Andrew N. Kowtalo
asked on
Restrict network printer to only allow 2 people to print to it
Quick issue.
Currently one of my clients has a printer in the CEO's office that everyone has the ability to print to. The printer is not shared on the network so I am unsure how the printers are being added to the workstations, perhaps some clever people here that know how to manually map to it.
What is the best practice to only allow 2 people to access the printer?
What I did was share the printer on the network, and removed everyone from the security tab under printer properties. I then just added the 2 users that need it since they are on the domain. My only worry is 1 user is a mac user and will the policy reach her mac machine allowing her to print? I guess I need to test it out from another machine to ensure noone else can. But I wanted thoughts if what I did was not 100% and perhaps there is a better recommendation.
Currently one of my clients has a printer in the CEO's office that everyone has the ability to print to. The printer is not shared on the network so I am unsure how the printers are being added to the workstations, perhaps some clever people here that know how to manually map to it.
What is the best practice to only allow 2 people to access the printer?
What I did was share the printer on the network, and removed everyone from the security tab under printer properties. I then just added the 2 users that need it since they are on the domain. My only worry is 1 user is a mac user and will the policy reach her mac machine allowing her to print? I guess I need to test it out from another machine to ensure noone else can. But I wanted thoughts if what I did was not 100% and perhaps there is a better recommendation.
What is the make & model? Many business grade printers have embedded utilities that can be used to help with this.
ASKER
HP LaserJet 400 color M451dn
It doesn't have to be shared, If it's connected to the network it'll be seen. If not wired, check wireless (DHCP can be a PITA)
You might want to make sure WDS is disabled too
Put it in a DMZ and Block all traffic to and from the printer in relationship to the LAN
Then create an allowance rule for the two users (IP's) you want to be able to use it
You might want to make sure WDS is disabled too
What is the best practice to only allow 2 people to access the printer?
Put it in a DMZ and Block all traffic to and from the printer in relationship to the LAN
Then create an allowance rule for the two users (IP's) you want to be able to use it
ASKER
The printer is hardwired statically. Can you explain how to do the second part of your answer?
What type of firewall does the site have?
Sonicwall, fortinet etc
Sonicwall, fortinet etc
Separate the BOD network, then you can use Access List to block other networks for connecting to the printer
The printer is not shared on the network so I am unsure how the printers are being added to the workstations, perhaps some clever people here that know how to manually map to it.It has an IP address on the network. Not very hard to locate a printer connected to a network.
The printer is hardwired statically.Not a matter of cleverness. Some utilities search a network for all of the printer located on it.
Create a VLAN for just the printers. Have a print server in place. If users are only able to communicate with the print server, then you can do your restrictions there for any of the printers that you have it set up to share out.
ASKER
This is a very small infrastructure I am almost positive there is no print server in place at all. That is a good idea I am going to keep this open for now.
Yes, unfortunately nothing in the printer's embedded web server that will help, so having it in a separate IP range only visible to a VLAN for the two chosen users would be a good fix. If the infrastructure is as small as you suggest and the users are geographically close could you simply turn one PC into the "print server" and share the connection just to those two accounts?
ASKER
MASQ I wonder how hard it would be to setup a print server on 2012
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.