[THIN] Re: Come back in time with me - MF 1.8 Printer drivers
- From: "Rick Mack" <Rick.Mack@xxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Thu, 21 Oct 2004 21:00:32 +1000
Hi Michael,
Wrote the following for a customer a while ago for NT 4.
Might be a bit more elegant than just screwing up kernel mode (in NT 4.0
EVERYTHING is kernel mode) printer driver additions.
It's important to be able to control which printer drivers are loaded and used
on Metaframe servers. While the default behaviour uses automatic installation
of drivers and allows driver installation by non-admin users, this can be
modified so that driver installation is restricted to administrators only,
and/or from a safe printer driver source only.
Four registry entries, under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
\Control\Print\ LanMan Print Services\Servers control how printer drivers are
installed on NT systems (NT 4.0 SP5/6).
AddPrinterDrivers, reg_dword, a value of 1 indicates that drivers will NOT
be automatically installed as needed.
EnablePrinterSecurity, reg_dword, controls who can add printer drivers. A value
of 1 indicates that only admins can install printer drivers. However if
LoadTrustedDrivers is set to 1 then if EnablePrinterSecurity is set to " 0",
then the client looks for drivers in TrustedDriverPath\2 folder. When it is set
to " 1", it (admin only) looks for drivers under TrustedDriverPath.
LoadTrustedDrivers, reg_dword, a value of 1 indicates that drivers can be
installed only from the trusted print server location specified by the
TrustedDriverPath value.
TrustedDriverPath, reg_expand_sz, defines the location of the appropriate
trusted printer driver share. Eg \\server1\pdrivers
<file:///\\server1\pdrivers> . It is possible to use locally stored printer
drivers by using \system32\spool\drivers\w32x86 as the driver location.
Some examples are:
AddPrinterDrivers=0
LoadTrustedDrivers=1
EnablePrinterSecurity=0
TrustedDriverPath:\\printserver\print$
In this case, for any user, the client automatically gets the driver from
\\printserver\print$\2 <file:///\\printserver\print$\2>
AddPrinterDrivers=0
LoadTrustedDrivers=1
EnablePrinterSecurity=1
TrustedDriverPath=REG_EXPAND_SZ:\\printserver\print$\
In this case, the client (admin only) gets the driver from
\\printserver\print$\w32x86 <file:///\\printserver\print$\w32x86>
AddPrinterDrivers=1
LoadTrustedDrivers=0
EnablePrinterSecurity=1
TrustedDriverPath=
In this case, no automatic driver installation occurs for anyone, and only
admins can install drivers manually.
regards,
Rick
Ulrich Mack
Volante Systems
________________________________
From: thin-bounce@xxxxxxxxxxxxx on behalf of Pardee, Michael P.
Sent: Thu 21/10/2004 8:49 PM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: Come back in time with me - MF 1.8 Printer drivers
Thanks Rick. I'll make the assumption that I should be able to get away with
it in NT4 as well then, since it is version-2 drivers. I wouldn't have done
the permissions at the file level, but we'll add that in to the testing.
What kind of errors do users see in this setup?
________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]
Sent: Thursday, October 21, 2004 6:41 AM
To: thin@xxxxxxxxxxxxx
Subject: RE: [THIN] Come back in time with me - MF 1.8 Printer drivers
Hi Michael,
That's what I now do in my TS policy (for win2k not needed for win2k3) and also
with the drivers\w32x86\2 directory made read only to boot.
regards,
Rick
Ulrich Mack
Volante Systems
________________________________
From: thin-bounce@xxxxxxxxxxxxx on behalf of Pardee, Michael P.
Sent: Wed 20/10/2004 9:55 PM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Come back in time with me - MF 1.8 Printer drivers
I am trying to prevent unwanted print drivers from loading on NT4/MF1.8
servers. Could it be as simple as restricting write access to the registry
key HKLM\System\CurrentControlSet\Control\Print\Environments\Windows NT
x86\Drivers\Version-2 key?
The BSODs have started making a comeback and I'd like to end this for good.
Thanks in advance.
> Michael Pardee
>
Email Confidentiality Notice: The information contained in this transmission
is confidential, proprietary or privileged and may be subject to protection
under the law, including the Health Insurance Portability and Accountability
Act (HIPAA). The message is intended for the sole use of the individual or
entity to whom it is addressed. If you are not the intended recipient, you
are notified that any use, distribution or copying of the message is
strictly prohibited and may subject you to criminal or civil penalties. If
you received this transmission in error, please contact the sender
immediately by replying to this email and delete the material from any
computer.
********************************************************
This Weeks Sponsor RTO Software
Do you know which applications are abusing your CPU and memory?
Would you like to learn? -- Free for a limited time!
Get the RTO Performance Analyzer to quickly learn the applications, users,
and time of day possible problems exist.
http://www.rtosoft.com/enter.asp?id=320
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
#####################################################################################
This e-mail, including all attachments, may be confidential or privileged.
Confidentiality or privilege is not waived or lost because this e-mail has been
sent to you in error. If you are not the intended recipient any use, disclosure
or copying of this e-mail is prohibited. If you have received it in error
please notify the sender immediately by reply e-mail and destroy all copies of
this e-mail and any attachments. All liability for direct and indirect loss
arising from this e-mail and any attachments is hereby disclaimed to the extent
permitted by law.
#####################################################################################
Email Confidentiality Notice: The information contained in this transmission is
confidential, proprietary or privileged and may be subject to protection under
the law, including the Health Insurance Portability and Accountability Act
(HIPAA). The message is intended for the sole use of the individual or entity
to whom it is addressed. If you are not the intended recipient, you are
notified that any use, distribution or copying of the message is strictly
prohibited and may subject you to criminal or civil penalties. If you received
this transmission in error, please contact the sender immediately by replying
to this email and delete the material from any computer.
#####################################################################################
This e-mail, including all attachments, may be confidential or privileged.
Confidentiality or privilege is not waived or lost because this e-mail has been
sent to you in error. If you are not the intended recipient any use,
disclosure or copying of this e-mail is prohibited. If you have received it in
error please notify the sender immediately by reply e-mail and destroy all
copies of this e-mail and any attachments. All liability for direct and
indirect loss arising from this e-mail and any attachments is hereby disclaimed
to the extent permitted by law.
#####################################################################################
Other related posts:
