Tip

Controlling the appearance of printers in Active Directory

James Michael Stewart, Contributor

Your company has just purchased and deployed a high-end full-color printer and a high-speed black-and-white publishing center that can print, bind and sort 20 copies of 500 pages each in less than 10 minutes. After the first month, you discover that your printing supply costs are astronomical. A quick audit of the activity on the printer reveals that many users are printing personal or non-essential items to the color printer and accidentally printing 20 bound copies of reports when they only needed one.

After a memo declaring the new printers off-limits to everyone but the accounting and PR department, you realize that the only way to prevent abuse of the printers is to restrict access.

Active Directory provides a way to hide the printer from all non-authorized users. First, it requires that the authorized users be placed in a domain, site or OU without any other unauthorized printer users. Next, create a group policy for that container. In this GPO, open the Printers section of the Administrative Templates in the Computer Configuration section. Set the Allow Printers to be Published option to Enable.

Next, change this same control on all other GPOs to Disable. Finally,

Requires Free Membership to View

rename the printer shares for the new printers.

It should be obvious that this exercise will simply hide the shared printer name so no one outside the specific container where the enable GPO is applied can see the printer name. You should always define permissions on the printer share to only those users who are authorized to use it. That way you can foil the efforts of those savvy users who figure out the new correct UNC name for the printer share and attempt to map to it.


James Michael Stewart is a researcher and writer for Lanwrights, Inc.

This was first published in June 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.