How to prevent users from adding printers other than shared printers in Mac OS 10.4

Posted on 2007-11-30
Last Modified: 2013-11-23
Hi Experts.
I have a lab with a mac server sharing two printers to 20 mac workstations. I would like those workstations to print to those shared printers only through the server. I already set it that way, but I would like to prevent students from adding additional printers (from other labs or from the same lab but skipping the server).
Is it possible to disable the Add button on the Printer Manager on OS 10.4, or any other way to prevent students from adding printers other than the server-shared ones?
Every student have their own network username and password. I don't think that it is a good idea to disable Bonjour or AppleTalk.
Thanks in advance for your response.

Open in new window

Question by:supportlaselledu
  • 4
  • 3
  • 2
LVL 19

Expert Comment

ID: 20386399
Dump apple talk completely. it is pretty much a dead protocol anyway. Use ip printing in your room instead. Adding a printer via ip will no longer  be just plug scroll and pick anymore. students can't connect to printers whose ip addresses they do not know. Here is a good link to get you going.

Author Comment

ID: 20388342
I disabled AppleTalk from the DirectoryAccess utility, but -as your article said, printers in the same network still are reachable using AppleTalk even after disabling it.
Currently, students can see printers from these connections:
Open Directory
Shared printers
I would like them to see only shared printers.
LVL 19

Expert Comment

ID: 20389490
The article was talking about disabling apple talk at the backbone article level.
that would stop them from accesing anything with apple talk outside your room. What are you using bonjor for?
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

LVL 38

Expert Comment

ID: 20393905
With most, if not all network printers you can disable AppleTalk on the printer. It's usually available somewhere if you point your browser at the printer's IP address. Or you can do it from the printer's front panel.

The other thing you may want to do is to set the printer so it will only accept prints from specified IP addresses (in your case, that of the server). That way users can no longer connect to it even with IP printing. This is also done with your browser.
LVL 19

Expert Comment

ID: 20398521
Yes that is even more detailed. I was thinking if you had a dedicated router for your room then disabling apple talk  at that level would not interfere with anyone else's ability to use it if they need it. HDhondt may also on a good track with the second suggestion. If no one else in the building still needs apple talk, or if no one in the whole building really needs apple talk any more than disabling  it at all the backbone routers would be the quickest way. Then you just need to do the second part of hdhondt's suggestion.

Author Comment

ID: 20399861
Thanks for your comments, but what I really need is to prevent students from adding printers to their workstations.
Even if I disable all protocols except TCP/IP in the mac-lab printer, students can see printers located in other labs, or in faculty offices.
There are hundreds of printers showing on Add Printers, of the connections I mentioned above.
Bonjour is a protocol innate to OS X and cannot be uninstalled without wreacking havoc on the system.
Disabling the Add button in the Print Manager will help, if you know how.
LVL 19

Accepted Solution

pheidius earned 500 total points
ID: 20416282
I am only learning os X server myself for a lab sitiaution so I am not going to say I am an expert on this head. Workgroup Manager says it can do what you want
Printer preferences. Define a set of printers and a default printer for any user, group, or computer. With Workgroup
Manager, you dont need to set up printers on each computer in your organization. You can associate a computer
with a nearby printer, making it easy for users to find their printouts. You can also associate individual users with a
particular printer, regardless of the computer they are using. Workgroup Manager supports per-page print quotas to
limit printer use and can prevent unauthorized use of select printers. For example, you can permit unlimited use of
direct-connect inkjet printers, require administrator access for printing to specific printers, and restrict access to
expensive network color printers.
One way would be to not give them access to anything in system preferences much less add printer. But it looks like there are other ways too. Look at inclusive settings
LVL 38

Expert Comment

ID: 20416925
The printers will only show in Add Printers if AppleTalk is available on both the printer and the Mac. Disabling it on the firewall should fix that. The following link shows the port numbers used by AppleTalk. Set your firewall to block those ports.

For a TCP/IP printer you need to know the address before you can Add it. Of course, most students will find the address very quickly if they wants to. If you set your printers to only accept jobs specific addresses, that will stop people outside the lab from using your printer. Your students can then still print to other departments if they find the correct address, but at least you don't have to worry about your printers.

Author Closing Comment

ID: 31425232
AppleTalk is the least problem I have, because our workstations only show a couple of AppleTalk-connected printers. However, it shows dozens of Bonjour- and OpenDirectory-connected printers.
Pheidius, I think that a mac server is the way to go. I am going to buy one this week. We used the instructor computer as a print server. We never really bought an actual OS server, because we only have one lab with 20 macs on campus. the rest of our labs run on Windows, and all our servers are Windows too. But with all this printer headaches, I think that we really need a Mac server.
Thanks for your help!

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Control iMac With MacBook Keyboard 5 66
3D Printing Options 2 29
Keychain won't accept new passwords that are told to be added to it. 7 74
MAC OS  - folder permissions 4 37
If you are using Mac OS X and have a large number of login items set up in accounts, under system preferences, you may find that your computer is sluggish and unresponsive during startup until everything is done launching. Another problem that a…
In this article we have discussed about the OS X EI Capitan and how to fix Wi-Fi issue in OS X El Capitan. We have explained how to delete system level preferences and create a new Wi-Fi location to resolve Wi-Fi issue.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
In an interesting question ( here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question