Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Limit printer permissions to specific computers

Posted on 2013-12-12
8
Medium Priority
?
2,658 Views
Last Modified: 2013-12-12
I host all of my printers from a Server 2012 R2 print server, in an Active Directory environment.  I use standard printer deployment via Group Policy to deploy the correct printers to the proper computers.

I have a lab with computers and a printer.  I want to limit printing to this printer to ONLY the computers that are in the lab.  Basically, I don't want a user on a computer outside the lab to be able to manually add this printer and print to it.  I know I can limit printing to a printer based off of a group of users, but I haven't had any success doing it with a group of computers.  Right now, I have removed the printer from being listed in the directory, which helps, but I have some pretty savvy users who would try to connect to the printer from the computer at their desk once they saw the printer share name.

Is it possible to do what I'm asking?
0
Comment
Question by:JaybirdOSU
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 13

Expert Comment

by:Alex Green
ID: 39714193
Remove it from the AD directory, right click the printer, under sharing, list in directory, untick that.

Then if you really want, you can add just the computer accounts to the printer object rather than the user accounts.
0
 
LVL 14

Expert Comment

by:Ram Balachandran
ID: 39714200
You can configure a GPO for all user to prevent installation of Printer Drivers
Devices: Prevent users from installing printer drivers

If there is a support team, you can create  group add support members for installing printers.

http://technet.microsoft.com/en-us/library/jj852204.aspx

else, as printer is connected to network anyone can install printer driver and configure it by giving IP address
0
 
LVL 7

Expert Comment

by:eerwalters
ID: 39714202
Yes, I would recommend:
  1- Setup the printer on your print server as you have specified and limit access to it
  2- Connect to the printer
        a- disable all unnecessary protocols
        b- lock down the printer so only the print server (and maybe an Admin PC) can access it

Please provide the make/model of the printer and I can provide more specific details.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:JaybirdOSU
ID: 39714211
This is an HP Color LaserJet 4700.
0
 
LVL 18

Accepted Solution

by:
Emmanuel Adebayo earned 1200 total points
ID: 39714233
This is not to be possible. Printing is handled based on the User's access, not the device's access.
When a user initiate a print process, they access the print-share with their own security credentials. The Workstation's credentials are no part of that transaction.

Are you using single subnet? I would have sugegsted that you get another subnet/VLAN for your lab.

Regards
0
 
LVL 12

Assisted Solution

by:piattnd
piattnd earned 800 total points
ID: 39714245
Users authenticate to printers, not computers.  If you only have a few computers in the lab, remove the printer from the directory and manually connect the printer to those computers.
0
 
LVL 1

Expert Comment

by:dbeirne
ID: 39714262
AD tends to restrict access based on user accounts, rather than computers. You might be be able to restrict it through the printer configuration.

What type of printer is it? Most will have the ability to limit printing by IP address. It is usually a setting within the printer software. This way you could only allow access by the systems in the lab. If you have DHCP setup, you may also be able to restrict via MAC address.
0
 
LVL 7

Expert Comment

by:eerwalters
ID: 39715608
If you remove the printer from AD and manually assign it to the PCs in the Lab, that still doesn't keep others from printing to it outside of the lab as long as the lab VLAN/IP segment is accessible.  All that I need is to obtain the IP address of the printer by printing a config page.  

  If you only want PCs in that lab to print to the designated printer and do not care what users do so, then you have a few choices.  

  However, I see that this question is closed and will assume that you no longer want to pursue the issue.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question