Schedule regular defragmentation

  6. Compress Old Files compact /c /s:D:\Archive /i

Backup Strategies

  1. Built-in Backup ``` Start → Programs → Administrative Tools → Backup Select files/folders Choose backup type:
  2. Normal (Full)
  3. Incremental

  4. Differential ```

  5. Backup Types

  6. Normal: All files, clears archive bit
  7. Incremental: Changed files, clears archive bit
  8. Differential: Changed files, keeps archive bit
  9. Copy: All files, keeps archive bit

  10. Daily: Files changed today

  11. Recommended Schedule Sunday: Normal backup Monday-Thursday: Incremental Friday: Differential

Performance Optimization

File Service Optimization

  1. Server Service Settings ``` Control Panel → Network → Services → Server Optimization:
  2. Minimize Memory Used
  3. Balance
  4. Maximize Throughput for File Sharing

  5. Maximize Throughput for Network Applications ```

  6. Registry Tweaks ``` HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters

Size = 3 (Large cache) MaxWorkItems = 512 MaxMpxCt = 50 MaxRawWorkItems = 512 ```

Disk Performance

  1. Separate Spindles
  2. OS on C:
  3. Page file on D:
  4. Data on E:

  5. Logs on F:

  6. RAID Configuration

  7. RAID 1: OS and critical data
  8. RAID 5: General file storage
  9. RAID 0: Temporary files (risky)

Network Optimization

  1. Network Bindings ``` Control Panel → Network → Bindings Order protocols for best performance:
  2. Server → TCP/IP

  3. Server → NetBEUI ```

  4. Network Card Settings

  5. Full duplex when possible
  6. Highest speed supported
  7. Dedicated file server NIC

Monitoring File Services

Performance Monitor Counters

Key counters to monitor:

Server object:
- Bytes Total/sec
- Files Open
- Server Sessions
- Work Item Shortages

LogicalDisk object:
- % Disk Time
- Disk Queue Length
- Disk Bytes/sec

Cache object:
- Cache Hits %
- Cache Misses/sec

Event Log Monitoring

Watch for: - Disk errors (System Log) - Permission failures (Security Log) - Service failures (System Log) - Quota warnings (Application Log)

Capacity Planning

Regular reports on: - Disk space usage trends - Number of connections - Peak usage times - Growth rates

Security Best Practices

File Security

  1. Principle of Least Privilege
  2. Grant minimum necessary permissions
  3. Use groups for permission assignment

  4. Avoid Everyone group when possible

  5. Regular Audits

  6. Review permissions quarterly
  7. Check for orphaned SIDs

  8. Verify administrative access

  9. Sensitive Data

  10. Separate shares for confidential data
  11. Implement auditing
  12. Consider encryption (third-party)
  1. Restrict Management
  2. Limit who can manage printers
  3. Audit permission changes

  4. Document printer access

  5. Department Printers

  6. Create per-department print queues
  7. Restrict access by group
  8. Monitor usage

Troubleshooting

Common File Access Issues

Access Denied

  1. Check share permissions
  2. Check NTFS permissions
  3. Verify group membership
  4. Check for Deny permissions

Cannot Browse Shares

  1. Verify Computer Browser service
  2. Check WINS registration
  3. Ensure NetBIOS over TCP/IP enabled
  4. Try UNC path directly

Jobs Stuck in Queue

  1. Stop and restart spooler service
  2. Delete print jobs
  3. Check printer connectivity
  4. Verify correct driver

Cannot Connect to Printer

  1. Check printer share name
  2. Verify permissions
  3. Install correct driver
  4. Check network connectivity

Best Practices Summary

  1. Always use NTFS for local drives
  2. Implement least privilege access
  3. Regular backups are essential
  4. Monitor disk space proactively
  5. Document share structure and permissions
  6. Use groups for permission management
  7. Hide administrative shares when possible
  8. Audit sensitive data access
  9. Plan for growth in storage needs
  10. Test restore procedures regularly

Conclusion

File and print services are fundamental to Windows NT Server 4.0 functionality. Proper planning, implementation, and maintenance ensure reliable and secure resource sharing. Regular monitoring and optimization keep services running efficiently as demands grow.