We help IT Professionals succeed at work.

Prevent some pc's to access a network printer via tcpip

We have a network printer (Hp4000) in a school and would like to prevent some machines (25 pc's) from being able to print to it or create a tcpip port pointing to it. The network is a workgroup, not a domain, consisting of Windows XP machines.  All pc's and the printer are on the same subnet and should remain that way. Users on the pc's have admin rights.

It doesn't have to be a fool proof solution, or unbreakable solution. We just to minimize chances of using that printer accidentally from these 25 pc's.

Suggestions ? Is it possible to redirect a specific ip address to a dummy ip address using a hosts file, or a similar approach ?

Watch Question

Is it on a server? or is it being shared thru another PC on the network?


The printer is shared thru another pc on the network. We would also like to prevent a pc from being able to create a tcpip printer port pointing to the ip address of the network card of the printer, and be able to install a printer driver and print to that printer. Or somehow, block that tcpip address for certain machines. Possible ?
Most Valuable Expert 2013

>>Users on the pc's have admin rights.

This is your biggest hurdle.  If the users have absolute control over their PC's the best you can do is make this difficult for them.

Why not simply restrict users to limited accounts where the specified printers cannot be added to or removed?
Well if your users are all bright enough to do that, they're way futher along than mine :)
anyway, having all your users as admins makes it difficult since anything you can do they can undo.  

Check out this article...


Yo may also be able to set it thru their firewall but again, as admins they can just turn off the fire wall.

the other thing  to try..is their a security tab in the printer properties?  

On the Security tab for the shared printer.
Deny Print rights to the Everyone group.
Create a new group which includes only those users who need Print priveliges.
Allow Print rights to that group.
With most networked printers you can set an access control list. If this list is empty, all IP addresses have print access. To limit access, put the IP address of those PCs that need to print in it. All others will then be excluded. Note that this requires the PCs to have fixed IP addresses, so you may need to set up allocation tables in the DHCP server.

I don't know if the LJ 4000 supports this but have a look through it's web interface and if it's there you should find it with the other network settings.
you can use this software for restricting,