Go Premium for a chance to win a PS4. Enter to Win


How to prevent users from adding printers other than shared printers in Mac OS 10.4

Posted on 2007-11-30
Medium Priority
Last Modified: 2013-11-23
Hi Experts.
I have a lab with a mac server sharing two printers to 20 mac workstations. I would like those workstations to print to those shared printers only through the server. I already set it that way, but I would like to prevent students from adding additional printers (from other labs or from the same lab but skipping the server).
Is it possible to disable the Add button on the Printer Manager on OS 10.4, or any other way to prevent students from adding printers other than the server-shared ones?
Every student have their own network username and password. I don't think that it is a good idea to disable Bonjour or AppleTalk.
Thanks in advance for your response.

Open in new window

Question by:supportlaselledu
  • 4
  • 3
  • 2
LVL 19

Expert Comment

ID: 20386399
Dump apple talk completely. it is pretty much a dead protocol anyway. Use ip printing in your room instead. Adding a printer via ip will no longer  be just plug scroll and pick anymore. students can't connect to printers whose ip addresses they do not know. Here is a good link to get you going.

Author Comment

ID: 20388342
I disabled AppleTalk from the DirectoryAccess utility, but -as your article said, printers in the same network still are reachable using AppleTalk even after disabling it.
Currently, students can see printers from these connections:
Open Directory
Shared printers
I would like them to see only shared printers.
LVL 19

Expert Comment

ID: 20389490
The article was talking about disabling apple talk at the backbone article level.
that would stop them from accesing anything with apple talk outside your room. What are you using bonjor for?
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

LVL 39

Expert Comment

ID: 20393905
With most, if not all network printers you can disable AppleTalk on the printer. It's usually available somewhere if you point your browser at the printer's IP address. Or you can do it from the printer's front panel.

The other thing you may want to do is to set the printer so it will only accept prints from specified IP addresses (in your case, that of the server). That way users can no longer connect to it even with IP printing. This is also done with your browser.
LVL 19

Expert Comment

ID: 20398521
Yes that is even more detailed. I was thinking if you had a dedicated router for your room then disabling apple talk  at that level would not interfere with anyone else's ability to use it if they need it. HDhondt may also on a good track with the second suggestion. If no one else in the building still needs apple talk, or if no one in the whole building really needs apple talk any more than disabling  it at all the backbone routers would be the quickest way. Then you just need to do the second part of hdhondt's suggestion.

Author Comment

ID: 20399861
Thanks for your comments, but what I really need is to prevent students from adding printers to their workstations.
Even if I disable all protocols except TCP/IP in the mac-lab printer, students can see printers located in other labs, or in faculty offices.
There are hundreds of printers showing on Add Printers, of the connections I mentioned above.
Bonjour is a protocol innate to OS X and cannot be uninstalled without wreacking havoc on the system.
Disabling the Add button in the Print Manager will help, if you know how.
LVL 19

Accepted Solution

pheidius earned 2000 total points
ID: 20416282
I am only learning os X server myself for a lab sitiaution so I am not going to say I am an expert on this head. Workgroup Manager says it can do what you want
Printer preferences. Define a set of printers and a default printer for any user, group, or computer. With Workgroup
Manager, you dont need to set up printers on each computer in your organization. You can associate a computer
with a nearby printer, making it easy for users to find their printouts. You can also associate individual users with a
particular printer, regardless of the computer they are using. Workgroup Manager supports per-page print quotas to
limit printer use and can prevent unauthorized use of select printers. For example, you can permit unlimited use of
direct-connect inkjet printers, require administrator access for printing to specific printers, and restrict access to
expensive network color printers.
One way would be to not give them access to anything in system preferences much less add printer. But it looks like there are other ways too. Look at inclusive settings
LVL 39

Expert Comment

ID: 20416925
The printers will only show in Add Printers if AppleTalk is available on both the printer and the Mac. Disabling it on the firewall should fix that. The following link shows the port numbers used by AppleTalk. Set your firewall to block those ports.


For a TCP/IP printer you need to know the address before you can Add it. Of course, most students will find the address very quickly if they wants to. If you set your printers to only accept jobs specific addresses, that will stop people outside the lab from using your printer. Your students can then still print to other departments if they find the correct address, but at least you don't have to worry about your printers.

Author Closing Comment

ID: 31425232
AppleTalk is the least problem I have, because our workstations only show a couple of AppleTalk-connected printers. However, it shows dozens of Bonjour- and OpenDirectory-connected printers.
Pheidius, I think that a mac server is the way to go. I am going to buy one this week. We used the instructor computer as a print server. We never really bought an actual OS server, because we only have one lab with 20 macs on campus. the rest of our labs run on Windows, and all our servers are Windows too. But with all this printer headaches, I think that we really need a Mac server.
Thanks for your help!

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The /etc/authorization file in Mac OS X 10.x can be used to control access to the various panes of the System Preferences amongst other things. It’s used by some of us Mac Sys Admin’s to give Standard Users access to System Prefs panes that only adm…
When I recently replaced my image transfer kit on my office HP color laserjet 5550dn printer, I had a slight problem.  The left bracket that holds the transfer kit got stuck in the upright locked position instead of being at a 45 degree angle facing…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question