Print Queue management security permission

Posted on 2011-05-09
Last Modified: 2013-12-15
I have multiple Windows 2003 & 2008 printer servers used in an 2003 Active Directory enviroment. When I create a print queue, it gives only the PRINT permission to the "everyone" group. However, I want the "everyone" group to also have the "manage documents" permission by default when I create the queue.

What can I do to automatically set this permission when creating a printer queue?

Does anyone have a script that will set this permission for all printers on my server? I currently have over 400 printers on various MS Clustered print queues. They are mostly HP Printers.

I'm not a scripter, so please be specific. Thank you for your assistance.
Question by:Hardways8
    LVL 14

    Expert Comment

    You can use SubInACL

    SUBINACL /verbose=1 /printer "MY Laser" /grant=MYDOMAIN\Marketing=MP

    Bye Gastone
    LVL 14

    Expert Comment

    LVL 20

    Expert Comment

    I have use SETACL, very simple to use.

    SetACL.exe -on "\\server1\HP LaserJet 4050" -ot prn -actn ace
               -ace "n:domain1\HelpDesk;p:man_docs"

    Open in new window

    On the above example. it sets permissions to manage documents for group ‘HelpDesk’ from domain ‘domain1' on printer ‘HP LaserJet 4050' on server ‘server1'.
    LVL 16

    Expert Comment

    Why do you want to give the "Everyone" group the rights to manage documents?

    By default, each user already has the right to manage their own print jobs to a printer but no one else's.  Giving the Everyone group rights to "manage documents" would enable anybody to cancel anyone else's print jobs on that printer.  That isn't an ability I would give to a typical user.

    Author Comment

    Canali and Madajai, does Subinacl & setacl allow me to do apply the permission to all objects at once? Or do I need an entry for each printer? Is there a way to output the list first to see what the ACE's are?
    LVL 20

    Accepted Solution


    My apologizes for not responding as I have missed the notification. I have used setACL in a 2003 AD environment to set permission on printers. setACL set permission as a per object basis. If you need to apply multiple objects you can set a for loop statement.

    Following is an example, substitute echo with setACL can accomplish your needs.

    for %i in (pritnerA printerB printerC) do @echo \\server\%i

    Open in new window

    LVL 27

    Expert Comment

    This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
    Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
    This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
    With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now