Solved

Guest Logon - Single Printer Only - No Interactive Logon For Computers

Posted on 2003-11-13
11
443 Views
Last Modified: 2008-02-01
I would like to have guest account that only allows access to a specific network printer, and nothing else. I do not want this account to be able to log onto any compturs interactively. I pretty much want it to be denied to every other resource out there. Is this possible?
0
Comment
Question by:J. Smith
  • 4
  • 3
  • 3
11 Comments
 
LVL 5

Expert Comment

by:vtobusman
ID: 9741194
Why yes it is....
  What version of windows are you using so that we may be able to assist you better?
0
 
LVL 4

Author Comment

by:J. Smith
ID: 9741215
The client could be anything, it's a printer for customers and salesmen who come in and need to do some quick printing. FYI: The user will be authenticating through W2K Active Directory.
0
 
LVL 5

Accepted Solution

by:
vtobusman earned 50 total points
ID: 9741527
even better  on the win 2k server create and account for the computer and just give him print only permissions and deny log-on locally.. ...wait are the bringing in their laptops ??
and you have no control of the os ??

   hmmm if so then buy this
http://www.compgeeks.com/details.asp?invtid=DI-704P-R
   it 34 bucks hook the wan side to your network.... hook the priter to it.. and the user will plug into it get access to the printer only..... just configure the router with no gateway...
 
0
 
LVL 4

Author Comment

by:J. Smith
ID: 9741725
they are laptops which i have no control over if it's a customer

the soho print server would not work since employees will be printing to it and accessing other servers.
0
 
LVL 5

Expert Comment

by:vtobusman
ID: 9742127
is it a network printer ie it has an ip address if so the so thing will work just put it in the dmz..
  other than that..
you would need to setup a server with 2 nic in it and dhcp...

i nic connected to your network and the other nic to the network for the customers..
setup dhcp on that interface so that the customer can get an address and the server just set it up as a stand alone print server... remove all gatways on it so the it wont rout from 1 network to the next...
 
  um other than that  good luck
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 1

Expert Comment

by:riannuzzi
ID: 9759716
If you only want to access the printer do this. Have the client login locally NOT into the domain. Set up Standard TCP/IP printing using RAW to the IP address of that printer.
0
 
LVL 4

Author Comment

by:J. Smith
ID: 9766280
What i'm looking for here is for the customer/sales employee to be able to type : \\domain-controller, right click on the printer and click connect. Is this possible to do without giving them access to any other resource?
0
 
LVL 1

Expert Comment

by:riannuzzi
ID: 9766920
Yes you can do that. Just enable your guest account, put in a password, go to the print server properties, go to the printer specific properties and allow the guest account to print only on that printer through the security settings.

Netbios to the print server and click connect. You will then be mapped to the printer. Of course to do this you must have a computer account in the domain and login to the domain with the guest account. You will not be able to login locally to the station and do this.
0
 
LVL 4

Author Comment

by:J. Smith
ID: 9767209
yes, but the guest account is a part of the everyone group which has access to shares with security set to everyone. although those type of shares have low security risks, I do not want customers to have access to them. therefore, I need an account that is capable of listing printers attached to the domain, connect to them and that's about it. maybe this is not possible?
0
 
LVL 1

Expert Comment

by:riannuzzi
ID: 9767408
Customers can only see them if they are shared, it is the folder permissions not the share permissions that decides whether you can access them or not. On a default win2k networks guests can't access any resources... it is you who decides that, anyway you look at it, if the computer has an account in the domain you are at risk, regardless of what username they use. If you are that scared, and i would too, do not have them log-into the domain. Have them login locally and use LPR or RAW to connect directly to a printer, these items will be saved with the profile and they will no have access to your domain....
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Resolve DNS query failed errors for Exchange
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now