Solved

How to prevent users from adding printers other than shared printers in Mac OS 10.4

Posted on 2007-11-30
9
1,036 Views
Last Modified: 2013-11-23
Hi Experts.
I have a lab with a mac server sharing two printers to 20 mac workstations. I would like those workstations to print to those shared printers only through the server. I already set it that way, but I would like to prevent students from adding additional printers (from other labs or from the same lab but skipping the server).
Is it possible to disable the Add button on the Printer Manager on OS 10.4, or any other way to prevent students from adding printers other than the server-shared ones?
Every student have their own network username and password. I don't think that it is a good idea to disable Bonjour or AppleTalk.
Thanks in advance for your response.

Open in new window

0
Comment
Question by:supportlaselledu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 19

Expert Comment

by:pheidius
ID: 20386399
Dump apple talk completely. it is pretty much a dead protocol anyway. Use ip printing in your room instead. Adding a printer via ip will no longer  be just plug scroll and pick anymore. students can't connect to printers whose ip addresses they do not know. Here is a good link to get you going.
http://kb.wisc.edu/ns/page.php?id=3635
0
 

Author Comment

by:supportlaselledu
ID: 20388342
I disabled AppleTalk from the DirectoryAccess utility, but -as your article said, printers in the same network still are reachable using AppleTalk even after disabling it.
Currently, students can see printers from these connections:
AppleTalk
Bonjour
Open Directory
Shared printers
I would like them to see only shared printers.
0
 
LVL 19

Expert Comment

by:pheidius
ID: 20389490
The article was talking about disabling apple talk at the backbone article level.
that would stop them from accesing anything with apple talk outside your room. What are you using bonjor for?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 38

Expert Comment

by:hdhondt
ID: 20393905
With most, if not all network printers you can disable AppleTalk on the printer. It's usually available somewhere if you point your browser at the printer's IP address. Or you can do it from the printer's front panel.

The other thing you may want to do is to set the printer so it will only accept prints from specified IP addresses (in your case, that of the server). That way users can no longer connect to it even with IP printing. This is also done with your browser.
0
 
LVL 19

Expert Comment

by:pheidius
ID: 20398521
Yes that is even more detailed. I was thinking if you had a dedicated router for your room then disabling apple talk  at that level would not interfere with anyone else's ability to use it if they need it. HDhondt may also on a good track with the second suggestion. If no one else in the building still needs apple talk, or if no one in the whole building really needs apple talk any more than disabling  it at all the backbone routers would be the quickest way. Then you just need to do the second part of hdhondt's suggestion.
0
 

Author Comment

by:supportlaselledu
ID: 20399861
Thanks for your comments, but what I really need is to prevent students from adding printers to their workstations.
Even if I disable all protocols except TCP/IP in the mac-lab printer, students can see printers located in other labs, or in faculty offices.
There are hundreds of printers showing on Add Printers, of the connections I mentioned above.
Bonjour is a protocol innate to OS X and cannot be uninstalled without wreacking havoc on the system.
Disabling the Add button in the Print Manager will help, if you know how.
0
 
LVL 19

Accepted Solution

by:
pheidius earned 500 total points
ID: 20416282
I am only learning os X server myself for a lab sitiaution so I am not going to say I am an expert on this head. Workgroup Manager says it can do what you want
http://www.digitaltransitions.ca/pdfs/Workgroup_Manager.pdf
Printer preferences. Define a set of printers and a default printer for any user, group, or computer. With Workgroup
Manager, you dont need to set up printers on each computer in your organization. You can associate a computer
with a nearby printer, making it easy for users to find their printouts. You can also associate individual users with a
particular printer, regardless of the computer they are using. Workgroup Manager supports per-page print quotas to
limit printer use and can prevent unauthorized use of select printers. For example, you can permit unlimited use of
direct-connect inkjet printers, require administrator access for printing to specific printers, and restrict access to
expensive network color printers.
 http://www.digitaltransitions.ca/pdfs/Workgroup_Manager.pdf
One way would be to not give them access to anything in system preferences much less add printer. But it looks like there are other ways too. Look at inclusive settings
0
 
LVL 38

Expert Comment

by:hdhondt
ID: 20416925
The printers will only show in Add Printers if AppleTalk is available on both the printer and the Mac. Disabling it on the firewall should fix that. The following link shows the port numbers used by AppleTalk. Set your firewall to block those ports.

http://www.stengel.net/tcpports.htm

For a TCP/IP printer you need to know the address before you can Add it. Of course, most students will find the address very quickly if they wants to. If you set your printers to only accept jobs specific addresses, that will stop people outside the lab from using your printer. Your students can then still print to other departments if they find the correct address, but at least you don't have to worry about your printers.
0
 

Author Closing Comment

by:supportlaselledu
ID: 31425232
AppleTalk is the least problem I have, because our workstations only show a couple of AppleTalk-connected printers. However, it shows dozens of Bonjour- and OpenDirectory-connected printers.
Pheidius, I think that a mac server is the way to go. I am going to buy one this week. We used the instructor computer as a print server. We never really bought an actual OS server, because we only have one lab with 20 macs on campus. the rest of our labs run on Windows, and all our servers are Windows too. But with all this printer headaches, I think that we really need a Mac server.
Thanks for your help!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When I recently replaced my image transfer kit on my office HP color laserjet 5550dn printer, I had a slight problem.  The left bracket that holds the transfer kit got stuck in the upright locked position instead of being at a 45 degree angle facing…
Printers have changed substantially in the last 30 or so years, not just in technical capabilities but in cost and usage as well.  Printers were originally used for interfacing with the operator, not necessarily for printing copy or pictures. In …
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question