windows2000 printer sharing - configuration distribution ?

  • Thread starter Thread starter Copo
  • Start date Start date
C

Copo

Hi,

I have serveral printers on different client subnets (for different
department, as they have different security requirement) which equipped with
HP JetDirect TCP/IP printing enabled. I have added those printers on a
Windows2000 Server, which add a TCP/IP port pointing to the JetDirect
configured IP for each printer(firewall only permit TCP 9100 from Server to
printer, other client subnets don't have access to others' TCP 9100 port),
and share them out for client access.

Clients which is in the same subnet are able to print to their local
printer, but not able to print to others, so I go to check the client's
configuration. A user have added a printer on another subnet (department),
that printer can be found on the server and can be added, but for the
printing port, it print directly to the JetDirect's IP, which is blocked by
the firewall.

Isn't the client print to the server's share name ? Such as \\server\printer
? Why the client print diret to the printer's IP ? I have tried to change
the configuration on the server and the client change also, seems the server
distributing the setting whenever it change.

Is that the default TCP/IP printing behavior in Windows2000 ? Any hints will
be greatly appriciate. Thanks.
 
You may be getting confused because when you look at the properties of a
"Network Printer" on a Windows 2000 (or later) client, you are actually
looking at the properties on the server, not the properties on the client.
There are no corresponding "properties" on a Windows 2000 client.

If the "printer" is truely a "Network Printer", in the Printers folder, the
"Name" will be something like "printername on servername".

For "Network Printers", the print stream goes from the client to the print
server, then to the print device (via the printer's JetDirect in your case).
For this to work, if there is an intervening firewall, the firewall (on the
print server side) must allow incoming connections on the Microsoft
Networking ports:

TCP 139 and 445
UDP 137, 138 and 445

See http://www.microsoft.com/security/protect/ports.asp.
 
I have all the ports you mentioned open frlom client subnet to server
subnet. The access control of firewall is very strict but we have opened all
necessary ports which mentioned in Microsoft Support documents for an Active
Directory enviornment.

What I raised this question because I cannot print to the printer which is
in different, and I saw the properties of the printer was some kind of IP
stuffs makes me guess the server was not spooling the printing request. I
have just try again to print to printer which is on another subnet and make
sure the JetDirect port (TCP 9100) is only accessible by the server, it
works now.

Thanks.
 
Back
Top