[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

subinacl command - modify the everyone group on W2k3 print cluster

Posted on 2009-05-19
7
Medium Priority
?
972 Views
Last Modified: 2012-05-07
To be able to change the everyone group on all printers in the cluster  to have only the ability to  "manage" print documents......

Anyone have a script.....or any advice....
0
Comment
Question by:mjm21
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
7 Comments
 
LVL 22

Assisted Solution

by:65td
65td earned 160 total points
ID: 24431615
Depending on the scripting used, one needs to collect the printer share information.

Then I run a bat file that uses the following:

 for /F "tokens=1*" %%a in (prt.txt) do call setprtacl.cmd %%a

Which calls a .cmd file:

REM *** print-server-name area

date /t >>C:\log\log-file.log
echo. >>C:\log\log-file.log
time /t >>C:\log\log-file.log
echo. >>C:\log\log-file.log

REM *** Set owner printer to domain\prt-svr-ctrl group

 subinacl /printer \\print-server-name\%1 /setowner="domain\prt-svr-ctrl">>C:\log\log-file.log
 
 REM *** Add print control group

 subinacl /printer \\print-server-name\%1 /Grant="domain\prt-svr-ctrl"=F >>C:\log\log-file.log

REM *** Revoke section -  ***

 subinacl /printer \\print-server-name\%1 /Revoke="Administrators" >>C:\log\log-file.log

 subinacl /printer \\print-server-name\%1 /Revoke="Power Users" >>C:\log\log-file.log

 subinacl /printer \\print-server-name\%1 /Revoke="Everyone" >>C:\log\log-file.log

REM  *** Add and Modify permissions section

REM *** Modify Administrators permissions from Full to print

 subinacl /printer \\print-server-name\%1 /Grant="Administrators"=P >>C:\log\log-file.log

REM *** Modify Power Users and Users permissions from Full to print

 subinacl /printer \\print-server-name\%1 /Grant="Power Users"=P >>C:\log\log-file.log
 
 subinacl /printer \\print-server-name\%1 /Grant="Users"=P >>C:\log\log-file.log

 subinacl /printer \\print-server-name\%1 /Grant="Print Operators"=F >>C:\log\log-file.log

REM *** Set permissions for PrintQueueOperators global group
 subinacl /printer \\print-server-name\%1 /Grant="PrintQueueOperators"=M >>C:\log\log-file.log

REM **  **  **  **  **  **  **  **  **  **  **  **  **  **  **  **  **  **  

date /t >>C:\log\log-file.log
echo. >>C:\log\log-file.log
time /t >>C:\log\log-file.log
echo. >>C:\log\log-file.log
ren C:\log\log-file.log *.txt


For the everyone group one would do this:
subinacl /printer \\print-server-name\%1 /Grant="Everyone"=M >>C:\log\log-file.log

I do not like using the everyone group but that's me.
0
 

Author Comment

by:mjm21
ID: 24436924
Thanks, but please Modify your batch file w/out all of the other stuff.....I am not revoking anything ...just adding the "modify documents" for the existing everyone's group....
0
 
LVL 22

Assisted Solution

by:65td
65td earned 160 total points
ID: 24440923
To modify the everyone group the way you want just run:

The batch with tokens line to call the batch with the .cmd with the line below only.

subinacl /printer \\print-server-name\%1 /Grant="Everyone"=M >>C:\log\log-file.log
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:mjm21
ID: 24442075
Ok will try
0
 

Accepted Solution

by:
mjm21 earned 0 total points
ID: 24486868
The Set ACL command actually worked very well and very fast.

c:\setacl.exe -on "\\printclustername\%print%" -ot prn -actn ace -ace "n:everyone;p:man_docs"
c:\setacl.exe -on "\\printclustername\%print%" -ot prn -actn ace -ace "n:everyone;p:print"
 
0
 

Author Comment

by:mjm21
ID: 24486886
The Set ACL command actually worked very well and very fast.

c:\setacl.exe -on "\\printclustername\%print%" -ot prn -actn ace -ace "n:everyone;p:man_docs"
c:\setacl.exe -on "\\printclustername\%print%" -ot prn -actn ace -ace "n:everyone;p:print"
0
 

Author Comment

by:mjm21
ID: 24486888
The Set ACL command actually worked very well and very fast.

c:\setacl.exe -on "\\printclustername\%print%" -ot prn -actn ace -ace "n:everyone;p:man_docs"
c:\setacl.exe -on "\\printclustername\%print%" -ot prn -actn ace -ace "n:everyone;p:print"
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Nathan Brom/Bromy2004 Introduction There are numerous websites out there for any different type of program you can imagine.  Of those, you'll need to decide which ones are legitimate and aren't trying to steal your money or infect your comput…
INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question