Solved

subinacl command - modify the everyone group on W2k3 print cluster

Posted on 2009-05-19
7
946 Views
Last Modified: 2012-05-07
To be able to change the everyone group on all printers in the cluster  to have only the ability to  "manage" print documents......

Anyone have a script.....or any advice....
0
Comment
Question by:mjm21
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
7 Comments
 
LVL 22

Assisted Solution

by:65td
65td earned 40 total points
ID: 24431615
Depending on the scripting used, one needs to collect the printer share information.

Then I run a bat file that uses the following:

 for /F "tokens=1*" %%a in (prt.txt) do call setprtacl.cmd %%a

Which calls a .cmd file:

REM *** print-server-name area

date /t >>C:\log\log-file.log
echo. >>C:\log\log-file.log
time /t >>C:\log\log-file.log
echo. >>C:\log\log-file.log

REM *** Set owner printer to domain\prt-svr-ctrl group

 subinacl /printer \\print-server-name\%1 /setowner="domain\prt-svr-ctrl">>C:\log\log-file.log
 
 REM *** Add print control group

 subinacl /printer \\print-server-name\%1 /Grant="domain\prt-svr-ctrl"=F >>C:\log\log-file.log

REM *** Revoke section -  ***

 subinacl /printer \\print-server-name\%1 /Revoke="Administrators" >>C:\log\log-file.log

 subinacl /printer \\print-server-name\%1 /Revoke="Power Users" >>C:\log\log-file.log

 subinacl /printer \\print-server-name\%1 /Revoke="Everyone" >>C:\log\log-file.log

REM  *** Add and Modify permissions section

REM *** Modify Administrators permissions from Full to print

 subinacl /printer \\print-server-name\%1 /Grant="Administrators"=P >>C:\log\log-file.log

REM *** Modify Power Users and Users permissions from Full to print

 subinacl /printer \\print-server-name\%1 /Grant="Power Users"=P >>C:\log\log-file.log
 
 subinacl /printer \\print-server-name\%1 /Grant="Users"=P >>C:\log\log-file.log

 subinacl /printer \\print-server-name\%1 /Grant="Print Operators"=F >>C:\log\log-file.log

REM *** Set permissions for PrintQueueOperators global group
 subinacl /printer \\print-server-name\%1 /Grant="PrintQueueOperators"=M >>C:\log\log-file.log

REM **  **  **  **  **  **  **  **  **  **  **  **  **  **  **  **  **  **  

date /t >>C:\log\log-file.log
echo. >>C:\log\log-file.log
time /t >>C:\log\log-file.log
echo. >>C:\log\log-file.log
ren C:\log\log-file.log *.txt


For the everyone group one would do this:
subinacl /printer \\print-server-name\%1 /Grant="Everyone"=M >>C:\log\log-file.log

I do not like using the everyone group but that's me.
0
 

Author Comment

by:mjm21
ID: 24436924
Thanks, but please Modify your batch file w/out all of the other stuff.....I am not revoking anything ...just adding the "modify documents" for the existing everyone's group....
0
 
LVL 22

Assisted Solution

by:65td
65td earned 40 total points
ID: 24440923
To modify the everyone group the way you want just run:

The batch with tokens line to call the batch with the .cmd with the line below only.

subinacl /printer \\print-server-name\%1 /Grant="Everyone"=M >>C:\log\log-file.log
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:mjm21
ID: 24442075
Ok will try
0
 

Accepted Solution

by:
mjm21 earned 0 total points
ID: 24486868
The Set ACL command actually worked very well and very fast.

c:\setacl.exe -on "\\printclustername\%print%" -ot prn -actn ace -ace "n:everyone;p:man_docs"
c:\setacl.exe -on "\\printclustername\%print%" -ot prn -actn ace -ace "n:everyone;p:print"
 
0
 

Author Comment

by:mjm21
ID: 24486886
The Set ACL command actually worked very well and very fast.

c:\setacl.exe -on "\\printclustername\%print%" -ot prn -actn ace -ace "n:everyone;p:man_docs"
c:\setacl.exe -on "\\printclustername\%print%" -ot prn -actn ace -ace "n:everyone;p:print"
0
 

Author Comment

by:mjm21
ID: 24486888
The Set ACL command actually worked very well and very fast.

c:\setacl.exe -on "\\printclustername\%print%" -ot prn -actn ace -ace "n:everyone;p:man_docs"
c:\setacl.exe -on "\\printclustername\%print%" -ot prn -actn ace -ace "n:everyone;p:print"
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many times while working on a computer regardless of any Operating System, lag and crashes seem to creep in, hindering your working speed. Sometimes, it can also cause your work to be lost unexpectedly and as a result, you are unable to meet your de…
This article describes how to set permissions to allow a limited-permissions user to start and stop a particular System Service.   It is always best to give users only the permissions that they need to perform their job, so tweaking particular permi…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question