Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


How can I disable a network printer by Account?

Posted on 2006-10-24
Medium Priority
Last Modified: 2010-04-13
I'd like to make four users (or Windows User Accounts) on my computer.

User1 is able to print to network printer A (printer IP address for example -
User2 is able to print to network printer B (printer IP address for example -
User3 is able to print to network printer C (printer IP address for example -
User4 is unable to print.

What's the most efficient way of doing this?  I do not have any special networking software (Netware, etc.).  Can I use batch files?  Please show me the way for the points (i.e. if the solution is a batch file, show me the code...I practically need a dummies guide, just explanation more or less).  Thanks!
Question by:JOSHSKORN
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3

Expert Comment

ID: 17799741
If you check the properties of the printer there should be a security tab.  You can explicitly add user4 and give them the deny permissions.  You could also remove the everyone group and simply add the users (or group of users) that you want to allow to print.

Author Comment

ID: 17800212
I need a batch file to do this.

I apologize by the way, this should've been placed in the Windows XP category.  I'll see about moving the thread.

Expert Comment

ID: 17800330
It just so happens I've done something like this before.  I used SubInACL (download:  You can use this to grant and revoke priveleges to things like printers.  Here is the syntax:

subinacl /printer * /deny="domain\username"

This effectively prevents user4 from printing to the device.  This can be placed in a bactch file and run manually or from a computer startup script.  There are a ton of options for subinacl.  

Is this more like what you are looking for?

Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.


Author Comment

ID: 17800350
I apologize, the actual question is misleading.  Not only do I need to deny user4, but I need to route user1, user2, and user3 to a specific printer only by its IP address.  Does this solution accomplish this?  Obviously the deny option does not, and would be suitable for user4.

Will this work in a Windows XP Environment?  That's what I was aiming for.  I posted this accidentally in the wrong area.

Expert Comment

ID: 17800404
It should work the same for Windows XP.  There is a way to map different printers based on user IP address as well.  I'll see if I can dig up the batch file syntax.

Expert Comment

ID: 17802294
Defining a Logon script for a local logon requires the definition of a network share
called "netlogon" : create anywhere on the system a folder to contain the logon scripts
(example : scripts) and then share it using the name "netlogon" :

Inside this shared folder, create a BAT-file (typical using Notepad)
containing command-line instructions to be executed.

In User Management, define for the user(s) in the properties on the tab "Profile" the
BAT-file name as the "Logon Script"

If you have same printers you can install this and use “net use” to map right one.
NET USE [LPTx:] \\ComputerName\printer_share /PERSISTENT:NO
In batch file it could look like this

net use lpt2 /delete
net use lpt2 \\\hp_printer1 /PERSISTENT:NO

If you share the printer with its driver files it while automatics install driver if it need
when user using it.

You can also use XP own install function “PrintUIEntry”
From CMD you can run this to get syntax
rundll32 printui.dll,PrintUIEntry /?

It work like this.
start /wait rundll32 printui.dll,PrintUIEntry /if /b <PrinterName> /f <inf file> /r <port> /m <description>

If you have a LaserJet 1300 it could look like this.

start /wait rundll32 printui.dll,PrintUIEntry /if /b "LaserJet 1300" /f G:\fix\drv\hp1300\PCL6\hp1300m6.inf /r "lpt2:" /m "hp LaserJet 1300 PCL 6"

To set different printer to a user you can use variable “USERNAME”

if %username% == User1 goto p1
if %username% == User2 goto p2
goto :eof

net use lpt2 /delete
net use lpt2 \\\hp_printer1 /PERSISTENT:NO
goto :eof
net use lpt2 /delete
net use lpt2 \\\hp_printer2 /PERSISTENT:NO
goto :eof

You can use some if this to make a batch file that’s work for you.

Expert Comment

ID: 17802340
If you share the printer with username and password you can use

net use lpt2 \\\hp_printer1 password /USER:username /PERSISTENT:NO

Expert Comment

ID: 17802409
You can also use script that comes with windows

Author Comment

ID: 17844183
I'm currently testing on 2 printers.  These printers are identical, HP 4600n models.  Unfortunately, a test print indiicated the IP addresses are identical but different on DNS servers.  I found this out while trying to implement Dark King's solution.  I tried to change the setting from automatically obtain the DNS Server setting, to specifically identify a DNS, using the DNS server address obtained from the other printer's test print.  No luck.

I'm currently trying to communicate with the technical department of the school I work at, trying to figure out more information about the topology of the network.  I'm not much of a networking guru, but I'm thinking this is routed through a switch.

Author Comment

ID: 17844380
one thing I'm trying to do, is deny printing based on who logs into the computer.  I did try this line in a batch file with no success:

net use lpt2 /delete

I also went to the Printers and Faxes properties of my printer and saw that ltp2 was never in use.  Instead, it was IP_10.9.130.33.  I went ahead and modified the line to read

net use IP_10.9.130.33 /delete

Printing was still successful.  Again, trying to find a way to turn printing off with a batch file.  That is part of my original question.

Accepted Solution

Dark_King earned 1500 total points
ID: 17848094
“net use lpt2 /delete”
This only unmapped lpt2: you need to run “net use” to see with map port you using,
It cold be like this “net use \\ /delete”

Only thing I now of to disable printing from a batch file is to uninstall every printer
You can do this but like I say it while uninstall all printer, you have to install again for user
that’s need printing.

Remember this while remove all print driver.

@Echo Off
   If Not %1'==/?' Goto Begin
   Echo Removes Windows NT's printers (Registry-settings and printer driver's files).
   Echo %~n0
  (Goto :EOF)
  (Echo [Version]
   Echo Signature = "$Windows NT$"
   Echo [DefaultInstall]
   Echo DelReg = DelReg
   Echo AddReg = AddReg
   Echo [DelReg]
   Echo HKLM,"SYSTEM\CurrentControlSet\Control\Print\Printers"
   Echo HKLM,"SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers\Version-2"
   Echo HKLM,"SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers\Version-3"
   Echo HKCU,"Printers\Connections"
   Echo HKCU,"Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts"
   Echo HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\LanMan Print Services\Servers"
   Echo HKLM,"SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\Ports"
   Echo HKLM,"SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports"
   Echo [AddReg]
   Echo HKLM,"SYSTEM\CurrentControlSet\Control\Print\Printers","DefaultSpoolDirectory",,,
   Echo HKLM,"SYSTEM\CurrentControlSet\Control\Print\Printers","DefaultSpoolDirectory",,"%%SystemRoot%%\System32\spool\PRINTERS"
   Echo HKLM,"SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers\Version-2",,,
   Echo HKLM,"SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers\Version-2","Directory",,"2"
   Echo HKLM,"SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers\Version-2","MajorVersion",%%REG_DWORD%%,2
   Echo HKLM,"SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers\Version-2","MinorVersion",%%REG_DWORD%%,0
   Echo HKLM,"SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers\Version-3",,,
   Echo HKLM,"SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers\Version-3","Directory",,"2"
   Echo HKLM,"SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers\Version-3","MajorVersion",%%REG_DWORD%%,2
   Echo HKLM,"SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers\Version-3","MinorVersion",%%REG_DWORD%%,0
   Echo HKCU,"Printers\Connections"
   Echo HKCU,"Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts"
   Echo HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\LanMan Print Services\Servers"
   Echo HKLM,"SYSTEM\ControlSet001\Control\Print\Monitors\Standard TCP/IP Port\Ports"
   Echo HKLM,"SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports"
   Echo [Strings]
   Echo REG_SZ         = 0x00000000
   Echo REG_MULTI_SZ   = 0x00010000
   Echo REG_EXPAND_SZ  = 0x00020000
   Echo REG_BINARY     = 0x00000001
   Echo REG_DWORD      = 0x00010001)>%TEMP%.\$%~n0.inf
   If Not Exist %TEMP%.\$%~n0.inf (
     Echo Can not write to: %TEMP%.\$%~n0.inf
     Goto :EOF)
   Echo Remove all printers on %COMPUTERNAME%
   %SystemRoot%\system32\net.exe STOP SPOOLER
   %SystemRoot%\system32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 128 %TEMP%.\$%~n0.inf
   Del %TEMP%.\$%~n0.inf
   For %%F In (%SystemRoot%\system32\spool\drivers\w32x86) Do (
     %SystemRoot%\system32\attrib.exe -r -s -h %%F\*.* /S
     Del /Q /S %%F\*.*)
   %SystemRoot%\system32\net.exe START SPOOLER

But I still think using a Domain or AD with user rights is the best solution.

Author Comment

ID: 17892752
Originally I'd proposed using AD to my boss but another instructor told me that this would be overkill.  From what I understand, AD is a campus-wide policy.  This printing system would be simply for one computer lab inside of a campus.  We have our own server.  The IT staff currently has remote access to our client computers and we'd like to be able to maintain that.

With each printer we want to route jobs to, there are a group of say 20 computers each.  There are 4 printers.  Would it be easier to have only two logins, one with an active printer and another with no printing?  The for the first login, an administrator would have to login and point computers in Groups A, B, C, or D to printers A, B, C or D.  How would this idea be approached, instead?  Using Domains/Subdomains? AD?

Featured Post

Enroll in September's Course of the Month

This month’s featured course covers 16 hours of training in installation, management, and deployment of VMware vSphere virtualization environments. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : All lightning effects with instructions : http://www.mediaf…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question