How to set default printer permissions on all AD printers

[allan_pheiffer]

Our client have requested permission to manage documents on theire AD
integrated printers. Default access assigned to printers are

Administrators: Print, manager Printer, Manage Documents
CREATOR OWNER: Manage Documents
Everyone: Print
Power Users: Print, manager Printer, Manage Documents

How do I grant Manage Documents permission to all printers as default -
without changing i manually on all printers?

 

[Alan Morris [MSFT]]

this is a per server basis. It's been a while since someone has asked for
this.

The resource kit has a tool setprinter.exe where you can set all the
security descriptors the same for all printers. Basically you need to
configure one printer using the UI with the changes, then read the
descriptor, then set all the printers the same.

config "PrinterName" with UI
To see current settings:
SetPrinter -show PrinterName 3

To change security settings (see "Security Descriptor String Format" in MSDN
or SDKdocs for details)
:
*** WARNING: this could make the print queue inaccessable and require the
use of a registry editor to fix ***
SetPrinter PrinterName 3
"pSecurityDescriptor=O:BAGUDA;CIIO;RC;;;CO)(A;OIIO;GA;;;CO)(A;;SWRC;;;WD
)(A;CIIO;GX;;;WD)(A;;LCSWSDRCWDWO;;;BA)(A;OICIIO;GA;;;BA)(A;;LCSWSDRCWDWO;;;
PU)(A;OICIIO;GA;;;PU)"

To leave the settings unchanged (but what's the point then):
SetPrinter PrinterName 3 "pSecurityDescriptor=NULL"

here's the resource kit.
http://www.microsoft.com/downloads/...69-57ff-4ae7-96ee-b18c4790cffd&DisplayLang=en
--


--
Alan Morris
Windows Printing Team
Search the Microsoft Knowledge Base here:
http://support.microsoft.com/default.aspx?scid=fh;[ln];kbhowto

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[allan_pheiffer]

If you wan't to set the security for all the printers on the server what
do you the do with the O: and G: parameter.

What does "=O:BAGU" from your example do? Is that to be used with
"SetPrinter \\ServerName 3 "pSecurity........."

 

[Alan Morris [MSFT]]

No clue. You need to get your security descriptor from your printers.

--
Alan Morris
Windows Printing Team
Search the Microsoft Knowledge Base here:
http://support.microsoft.com/default.aspx?scid=fh;[ln];kbhowto

This posting is provided "AS IS" with no warranties, and confers no rights.