Printer properties

[cookie_monster]

I'd like to allow students to see the printers and faxes control panel option so they can view and delete their work from the print queue but i don't like how much info they can see about the print server when they look in properties. If they open printers and faxes then select properties of a printer on the print server they can select the ports tab and view the share name of every printer on the server. They can then use this name to connect to some of them using a browser and some of the HP printers only password protect against changes not viewing settings.

Anyone know how to prevent this or am i back to hiding printers and faxes?

[Michael]

On the server, right click the printer, choose Properties and then the Security tab. Add the students group (whatever you've called it) and tick (to enable) Print and Manage Documents only. Leave Manage Printers unticked.

Students can then print and delete their documents in the queue, but cannot change any of the settings on the printer properties as it'll all be greyed out.

[cookie_monster]

All of our printers have 'print' only for the users group i only add manage documents for teachers as the owner (student) has ownership over their own jobs and so can delete them anyway.

This isn't really the issue it's if they view properties of a printer on the print server they can select the ports tab and view the share name of every printer on the server.

[Michael]

That's a little strange because it should be greyed out. It all comes under Manage Printers. I suppose you could try forcing Deny if you haven't already?

[maniac]

All of our printers have 'print' only for the users group i only add manage documents for teachers as the owner (student) has ownership over their own jobs and so can delete them anyway.

This isn't really the issue it's if they view properties of a printer on the print server they can select the ports tab and view the share name of every printer on the server.

I've never been worried if students know IP numbers or share names for things around this school, as I'm very careful with security when we set things up, so even if they have the share name of a printer they're not supposed to know about, they can't access it because the students group is specifically denied on the access list. All my printers actually have a label with the IP number and share name on the front of the printer anyway!
It makes it so much easier when we move things around the building!. They don't have access to add printers so it's impossible for them to print to printers that havn't been mapped by logon scripts etc.

Mike

[cookie_monster]

@ Michael: it is all greyed out but they can still view the information i'd just prefer that they couldn't. I can't deny them access as they then can print.


@ maniac: all of the printer are password protected but some of the HP printers allow you to see quite a bit of info and only askes for the password if you try to make changes. Again it's just handing out more info to the casual browser than i would like.

They don't have access to add printers so it's impossible for them to print to printers that havn't been mapped by logon scripts etc

Surely then could just use Network.AddwindowsPrinterConnection "\\server\printer" and then print to it.


As i say it's not world ending stuff but i'd prefer that it wasn't available to them.

[Michael]

@ Michael: it is all greyed out but they can still view the information i'd just prefer that they couldn't. I can't deny them access as they then can print.

I meant just force Deny Manage Printers, so they can still print but not manage the printers, so it'll all be greyed out. As for hiding that information altogether, I don't believe it's possible. I think it's just how Windows has been designed, and I take your point about security. I seem to come across networks that have never heard of the word security!

[cookie_monster]

I think that was more a misunderstanding they don't have manage permissions they only have print so i don't think deny will be necessary, i just don't think i explained it very well.

Cheers.