Solved

How do I manage my printers in a workgroup environment with HP JetAdmin 10.3

Posted on 2013-05-24
9
549 Views
Last Modified: 2013-06-18
Good afternoon experts,

I am inquiring about the possibility of using Hp JetAdmin to manage and maintain printers that are a part of a terminals services printer server in an ActiveDirectory Environment.

I only have purview of the workgroup environment so , I cant do things like turn on SNMP to set thresholds and errors levels that relate to low paper, printer jams, problems with the
printer in general , like a bad fuser or flakey network card.

I certainly was able to log on to my terminal services active directory account to run a small script that utilizes the wmi win_32printer class, but that about the limit of my control. The most important this my script captured was the port number which is in correlation to the Ipadress.

I want an email to be set when a certain threshold is met or an error occurs, but I dont know if hpjetadmin is the tool to use. It is supposed to be able to manage non hp printers too, but if I cant turn on SNMP then it seems to be useless to use hpjet admin.

Are there any free or opensource tools that I can easily do what I mentioned above, including but not limited to doing things like changing the location comment field if I move the printer from one location to the next.

To be clear, I am not a member of domain admins so, My access is limited on the terminal services login. that will be changing soon, as I will at some point be in charge of all networks, including active directory.

Your comment or potential solutions would be appreciated.

For completeness the following snapshot is how I have hp jet admin configured. It has some printers but not all of them, and snapshot of the terminal services printers.

!
!

Also, does turning on snmp for the printer represent a vulnerability in security and if so, how can I mitigate said vulnerability:



To my
0
Comment
Question by:BLACK THANOS
  • 3
  • 3
  • 3
9 Comments
 
LVL 38

Accepted Solution

by:
Herman D'Hondt earned 200 total points
ID: 39198338
As far as I know, all tools used to monitor printers use SNMP. If that is disabled they will not be able to get printer info.

The only other way is through the ability of some rare printers to send an email if they have a problem. An example is the Xerox Phaser 8560. Here's what its manual says:

MaiLinX Alerts
MaiLinX alerts enable the printer to automatically send email to the system administrator and
others under the following conditions:
¦ When printer errors, warnings, and alerts occur.
¦ When the printer requires attention (for example, when service is required or supplies need
to be replenished).
¦ When a reply to a CentreWare IS Remote Internet Printing message is desired. For more
information about CentreWare IS Remote Internet printing, click the Help button in
CentreWare IS to go to CentreWare IS Online Help.
Three designated users can receive messages:
¦ SysAdmin
¦ Service
¦ Key
Printer messages reporting errors, alerts, and warnings can be individually assigned to any of
these users. You can customize the message text and the subject line in the Status Notification
messages. Status Notification is supplied by the printer’s Simple Mail Transport Protocol
(SMTP) client.
0
 
LVL 7

Assisted Solution

by:eerwalters
eerwalters earned 300 total points
ID: 39198483
HP WebJetAdmin is for managing the printers themselves for configs and reporting. Like the toner level, print job counts, NIC configurations, tray configurations, firmware revisions, etc.  You will also usually have more limited functionality with non-HP printers.  It is not for managing anything in AD or Terminal Services.

  Most setups of Terminal Services are just creating printers that exist on the PC that is connecting via RDP when it connects.  This is automatic so there is really not much to manage.

  SNMP to a printer is not a big security risk.  
      You can lock down connectivity to the printers but you would have to make sure that all PCs are going through a print server to make the lockdowns effective.  Meaning that if the PCs currently print directly to the printers, you cannot lockdown a specific protocol to specific PCs.  However, if they print through a print server you can lockdown IP connectivity on each printer so only the print server(s), WebJetAdmin machine and some admin PCs (or segments) can access the printers.  That would eliminate SNMP concerns.
0
 
LVL 38

Assisted Solution

by:Herman D'Hondt
Herman D'Hondt earned 200 total points
ID: 39199950
Further to eerwalters' comment.

Indeed, SNMP is rarely a valid security concern. There is very little a hacker would be able to do with it. Yes, a hacker could obtain some printer settings, but it's not possible to access things like prints via SNMP. Wikipedia lists the main issues. Apart from printer management, it is really only used so installers can find a printer on the network. If that is the issue, then eerwalters' comment applies. In case it was not clear, here's some explanation (note that even without SNMP you can install a printer as long as you know its IP addrses).

With an IP printer, anyone with the right permissions can install a "local" printer  on a PC. Just create a Standard TCP/IP port with the printer's address and you're in business. To stop that from happening, you can set an "access list" on the printer. With an empty list, any PC can print to it. Once there are one or more addresses in the list, only those addresses can print. So, to secure the printer, put the addresses of the server in the list. Then, in order to print, you must print via the server; no other PC can print direct. That removes the last worry about SNMP.
0
 

Author Comment

by:BLACK THANOS
ID: 39202507
Experts hdhondt and eerwalters,

my concerns about snmp was only an after thought. The root of my problem is that I want to use WebJetAdmin to notify me of conditions such as eerwalters quoted as:

"HP WebJetAdmin is for managing the printers themselves for configs and reporting. Like the toner level, print job counts, NIC configurations, tray configurations, firmware revisions, etc.  You will also usually have more limited functionality with non-HP printers."

I know snmp has to be setup up and I know that non-hp printers will have limited functionality under HP WebJetAdmin, but what I reeeeeeeaaaaaly want to know ,is there some software out there is the World Wide WEb the will help me with this process without going to the AD guys to give me domain admin rights. Remember, I am in a Workgroup envirionment as I maintain and manage the member machines here at the BGCMC, and we outsource the Active Directory to a third party small business vendor (its a politcal thing).I will eventually have complete control over everything and at that point my life becomes very simple.

in summary all I want to know is :

1.

How can I get all the printers in the screenshot above, to be seen in Jet WebAdmin

2.

Is there another Workgroup Solution

3.

Should I simply keep trying to script this via vbscript/wmi classses

If I use scripting , I am able to enumerate all of the machines in the WORKGROUP and subsequently thier printers. Then I can use the WMI WIN32_PRINTER CLASS to tell me about issue surrounding toner low, paper james, etc....

This is all that I want, to be able to at a minimum see the conditions via one console with Jetadmin or other software, or simply script it. Does this clear things up experts as to what my real needs are??
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 
LVL 7

Assisted Solution

by:eerwalters
eerwalters earned 300 total points
ID: 39202914
The physical printers and Active Directory (or Workgroup) really have little to do with each other.  You can manage all of the printers themselves and not even be a domain user (or a member of a workgroup).  The key is knowing the SNMP and web passwords on each printer to manage them.    

  If you know (or can get) the TCP/IP subnets of your network, just setup WebJetAdmin to do a Discovery.  It will check every IP address in each subnet that you specify and import all of the printers that it finds into HPWJA.
  That is the best way to add devices into HPWJA as it will also find any printers that have been replaced or if their IP addresses have changed since the last scan, etc.

 Example:
     If I know that printerA has a TCP/IP address of 192.168.1.55, then I would setup an IP Range scan of all IP addresses from 192.168.1.1 thru 192.168.1.254 to locate other printers on that subnet. (You could find the IP address of any PC and then scan that range for printers too)

To Perform a Discovery by IP Range
   1- Open WJA
   2- Click on "Discovery" in the left pane
   3- Click on "Discovery devices on my network" in the right pane
   4- Click "Specify Settings"
   5- Click the box next to "IP Range"
   6- Click "Next"
   7- Click "Add"
   8- Enter the first address of the range Ex: 192.168.1.1
   9- Enter the last address of the range Ex: 192.168.1.254
 10- Enter a Description of the range, if desired
 11- Click "Add"  
 12- Repeat steps 8-11 if you have other ranges you wish to setup
 13- Click "Close"
 14- Put a check mark next to each range that you wish to scan in this Discovery
 15- Click "Next"
 16- Click "Specify credentials to use for this discovery"
 17- Click the box next to "Use global credentials"
 18- Click "Next"
 19- Click "Start"

Once the scan is completed, you will see all devices that were found in the scanned range(s).

Once you have specified an IP Range to scan, you can use it for future scans or even add that range to a Template to simplify future scans.  
    Ex:  I've got 20 subnets at one site so I add them to a Template called Site A. The next time that I want to do a Discovery there, I don't have to manually isolate those 20 subnets from all of the others that I've created as I can just choose the Site A Template for the Discovery and all 20 subnets will be scanned.
0
 

Author Comment

by:BLACK THANOS
ID: 39203371
I must be doing something wrong , becuase if you look at the screenshots I gave at the beginning of the thread, I did in fact do an ip range. jet admin only found 10 devices out of that long list in terminal services printer list. I even know the port numbers, ip ranges, etc,


I will follow your directions above eerwalters and see the results I get.

Regards,
Regis T. Hyde
0
 
LVL 38

Assisted Solution

by:Herman D'Hondt
Herman D'Hondt earned 200 total points
ID: 39204135
Are all those printers on the same subnet - your long list does not show IP addresses? The fact that you are using 10.0.x.x. implies you are using multiple subnets. Make sure you tell WJA to check all your subnets.

An alternative to WJA is Xerox's CentreWareWeb. I know it treats all printers the same, regardless of brands and will find them on multiple subnets - but then, I'm sure WJA does too.
0
 
LVL 7

Expert Comment

by:eerwalters
ID: 39204331
The screenshot shows printers that would have been found in a scan of 10.0.1.1 thru 10.0.1.254. Thus, we have a few conclusions based on the screenshot.
   1- The printer IP addresses were discovered manual entry
   2- The other printers do not reside on the 10.0.1 subnet
   3- SNMP is not enabled on the other printers (or is being restricted)
   4- The full subnet of 10.0.1.1 thru 10.0.1.254 was not scanned

Options:
   1- See if you can obtain a list of the other subnets from your network team and scan those
   2- Call someone who is near (or go visit) one of the missing printers and print off a config page
       a- It will show you it's TCP/IP address so you can scan that subnet
       b- It should show if SNMP is disabled
0
 

Author Comment

by:BLACK THANOS
ID: 39205931
Did all of which you suggested before hand eerwalters.
all of the printers are on the 10.0.1.x subnet.
I did a full scan via WJA and I simply am not getting those printers.
I thinks snmp is not turned on. I am going to run a WMI script to check this as I do not want to walk to each printer and print test page and I dont want to go through the printer list look each port. Wmi will give thid information in minutes instead taking hours to do either of the other ways. I am a scripter because I am lazy and have a bad back, so I can walk long distances.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now