[THIN] Re: stop new "trusted" print drivers
- From: "Mack, Rick" <Rick.Mack@xxxxxxxxxxxxxx>
- To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
- Date: Thu, 1 Apr 2004 08:36:06 +1000
Hi Pavlo,
This was addressed initially in NT 4.0. Can't find the KB article at the
moment but this is something I wrote a while ago. Should still be current.
----
It is important to be able to control which printer drivers are loaded and
used on Metaframe servers. While the default behaviour uses automatic
installation of drivers and allows driver installation by non-admin users,
this can be modified so that driver installation is restricted to
administrators only, and/or from a safe printer driver source only.
Four registry entries, under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
\Control\Print\ LanMan Print Services\Servers control how printer drivers
are installed on NT systems.
AddPrinterDrivers, reg_dword, a value of 1 indicates that drivers will
NOT be automatically installed as needed.
EnablePrinterSecurity, reg_dword, controls who can add printer drivers. A
value of 1 indicates that only admins can install printer drivers. However
if LoadTrustedDrivers is set to 1 then if EnablePrinterSecurity is set to "
0", then the client looks for drivers in TrustedDriverPath\2 folder. When it
is set to " 1", it (admin only) looks for drivers under TrustedDriverPath.
LoadTrustedDrivers, reg_dword, a value of 1 indicates that drivers can
be installed only from the trusted print server location specified by the
TrustedDriverPath value.
TrustedDriverPath, reg_expand_sz, defines the location of the
appropriate trusted printer driver share. Eg \\server1\pdrivers. It is
possible to use locally stored printer drivers by using
\system32\spool\drivers\w32x86 as the driver location.
Some examples are:
AddPrinterDrivers=0
LoadTrustedDrivers=1
EnablePrinterSecurity=0
TrustedDriverPath:\\printserver\print$
In this case, for any user, the client automatically gets the driver from
\\printserver\print$\2
AddPrinterDrivers=0
LoadTrustedDrivers=1
EnablePrinterSecurity=1
TrustedDriverPath=REG_EXPAND_SZ:\\printserver\print$\
In this case, the client (admin only) gets the driver from
\\printserver\print$\w32x86
AddPrinterDrivers=1
LoadTrustedDrivers=0
EnablePrinterSecurity=1
TrustedDriverPath=
In this case, no automatic driver installation occurs for anyone, and only
admins can install drivers manually.
------
Regards,
Rick
Ulrich Mack
rmack@xxxxxxxxxxxxxx
Volante Systems
18 Heussler Terrace, Milton 4064
Queensland Australia.
tel +61 7 3246 7704
-----Original Message-----
From: Pavlo Ignatusha [mailto:pignatusha@xxxxxxxxxxxxx]
Sent: Thursday, 1 April 2004 6:07 AM
To: Org Thin (E-mail)
Subject: [THIN] stop new "trusted" print drivers
Hi group,
I'm trying to stop new "trusted" drivers from being installed on my citrix
servers. I renamed ntprint.inf to ntprint.old as per www.printingsupport.com
tip but I still see new drivers coming in. What else can I do to stop it?
Thanks,
Pavlo Ignatusha
Systems and Network Coordinator
Pembroke General Hospital
Tel. (613) 732-3675 ext.6150
Fax. (613) 732-9986
www.pemgenhos.org
"All that matters is love and work" - Sigmund Freud.
********************************************************
This weeks sponsor Emergent Online.
Emergent OnLine is the leading server-based computing consulting integration
firm in the nation. Emergent OnLine delivers expert
consulting services you can depend on.
http://www.go-eol.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This weeks sponsor Emergent Online.
Emergent OnLine is the leading server-based computing consulting integration
firm in the nation. Emergent OnLine delivers expert
consulting services you can depend on.
http://www.go-eol.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
Other related posts:
