?
Solved

subinacl command - modify the everyone group on W2k3 print cluster

Posted on 2009-05-19
7
Medium Priority
?
961 Views
Last Modified: 2012-05-07
To be able to change the everyone group on all printers in the cluster  to have only the ability to  "manage" print documents......

Anyone have a script.....or any advice....
0
Comment
Question by:mjm21
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
7 Comments
 
LVL 22

Assisted Solution

by:65td
65td earned 160 total points
ID: 24431615
Depending on the scripting used, one needs to collect the printer share information.

Then I run a bat file that uses the following:

 for /F "tokens=1*" %%a in (prt.txt) do call setprtacl.cmd %%a

Which calls a .cmd file:

REM *** print-server-name area

date /t >>C:\log\log-file.log
echo. >>C:\log\log-file.log
time /t >>C:\log\log-file.log
echo. >>C:\log\log-file.log

REM *** Set owner printer to domain\prt-svr-ctrl group

 subinacl /printer \\print-server-name\%1 /setowner="domain\prt-svr-ctrl">>C:\log\log-file.log
 
 REM *** Add print control group

 subinacl /printer \\print-server-name\%1 /Grant="domain\prt-svr-ctrl"=F >>C:\log\log-file.log

REM *** Revoke section -  ***

 subinacl /printer \\print-server-name\%1 /Revoke="Administrators" >>C:\log\log-file.log

 subinacl /printer \\print-server-name\%1 /Revoke="Power Users" >>C:\log\log-file.log

 subinacl /printer \\print-server-name\%1 /Revoke="Everyone" >>C:\log\log-file.log

REM  *** Add and Modify permissions section

REM *** Modify Administrators permissions from Full to print

 subinacl /printer \\print-server-name\%1 /Grant="Administrators"=P >>C:\log\log-file.log

REM *** Modify Power Users and Users permissions from Full to print

 subinacl /printer \\print-server-name\%1 /Grant="Power Users"=P >>C:\log\log-file.log
 
 subinacl /printer \\print-server-name\%1 /Grant="Users"=P >>C:\log\log-file.log

 subinacl /printer \\print-server-name\%1 /Grant="Print Operators"=F >>C:\log\log-file.log

REM *** Set permissions for PrintQueueOperators global group
 subinacl /printer \\print-server-name\%1 /Grant="PrintQueueOperators"=M >>C:\log\log-file.log

REM **  **  **  **  **  **  **  **  **  **  **  **  **  **  **  **  **  **  

date /t >>C:\log\log-file.log
echo. >>C:\log\log-file.log
time /t >>C:\log\log-file.log
echo. >>C:\log\log-file.log
ren C:\log\log-file.log *.txt


For the everyone group one would do this:
subinacl /printer \\print-server-name\%1 /Grant="Everyone"=M >>C:\log\log-file.log

I do not like using the everyone group but that's me.
0
 

Author Comment

by:mjm21
ID: 24436924
Thanks, but please Modify your batch file w/out all of the other stuff.....I am not revoking anything ...just adding the "modify documents" for the existing everyone's group....
0
 
LVL 22

Assisted Solution

by:65td
65td earned 160 total points
ID: 24440923
To modify the everyone group the way you want just run:

The batch with tokens line to call the batch with the .cmd with the line below only.

subinacl /printer \\print-server-name\%1 /Grant="Everyone"=M >>C:\log\log-file.log
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:mjm21
ID: 24442075
Ok will try
0
 

Accepted Solution

by:
mjm21 earned 0 total points
ID: 24486868
The Set ACL command actually worked very well and very fast.

c:\setacl.exe -on "\\printclustername\%print%" -ot prn -actn ace -ace "n:everyone;p:man_docs"
c:\setacl.exe -on "\\printclustername\%print%" -ot prn -actn ace -ace "n:everyone;p:print"
 
0
 

Author Comment

by:mjm21
ID: 24486886
The Set ACL command actually worked very well and very fast.

c:\setacl.exe -on "\\printclustername\%print%" -ot prn -actn ace -ace "n:everyone;p:man_docs"
c:\setacl.exe -on "\\printclustername\%print%" -ot prn -actn ace -ace "n:everyone;p:print"
0
 

Author Comment

by:mjm21
ID: 24486888
The Set ACL command actually worked very well and very fast.

c:\setacl.exe -on "\\printclustername\%print%" -ot prn -actn ace -ace "n:everyone;p:man_docs"
c:\setacl.exe -on "\\printclustername\%print%" -ot prn -actn ace -ace "n:everyone;p:print"
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question