bsharath
asked on
Username for accessing only printer
Hi,
I want to create a user name for accessing printer.
When users who are not from our domain and want to access ptinter
\\printservername then it would ask for a username.I want to create a username but i want it not to be able to do any thing else other than being able to access the print share.
Is there a way i can do this.
This user should not be able to login to any machine.
What are the permission groups that i need to add.
Regards
Sharath
I want to create a user name for accessing printer.
When users who are not from our domain and want to access ptinter
\\printservername then it would ask for a username.I want to create a username but i want it not to be able to do any thing else other than being able to access the print share.
Is there a way i can do this.
This user should not be able to login to any machine.
What are the permission groups that i need to add.
Regards
Sharath
If u don't have critical data on ur print server u can enable guest account and in the permission of share printer add the guest account and give the appropriate rights.
ASKER
You mean create a new user on the local machine
I would think this would be as simple as
a)creata a user account
b)add the user to a group with permission to print
c)In the user properties select the account tab:
Select "user can not change password"
Click "logon to" and enter the name of your print servers.
Keep in mind you may wish to remove this user from the domain users group depending on
other resource permissions.
assuming you dont allow domain users to logon on locally to the servers, this will allow them
the ability to logon to the server for netowrk resources only.
zf
a)creata a user account
b)add the user to a group with permission to print
c)In the user properties select the account tab:
Select "user can not change password"
Click "logon to" and enter the name of your print servers.
Keep in mind you may wish to remove this user from the domain users group depending on
other resource permissions.
assuming you dont allow domain users to logon on locally to the servers, this will allow them
the ability to logon to the server for netowrk resources only.
zf
If you do remove the user from the "Domain Users" group you will most likely need to add the user to the local policy of the print servers under "Access this computer from the network.
zf
zf
Opps, sorry forgot to mention that policy settings is at
Computer Configuration\Windows Settings\Local Policies\User Rights Assignments\"Access this computer from the network"
zf
Computer Configuration\Windows Settings\Local Policies\User Rights Assignments\"Access this computer from the network"
zf
ASKER
In the member of tab what should i add.
If your refering to the the who can access via the network, be sure not to change what is there, and add the new user account. If you refering to the printer permission group, same thing leave whats there alone and add the new user.
zf
zf
and last one I forgot, if your refering to the users, member of tab, add to a printer permissions group.
the leaving membership- of the "domain users" is at your descretion as noted before, and be sure to read it all.
zf
the leaving membership- of the "domain users" is at your descretion as noted before, and be sure to read it all.
zf
ASKER
I have created a user called Printer but not able to remove the domain admin
Umm, first off you created a new user correct, NOT copied an exisiting one?
Second you will not be able to remove a user from a group if it is set to "Primary" you can see this on the member of page. To change it select a different group that they are a member of and click set to primary.
If you made a copy of another account I suggest deleteing it and createing a new from scratch user!!
zf
Second you will not be able to remove a user from a group if it is set to "Primary" you can see this on the member of page. To change it select a different group that they are a member of and click set to primary.
If you made a copy of another account I suggest deleteing it and createing a new from scratch user!!
zf
ASKER
I created a new user
I have selected a group called print operator and selctd it to make it primary.But still shows a disable state to make it primary.
What group should i add as member
I have selected a group called print operator and selctd it to make it primary.But still shows a disable state to make it primary.
What group should i add as member
In order for the gruop to be primary it must be Global Group, Not Local.
Create a Global group named "Printer Guests"
and add the user to it, set as primary,
and then add the "Printer guests" group to the "Printer Operators" group
If you remove the "Domain Users" Group, you can now add the "Printer Guests" Group to the security policy "Allow access from the the network" on the server, as this will only contain the "Printer" account.
zf
Create a Global group named "Printer Guests"
and add the user to it, set as primary,
and then add the "Printer guests" group to the "Printer Operators" group
If you remove the "Domain Users" Group, you can now add the "Printer Guests" Group to the security policy "Allow access from the the network" on the server, as this will only contain the "Printer" account.
zf
ASKER
I have done as you said.
This part not able to get it.
you can now add the "Printer Guests" Group to the security policy "Allow access from the the network" on the server, as this will only contain the "Printer" account
This part not able to get it.
you can now add the "Printer Guests" Group to the security policy "Allow access from the the network" on the server, as this will only contain the "Printer" account
Ok if your "Printer" User is only a member of the "Printer Guests" Group and nothing else, then you will need to edit the local policy for the print servers. at
"Computer Configuration\Windows Settings\Local Policies\User Rights Assignments\"Access this computer from the network"
and add the group "Printer Guests" to the list.
as without membership in a "Domain users" group they will not have access to the server accross the network.
zf
"Computer Configuration\Windows Settings\Local Policies\User Rights Assignments\"Access this computer from the network"
and add the group "Printer Guests" to the list.
as without membership in a "Domain users" group they will not have access to the server accross the network.
zf
ASKER
Are you talking about local security policy?
Yes I am. But if these are DC's then you will need a GPO with that setting changed(Appplied to ONLY the print servers NOT all DC's.)
zf
zf
ASKER
I have dc's
Then should i make changes on the DC?
In the print server i dont have the Group policy editor...
Then should i make changes on the DC?
In the print server i dont have the Group policy editor...
Yes if the Print servers are DC's it will have to be a GPO applied to the DC's. You can create and edit the GPO from any DC it will replicate.
here is the link for the GPO manager
http://www.microsoft.com/downloads/details.aspx?familyid=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&displaylang=en
zf
here is the link for the GPO manager
http://www.microsoft.com/downloads/details.aspx?familyid=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&displaylang=en
zf
ASKER
In this i dont find the setting what you have mentioned.
I downloaded the software and installed it on the printserver but not able to find this option
I downloaded the software and installed it on the printserver but not able to find this option
Right click the group policy select edit.
Sorry I missed one tree so here is the full path
expand the "computer COnfiguration" section
expand the "Windows Settings" section
expand the "Securiity Settings" section
expand the "Local Policies" section
expand the "User rights Assignment" section
is the first one on the right side
"Access this computer form the network"
zf
Sorry I missed one tree so here is the full path
expand the "computer COnfiguration" section
expand the "Windows Settings" section
expand the "Securiity Settings" section
expand the "Local Policies" section
expand the "User rights Assignment" section
is the first one on the right side
"Access this computer form the network"
zf
Did you find it ok?
zf
zf
ASKER
Should i do this in Group policy management?
Yes.
zf
zf
ASKER
I have
Domain
Sites
Group policy modeling
group policy results.
Thats what is there in it.
Domain
Sites
Group policy modeling
group policy results.
Thats what is there in it.
Oh sorry,
Expand Domains
then expand your domain name
then locate the OU that has your Print servers, right click and select Create and link GPO here. then name it and click ok. Right click the GPO you created and select edit then
expand the "computer COnfiguration" section
expand the "Windows Settings" section
expand the "Securiity Settings" section
expand the "Local Policies" section
expand the "User rights Assignment" section
zf
Expand Domains
then expand your domain name
then locate the OU that has your Print servers, right click and select Create and link GPO here. then name it and click ok. Right click the GPO you created and select edit then
expand the "computer COnfiguration" section
expand the "Windows Settings" section
expand the "Securiity Settings" section
expand the "Local Policies" section
expand the "User rights Assignment" section
zf
ASKER
Got it.But in the same OU i have many machines.?.Will there be any problem?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks a lot..