[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 283
  • Last Modified:

Username for accessing only printer

Hi,

I want to create a user name for accessing printer.
When users who are not from our domain and want to access ptinter
\\printservername then it would ask for a username.I want to create a username but i want it not to be able to do any thing else other than being able to access the print share.
Is there a way i can do this.
This user should not be able to login to any machine.
What are the permission groups that i need to add.

Regards
Sharath
0
bsharath
Asked:
bsharath
  • 15
  • 12
1 Solution
 
ibu1Commented:
If u don't have critical data on ur print server u can enable guest account and in the permission of share printer add the guest account and give the appropriate rights.
0
 
bsharathAuthor Commented:
You mean create a new user on the local machine
0
 
zoofanCommented:
I would think this would be as simple as
a)creata a user account
b)add the user to a group with permission to print
c)In the user properties select the account tab:
     Select     "user can not change password"
     Click "logon to" and enter the name of your print servers.

Keep in mind you may wish to remove this user from the domain users group depending on
other resource permissions.

assuming you dont allow domain users to logon on locally to the servers, this will allow them
the ability to logon to the server for netowrk resources only.

zf
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
zoofanCommented:
If you do remove the user from the "Domain Users" group you will most likely need to add the user to the local policy of the print servers under "Access this computer from the network.


zf
0
 
zoofanCommented:
Opps, sorry forgot to mention that policy settings is at

Computer Configuration\Windows Settings\Local Policies\User Rights Assignments\"Access this computer from the network"



zf
0
 
bsharathAuthor Commented:
In the member of tab what should i add.
0
 
zoofanCommented:
If your refering to the the who can access via the network, be sure not to change what is there, and add the new user account.  If you refering to the printer permission group, same thing leave whats there alone and add the new user.

zf
0
 
zoofanCommented:
and last one I forgot,  if your refering to the users, member of tab,  add to a printer permissions group.


the leaving membership- of the "domain users" is at your descretion as noted before, and be sure to read it all.

zf
0
 
bsharathAuthor Commented:
I have created a user called Printer but not able to remove the domain admin
0
 
zoofanCommented:
Umm,  first off you created a new user correct, NOT copied an exisiting one?

Second you will not be able to remove a user from a group if it is set to "Primary" you can see this on the member of page.  To change it select a different group that they are a member of and click set to primary.

If you made a copy of another account I suggest deleteing it and createing a new from scratch user!!


zf
0
 
bsharathAuthor Commented:
I created a new user
I have selected a group called print operator and selctd it to make it primary.But still shows a disable state to make it primary.
What group should i add as member
0
 
zoofanCommented:
In order for the gruop to be primary it must be Global Group, Not Local.
 Create a Global group named "Printer Guests"  
 and add the user to it, set as primary,
 and then add the "Printer guests" group to the "Printer Operators" group

If you remove the "Domain Users" Group,  you can now add the "Printer Guests" Group to the security policy "Allow access from the the network" on the server, as this will only contain the "Printer" account.

zf
0
 
bsharathAuthor Commented:
I have done as you said.

This part not able to get it.

you can now add the "Printer Guests" Group to the security policy "Allow access from the the network" on the server, as this will only contain the "Printer" account
0
 
zoofanCommented:
Ok if your "Printer" User is only a member of the "Printer Guests" Group and nothing else, then you will need to edit the local policy for the print servers. at
"Computer Configuration\Windows Settings\Local Policies\User Rights Assignments\"Access this computer from the network"

and add the group "Printer Guests" to the list.

as without membership in a "Domain users" group they will not have access to the server accross the network.


zf
0
 
bsharathAuthor Commented:
Are you talking about local security policy?
0
 
zoofanCommented:
Yes I am. But if these are DC's then you will need a GPO with that setting changed(Appplied to ONLY the print servers NOT all DC's.)

zf
0
 
bsharathAuthor Commented:
I have dc's
Then should i make changes on the DC?
In the print server i dont have the Group policy editor...
0
 
zoofanCommented:
Yes if the Print servers are DC's it will have to be a GPO applied to the DC's.  You can create and edit the GPO from any DC it will replicate.

here is the link for the GPO manager

http://www.microsoft.com/downloads/details.aspx?familyid=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&displaylang=en


zf
0
 
bsharathAuthor Commented:
In this i dont find the setting what you have mentioned.
I downloaded the software and installed it on the printserver but not able to find this option
0
 
zoofanCommented:
Right click the group policy select edit.

Sorry I missed one tree so here is the full path

expand the "computer COnfiguration" section
expand  the "Windows Settings" section
expand the "Securiity Settings" section
expand the "Local Policies" section
expand the "User rights Assignment" section

is the first one on the right side
"Access this computer form the network"

zf
0
 
zoofanCommented:
Did you find it ok?


zf
0
 
bsharathAuthor Commented:
Should i do this in Group policy management?
0
 
zoofanCommented:
Yes.

zf
0
 
bsharathAuthor Commented:
I have
Domain
Sites
Group policy modeling
group policy results.

Thats what is there in it.
0
 
zoofanCommented:
Oh sorry,

Expand Domains
then expand your domain name
then locate the OU that has your Print servers, right click and select Create and link GPO here.  then name it and click ok. Right click the GPO you created and select edit then


expand the "computer COnfiguration" section
expand  the "Windows Settings" section
expand the "Securiity Settings" section
expand the "Local Policies" section
expand the "User rights Assignment" section


zf
0
 
bsharathAuthor Commented:
Got it.But in the same OU i have many machines.?.Will there be any problem?
0
 
zoofanCommented:
Not if set the permissions correctly.  Heres what I would suggest based on all your pc accounts in one ou.  Create a new global group named "Print Servers" and add the pc's which are print servers.  then go back into the gpo manager and select your new gpo.  On the right side click delegation then lower right click advanced.  From here remove the "Authenticated Users" then click add.  Add the New global group "Print servers" and then check the Allow "apply group policy" box under "Permissions For" then click apply and ok on that window.  Back at the main GPO manager screen right click your gpo and select enforced. Should be good. x

zf

0
 
bsharathAuthor Commented:
Thanks a lot..
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 15
  • 12
Tackle projects and never again get stuck behind a technical roadblock.
Join Now