Solved

How can I restrict network printers to pc's only

Posted on 2004-09-29
11
158 Views
Last Modified: 2010-04-14
Hi

We have windows 2000 servers and  windows 2000 pro clients here at a school.
We are currently using vb scripts on local machines to install network printers.
So when a user logs on a pc the network printers in that department are installed.
Currently with the setup, if a student visits all departments in one day, they shall have all the departments printers added to their profile. Which will allow them to print from any department pc's to any department printers.
This is what is happening now, and we want to allow only the geography computers to be able to print to the geography printer for eg.

Any advice would be much appreciated.

Thanks

H
0
Comment
Question by:downehouse
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 19

Expert Comment

by:Zaheer Iqbal
ID: 12178591
Well if you are using Active Directory then you will need to create groups I think related to printers.Such as Geography group science group..
Then give permission to them containers to user that require them,..
0
 

Author Comment

by:downehouse
ID: 12178695
Hi

Thanks for the reply,
But all the users require access to all the department printers.
I need to restrict them so only when they are using the history dept pc's they can only print to the histroy printer.
Im looking into creating printer groups in ad.

any other advice?
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12179635
I don't believe there's a simple way to stop the printing once the printers are installed.  Printing permissions are based on users and groups, not on the computer the print is coming from.  So I don't think there's a permission that can be set somewhere that'd say "allow print from PCs in this area but not from PCs in another area".  Is there any way of accomplishing this?  Yes, I think there is.  It just isn't clean and straightfoward.  Since printer permissions are based on users and groups, you could use a departmental login script to handle this.  The login script would add the user to a departmental print control group that allowed printing to that department's printers but disallowed print from all other departmental groups.  You'd then also need to create a logout script and remove the user from the local departmental group when they logged out.  For example, let's say we have two deprtments, geography and science.  We create two printer control groups, Geography Printers and Science Printers.  We then create or modify a login script so that when a user logs in from a geography computer they are added to the Geography Printers group and a duplicate script for the science department.  Next, we mod the permissions on the printers so that only users who are a member of the correct group can print to that group's printers.  Last, we create a logoff script that removes the user from whichever printer group they were assigned to when they logged in.  With this in place a user who logs in to a geography computer gets added to the Geography Printers group which has rights to print to any geography printer but does not have rights to print to a science printer.  Users logging in to a science computer can print to science printers but not to geography printers.  One problem with this idea is that it'd require users to have the right to add and remove group memberships.  If they can't, then this won't work at all.  The only other problem I see with this is if a user fails to logout properly and therefore doesn't run the logout script, then they'll still be a member of the wrong group should they log into a computer in a different department.  Perhaps that could be best solved by adding more code to the login script causing it to remove the user from all printer groups before adding them to the local printer group.  As I said, not clean, but I don't see a lot of other options.  
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 6

Expert Comment

by:tanelorn
ID: 12180775
Hi
you could edit your vb script for the students to delete the printers that are there already in their profile except for the one in their proximity.

vbscript giveth, and vbscript can taketh away...

Tanelorn

0
 
LVL 5

Expert Comment

by:scottman29
ID: 12180798
If you go to the NTFS security for a printer, you can allow security for a particular computer.  I've never tried it, but I wonder if you do that, if it would only let you print from that particular computer...

Give it a try!

Scott
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12181921
When you set the security to deny a particular computer, you're denying the machine account, not the account of any person who happens to be using that machine.  To make sure of this I denied my computer access to one of my printers and then tried printing to it.  The print went right through.  It makes you wonder what the point is of being able to assign permissions to a given computer.
0
 
LVL 6

Accepted Solution

by:
tanelorn earned 250 total points
ID: 12182017
hi,
I found a little code snippet that should make this happen..

put this before the call to map the printers
if you want,  post your script, and I'll tak a look at it...

(plagerized from http://www.dbforums.com/archive/index.php/t-774023.html  )

############snip###############

set wshNetwork = CreateObject ("WScript.Network")
'deletes all network printers
Set clPrinters = WshNetwork.EnumPrinterConnections
On Error Resume Next
For i = 0 to clPrinters.Count - 1 Step 2
wshNetwork.RemovePrinterConnection clPrinters.Item(i+1), true
Next


################snip###############
Tanelorn
0
 
LVL 6

Expert Comment

by:tanelorn
ID: 12182047
Hi,

this however won't prevent someone from mapping a printer if they know how...
I'm not sure what your priority is..
T
0
 

Author Comment

by:downehouse
ID: 12187858
Hi

Thanks for the advice.
Im going to try this vb script.
We have vb scripts running on the workstations to install the network printers.
This vb script to remove the printers im going try it in gpo, log off.
I will let you know how it goes.
Cheers

H
0
 

Author Comment

by:downehouse
ID: 12188638
Hi

My current vb script for network printer connection is :
Set WshNetwork = CreateObject("WScript.Network")
WshNetwork.AddWindowsPrinterConnection "\\server\printer"
WshNetwork.SetDefaultPrinter "\\server\printer"

Now I have added that delete network printers part and the script looks as below :

set wshNetwork = CreateObject ("WScript.Network")
'deletes all network printers
Set clPrinters = WshNetwork.EnumPrinterConnections
On Error Resume Next
For i = 0 to clPrinters.Count - 1 Step 2
wshNetwork.RemovePrinterConnection clPrinters.Item(i+1), true
Next

My current vb script for network printer connection is :
Set WshNetwork = CreateObject("WScript.Network")
WshNetwork.AddWindowsPrinterConnection "\\server\printer"
WshNetwork.SetDefaultPrinter "\\server\printer"

This seems to have sorted it out. This script is run on the local machine for all users.

Cheers for that mate.
0
 
LVL 6

Expert Comment

by:tanelorn
ID: 12189441
Hi,
I'm glad that worked for you!!

:)

Be well

T
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
The Nano Server Image Builder helps you create a custom Nano Server image and bootable USB media with the aid of a graphical interface. Based on the inputs you provide, it generates images for deployment and creates reusable PowerShell scripts that …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question