Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

subinacl command - modify the everyone group on W2k3 print cluster

Posted on 2009-05-19
7
940 Views
Last Modified: 2012-05-07
To be able to change the everyone group on all printers in the cluster  to have only the ability to  "manage" print documents......

Anyone have a script.....or any advice....
0
Comment
Question by:mjm21
  • 5
  • 2
7 Comments
 
LVL 22

Assisted Solution

by:65td
65td earned 40 total points
ID: 24431615
Depending on the scripting used, one needs to collect the printer share information.

Then I run a bat file that uses the following:

 for /F "tokens=1*" %%a in (prt.txt) do call setprtacl.cmd %%a

Which calls a .cmd file:

REM *** print-server-name area

date /t >>C:\log\log-file.log
echo. >>C:\log\log-file.log
time /t >>C:\log\log-file.log
echo. >>C:\log\log-file.log

REM *** Set owner printer to domain\prt-svr-ctrl group

 subinacl /printer \\print-server-name\%1 /setowner="domain\prt-svr-ctrl">>C:\log\log-file.log
 
 REM *** Add print control group

 subinacl /printer \\print-server-name\%1 /Grant="domain\prt-svr-ctrl"=F >>C:\log\log-file.log

REM *** Revoke section -  ***

 subinacl /printer \\print-server-name\%1 /Revoke="Administrators" >>C:\log\log-file.log

 subinacl /printer \\print-server-name\%1 /Revoke="Power Users" >>C:\log\log-file.log

 subinacl /printer \\print-server-name\%1 /Revoke="Everyone" >>C:\log\log-file.log

REM  *** Add and Modify permissions section

REM *** Modify Administrators permissions from Full to print

 subinacl /printer \\print-server-name\%1 /Grant="Administrators"=P >>C:\log\log-file.log

REM *** Modify Power Users and Users permissions from Full to print

 subinacl /printer \\print-server-name\%1 /Grant="Power Users"=P >>C:\log\log-file.log
 
 subinacl /printer \\print-server-name\%1 /Grant="Users"=P >>C:\log\log-file.log

 subinacl /printer \\print-server-name\%1 /Grant="Print Operators"=F >>C:\log\log-file.log

REM *** Set permissions for PrintQueueOperators global group
 subinacl /printer \\print-server-name\%1 /Grant="PrintQueueOperators"=M >>C:\log\log-file.log

REM **  **  **  **  **  **  **  **  **  **  **  **  **  **  **  **  **  **  

date /t >>C:\log\log-file.log
echo. >>C:\log\log-file.log
time /t >>C:\log\log-file.log
echo. >>C:\log\log-file.log
ren C:\log\log-file.log *.txt


For the everyone group one would do this:
subinacl /printer \\print-server-name\%1 /Grant="Everyone"=M >>C:\log\log-file.log

I do not like using the everyone group but that's me.
0
 

Author Comment

by:mjm21
ID: 24436924
Thanks, but please Modify your batch file w/out all of the other stuff.....I am not revoking anything ...just adding the "modify documents" for the existing everyone's group....
0
 
LVL 22

Assisted Solution

by:65td
65td earned 40 total points
ID: 24440923
To modify the everyone group the way you want just run:

The batch with tokens line to call the batch with the .cmd with the line below only.

subinacl /printer \\print-server-name\%1 /Grant="Everyone"=M >>C:\log\log-file.log
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 

Author Comment

by:mjm21
ID: 24442075
Ok will try
0
 

Accepted Solution

by:
mjm21 earned 0 total points
ID: 24486868
The Set ACL command actually worked very well and very fast.

c:\setacl.exe -on "\\printclustername\%print%" -ot prn -actn ace -ace "n:everyone;p:man_docs"
c:\setacl.exe -on "\\printclustername\%print%" -ot prn -actn ace -ace "n:everyone;p:print"
 
0
 

Author Comment

by:mjm21
ID: 24486886
The Set ACL command actually worked very well and very fast.

c:\setacl.exe -on "\\printclustername\%print%" -ot prn -actn ace -ace "n:everyone;p:man_docs"
c:\setacl.exe -on "\\printclustername\%print%" -ot prn -actn ace -ace "n:everyone;p:print"
0
 

Author Comment

by:mjm21
ID: 24486888
The Set ACL command actually worked very well and very fast.

c:\setacl.exe -on "\\printclustername\%print%" -ot prn -actn ace -ace "n:everyone;p:man_docs"
c:\setacl.exe -on "\\printclustername\%print%" -ot prn -actn ace -ace "n:everyone;p:print"
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

My purpose is to describe the basic concepts of virtual memory as implemented in a modern Windows-based operating system. I will also describe the problems inherent in older systems and how virtual memory solves them. The dark ages - before virtu…
Many admins will agree: WSUS is is a nice invention but using it on the client side when updating a newly installed computer is still time consuming as you have to do several reboots and furthermore, the procedure of installing updates, rebooting an…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question