However, the user/machine would need to be in that OU... You would have = to be constantly mving users. Joe -----Original Message----- From: Alfonso Lopez de Ayala [mailto:alopezdeayala@xxxxxxxxxxxx] Sent: Tuesday, October 15, 2002 3:13 PM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: Printing Permissions Strategy The way I do it is:=20 - Printers are published in Active Directory (AD) - Each AD Site has a Group Policy Object (GPO) that assigns a logon script - The logon script connects the user to (only) the closest printer(s) Note: since the sites have multiple floors, the logon script on each site actually connects to the closest printer(s) depending on the specific computer name the user is logging on to. Caveat: while this prevent ACCIDENTAL printing to a remote printer it does not prevent the user from INTENIONALLY connecting to those printers manually thru the Control Panel (but the user's ability to do this could easily be restricted as well thru Group Policy if wanted). Hope this helps! Alfonso =20 -----Original Message----- From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx] On Behalf Of Greg Reese Sent: Tuesday, October 15, 2002 2:11 PM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: Printing Permissions Strategy I use kix to do something similar for users but the difference is that = =3D they do not move around on me. The process is driven by Windows group = =3D membership. if they are a member of a group, then get certain printers = =3D created, if they are a member of a different group, they get different = =3D printers. If your wan has different subnets, you might be able to do the same =3D thing based on what the client IP address is. That way they only get = =3D the printers on that subnet. I think Kix will let you do this but I =3D have never done it myself. They would still be able to manually add and use a different printer if =3D they know how to get to it but this would stop a whoops from happening = =3D to the wrong location. I hope that makes sense. I can help you with the printer creation and = =3D defaulting in Kix if someone else knows how to check the ip address. more info at www.kix.org Greg -----Original Message----- From: Jason Fiegel [mailto:jason@xxxxxxxxxxxxx] Sent: Tuesday, October 15, 2002 3:40 PM To: windows2000@xxxxxxxxxxxxx Cc: Jason S. Fiegel Subject: [windows2000] Printing Permissions Strategy I am in the middle of a canundrum that stretches my abilities and understanding of Windows 200 Security Structures. I run a 6 site Windows 2000 Native Mode environment. All sites are WAN linked, and have at least their own Domain Controller -- we are =3D currently (and intend to continue to be) running a single Domain. I have a request from a high level executive to "secure" printers and printing. While all users are mobile with laptops and between sites, the goal is = =3D to limit users to the following: "Any User MAY ONLY print where he is *currently* sitting." I have entertained various solutions -- including scripting for =3D permissions and printer packet filtering. Can any of you offer thoughts on the best solution? The goal, of course, is to restrict accidental printing of sensitive documents to remote printers. Many thanks. Jfiegel =3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D= 3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D =3D3D=3D =3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D=3D3D To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm