Quick question,

We are currently running a Win2k LAN accross site at work. At the moment printers all publish themselves in Active Directory and users have to select the desired printer when they want to print a document. As a result a user has the option to print to any printer anywhere accross site http://www.sysopt.com/forum/frown.gif

Is it possible to configure the system to give fixed groups of workstations access to only their own network printer and prevent any other workstations printing to it?

This would be very useful as I work in education & the kids keep printing stuff out on different printers all over the school, including the staff-room http://www.sysopt.com/forum/smile.gif

TIA

Eddy

Maybe a group profile added to each user as they log on the first time would come in handy. You can define the printers they have access to in the profile. Each building could have it's own group.

Thanks for the response, thats was what I was thinking http://www.sysopt.com/forum/smile.gif

Has anyone else had much experience with printing over Win2k networks?

TIA

Eddy

I understand the idea but what if a user working on the 3rd floor went up to the 4th, wouldn't they print to the printer back on the 3rd floor? This is what I am attempting to avoid . Is it possible to lock a specific printer to a set range of machines regardless of user?

Thanks for the help.

Regards

Eddy

Yes, it is.
Example:
PC 1 can only print to printer 1
PC 2 can only print to printer 2
But I honestly cannot remember who to do it. If you want to email me, I will look it up later tonight and send you the info on how to do it.
---edwelly

That would be great if you could dig out some info http://www.sysopt.com/forum/smile.gif

YGM

TIA

Eddy

I would recommend separate GPO’s and then put the users under a specific GPO.
For example: 1st floor users would be put into a GPO for the 1st floor, 2nf floor users in a GPO for 2nd floor users, etc.
That way, you don’t have 100’s of GPO’s, just 3 or 4 with all of your users in one of those.
Remember though, if you put a user in multiple GPO’s, if you deny something in one of the GPO’s, it will override all other accesses.
Hope this helps.
---edwelly

Okay, here is 2 different scenario’s from 2 different people:
1. Create a group that doesn't allow users to add printers and put all of the users in that group. Specify only 1st floor PC's use 1st floor printers and do the same for level 2 and 3.
2. To ensure they can only print to specified printers, the best
way would be create a domain local group for each printer and assign the
print permission and then create a global group based on the membership
you want to print to each appropriate printer and add the global group
to the appropriate domain local group assigned to said printer...i.e.
create a first floor domain local group, give that group print
permissions to the first floor printer, create a first floor global
group, add the users from first floor you want to print to the first
floor printer, then add the first floor global group to the first floor
domain local group- remember to remove (not deny- this is very
important) the everyone group and authenticated users from the first
floor printers permissions- this will lock down that printer and use
this example, replacing the users, groups, and printer with the
appropriate floor you are trying to lock down.
Remember, by doing this you are definitely locking down the printers so
that ONLY the people you give permission to may print to them.
If a user doesn't have print permission to a printer they won't be able
to add it- if they are able to add it then they are a member of a group
that snuck by you.
I really hope this helps http://www.sysopt.com/forum/wink.gif
LMK If I can help any more
---edwelly