[windows2000] Re: Printing Permissions Strategy

  • From: "Alfonso Lopez de Ayala" <alopezdeayala@xxxxxxxxxxxx>
  • To: <windows2000@xxxxxxxxxxxxx>
  • Date: Tue, 15 Oct 2002 15:12:57 -0700

The way I do it is: 
 - Printers are published in Active Directory (AD)
 - Each AD Site has a Group Policy Object (GPO) that assigns a logon
script
 - The logon script connects the user to (only) the closest printer(s)

Note: since the sites have multiple floors, the logon script on each
site actually connects to the closest printer(s) depending on the
specific computer name the user is logging on to.

Caveat: while this prevent ACCIDENTAL printing to a remote printer it
does not prevent the user from INTENIONALLY connecting to those printers
manually thru the Control Panel (but the user's ability to do this could
easily be restricted as well thru Group Policy if wanted).

Hope this helps!

Alfonso
 
-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Greg Reese
Sent: Tuesday, October 15, 2002 2:11 PM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: Printing Permissions Strategy


I use kix to do something similar for users but the difference is that =
they do not move around on me.  The process is driven by Windows group =
membership. if they are a member of a group, then get certain printers =
created, if they are a member of a different group, they get different =
printers.

If your wan has different subnets, you might be able to do the same =
thing based on what the client IP address is.  That way they only get =
the printers on that subnet.  I think Kix will let you do this but I =
have never done it myself.

They would still be able to manually add and use a different printer if
=
they know how to get to it but this would stop a whoops from happening =
to the wrong location.

I hope that makes sense.  I can help you with the printer creation and =
defaulting in Kix if someone else knows how to check the ip address.

more info at www.kix.org

Greg

-----Original Message-----
From: Jason Fiegel [mailto:jason@xxxxxxxxxxxxx]
Sent: Tuesday, October 15, 2002 3:40 PM
To: windows2000@xxxxxxxxxxxxx
Cc: Jason S. Fiegel
Subject: [windows2000] Printing Permissions Strategy



I am in the middle of a canundrum that stretches my abilities and
understanding of Windows 200 Security Structures.

I run a 6 site Windows 2000 Native Mode environment.  All sites are WAN
linked, and have at least their own Domain Controller -- we are =
currently
(and intend to continue to be) running a single Domain.

I have a request from a high level executive to "secure" printers and
printing.
While all users are mobile with laptops and between sites, the goal is =
to
limit users to the following:

"Any User MAY ONLY print where he is *currently* sitting."

I have entertained various solutions -- including scripting for =
permissions
and printer packet filtering.

Can any of you offer thoughts on the best solution?
The goal, of course, is to restrict accidental printing of sensitive
documents to remote printers.

Many thanks.
Jfiegel



=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm


==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

Other related posts: