• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1152
  • Last Modified:

Print Queue management security permission

I have multiple Windows 2003 & 2008 printer servers used in an 2003 Active Directory enviroment. When I create a print queue, it gives only the PRINT permission to the "everyone" group. However, I want the "everyone" group to also have the "manage documents" permission by default when I create the queue.

What can I do to automatically set this permission when creating a printer queue?

Does anyone have a script that will set this permission for all printers on my server? I currently have over 400 printers on various MS Clustered print queues. They are mostly HP Printers.

I'm not a scripter, so please be specific. Thank you for your assistance.
1 Solution
You can use SubInACL


SUBINACL /verbose=1 /printer "MY Laser" /grant=MYDOMAIN\Marketing=MP

Bye Gastone
I have use SETACL, very simple to use.

SetACL.exe -on "\\server1\HP LaserJet 4050" -ot prn -actn ace
           -ace "n:domain1\HelpDesk;p:man_docs"

Open in new window

On the above example. it sets permissions to manage documents for group ‘HelpDesk’ from domain ‘domain1' on printer ‘HP LaserJet 4050' on server ‘server1'.
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Spike99On-Site IT TechnicianCommented:
Why do you want to give the "Everyone" group the rights to manage documents?

By default, each user already has the right to manage their own print jobs to a printer but no one else's.  Giving the Everyone group rights to "manage documents" would enable anybody to cancel anyone else's print jobs on that printer.  That isn't an ability I would give to a typical user.
Hardways8Author Commented:
Canali and Madajai, does Subinacl & setacl allow me to do apply the permission to all objects at once? Or do I need an entry for each printer? Is there a way to output the list first to see what the ACE's are?

My apologizes for not responding as I have missed the notification. I have used setACL in a 2003 AD environment to set permission on printers. setACL set permission as a per object basis. If you need to apply multiple objects you can set a for loop statement.

Following is an example, substitute echo with setACL can accomplish your needs.

for %i in (pritnerA printerB printerC) do @echo \\server\%i

Open in new window

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now