Solved

How can I restrict network printers to pc's only

Posted on 2004-09-29
11
157 Views
Last Modified: 2010-04-14
Hi

We have windows 2000 servers and  windows 2000 pro clients here at a school.
We are currently using vb scripts on local machines to install network printers.
So when a user logs on a pc the network printers in that department are installed.
Currently with the setup, if a student visits all departments in one day, they shall have all the departments printers added to their profile. Which will allow them to print from any department pc's to any department printers.
This is what is happening now, and we want to allow only the geography computers to be able to print to the geography printer for eg.

Any advice would be much appreciated.

Thanks

H
0
Comment
Question by:downehouse
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 19

Expert Comment

by:Zaheer Iqbal
ID: 12178591
Well if you are using Active Directory then you will need to create groups I think related to printers.Such as Geography group science group..
Then give permission to them containers to user that require them,..
0
 

Author Comment

by:downehouse
ID: 12178695
Hi

Thanks for the reply,
But all the users require access to all the department printers.
I need to restrict them so only when they are using the history dept pc's they can only print to the histroy printer.
Im looking into creating printer groups in ad.

any other advice?
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12179635
I don't believe there's a simple way to stop the printing once the printers are installed.  Printing permissions are based on users and groups, not on the computer the print is coming from.  So I don't think there's a permission that can be set somewhere that'd say "allow print from PCs in this area but not from PCs in another area".  Is there any way of accomplishing this?  Yes, I think there is.  It just isn't clean and straightfoward.  Since printer permissions are based on users and groups, you could use a departmental login script to handle this.  The login script would add the user to a departmental print control group that allowed printing to that department's printers but disallowed print from all other departmental groups.  You'd then also need to create a logout script and remove the user from the local departmental group when they logged out.  For example, let's say we have two deprtments, geography and science.  We create two printer control groups, Geography Printers and Science Printers.  We then create or modify a login script so that when a user logs in from a geography computer they are added to the Geography Printers group and a duplicate script for the science department.  Next, we mod the permissions on the printers so that only users who are a member of the correct group can print to that group's printers.  Last, we create a logoff script that removes the user from whichever printer group they were assigned to when they logged in.  With this in place a user who logs in to a geography computer gets added to the Geography Printers group which has rights to print to any geography printer but does not have rights to print to a science printer.  Users logging in to a science computer can print to science printers but not to geography printers.  One problem with this idea is that it'd require users to have the right to add and remove group memberships.  If they can't, then this won't work at all.  The only other problem I see with this is if a user fails to logout properly and therefore doesn't run the logout script, then they'll still be a member of the wrong group should they log into a computer in a different department.  Perhaps that could be best solved by adding more code to the login script causing it to remove the user from all printer groups before adding them to the local printer group.  As I said, not clean, but I don't see a lot of other options.  
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 6

Expert Comment

by:tanelorn
ID: 12180775
Hi
you could edit your vb script for the students to delete the printers that are there already in their profile except for the one in their proximity.

vbscript giveth, and vbscript can taketh away...

Tanelorn

0
 
LVL 5

Expert Comment

by:scottman29
ID: 12180798
If you go to the NTFS security for a printer, you can allow security for a particular computer.  I've never tried it, but I wonder if you do that, if it would only let you print from that particular computer...

Give it a try!

Scott
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12181921
When you set the security to deny a particular computer, you're denying the machine account, not the account of any person who happens to be using that machine.  To make sure of this I denied my computer access to one of my printers and then tried printing to it.  The print went right through.  It makes you wonder what the point is of being able to assign permissions to a given computer.
0
 
LVL 6

Accepted Solution

by:
tanelorn earned 250 total points
ID: 12182017
hi,
I found a little code snippet that should make this happen..

put this before the call to map the printers
if you want,  post your script, and I'll tak a look at it...

(plagerized from http://www.dbforums.com/archive/index.php/t-774023.html  )

############snip###############

set wshNetwork = CreateObject ("WScript.Network")
'deletes all network printers
Set clPrinters = WshNetwork.EnumPrinterConnections
On Error Resume Next
For i = 0 to clPrinters.Count - 1 Step 2
wshNetwork.RemovePrinterConnection clPrinters.Item(i+1), true
Next


################snip###############
Tanelorn
0
 
LVL 6

Expert Comment

by:tanelorn
ID: 12182047
Hi,

this however won't prevent someone from mapping a printer if they know how...
I'm not sure what your priority is..
T
0
 

Author Comment

by:downehouse
ID: 12187858
Hi

Thanks for the advice.
Im going to try this vb script.
We have vb scripts running on the workstations to install the network printers.
This vb script to remove the printers im going try it in gpo, log off.
I will let you know how it goes.
Cheers

H
0
 

Author Comment

by:downehouse
ID: 12188638
Hi

My current vb script for network printer connection is :
Set WshNetwork = CreateObject("WScript.Network")
WshNetwork.AddWindowsPrinterConnection "\\server\printer"
WshNetwork.SetDefaultPrinter "\\server\printer"

Now I have added that delete network printers part and the script looks as below :

set wshNetwork = CreateObject ("WScript.Network")
'deletes all network printers
Set clPrinters = WshNetwork.EnumPrinterConnections
On Error Resume Next
For i = 0 to clPrinters.Count - 1 Step 2
wshNetwork.RemovePrinterConnection clPrinters.Item(i+1), true
Next

My current vb script for network printer connection is :
Set WshNetwork = CreateObject("WScript.Network")
WshNetwork.AddWindowsPrinterConnection "\\server\printer"
WshNetwork.SetDefaultPrinter "\\server\printer"

This seems to have sorted it out. This script is run on the local machine for all users.

Cheers for that mate.
0
 
LVL 6

Expert Comment

by:tanelorn
ID: 12189441
Hi,
I'm glad that worked for you!!

:)

Be well

T
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Syteline and a new domain controller 4 712
Auto kill system process when exceeding 80% CPU in windows 2000 8 214
Pskill not working on VBS script 4 153
no logon server available 8 157
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now