Configure and Troubleshoot Access to Resources (part 2) - Printer Sharing

3/13/2011 10:22:12 PM

Printer Sharing

Another common network resource is the shared printer. This functionality of sharing printers is provided by the Server service (File and Printer Sharing) on a Vista computer. Printers are not shared by default and must be configured properly to be shared. The printer must be installed on the host computer. Once the printer is shared, the host computer is called the Print Server.

You install and share printers by using the Printers applet in the Control Panel, as shown in Figure 3.

Figure 3. The Brother printer is shared to network users, the Apollo printer is not shared, and the HP LaserJet is the Default printer.

To install a new printer, simply right-click in the whitespace in the right pane and select Add Printer.

When the printer is installed, you can share it on the Sharing tab of the printer’s properties. Check the Share This Printer check box, as shown in Figure 4.

Figure 4. To share the Apollo printer, check the Share This Printer check box on the Sharing tab of the printer’s properties.

The default permissions for a shared printer is Allow—Print for the Everyone group. This setting is typically considered nonsecure and should be tightened to Allow—Print for the Authenticated Users group in the worst case. You should allow only the least number of users required to print on this printer. Remember to always grant permissions following the principle of least privilege, allowing users just the minimum level of permission required to accomplish their legitimate and authorized tasks. To configure the permissions for the printer, you use the Security tab of the printer’s properties, as shown in Figure 5.

Figure 5. Printer share permissions should be tightened immediately after sharing the printer.

To add a user or group to the Access Control List (ACL), click Add and then select the desired user or group. After adding the user or group to the ACL, assign the desired permissions:

The Allow— Print permission allows users to submit print jobs to the printer and allows them to cancel, pause, or restart their own print jobs.
The Allow— Manage Printers permission allows users to rename, delete, share, and choose preferences for the printer. It also allows users to choose printer permissions for other users and to manage all print jobs for the printer. Members of the administrator group for a computer have permission to manage printers by default.
The Allow— Manage Documents permission allows users to manage all print jobs for a printer that are waiting in the print queue. This includes documents or files that are being printed by other users.

Special permissions can be configured if these preconfigured collections of privileges do not satisfy the desired level of privilege for users.

Related -----------------

- Configure and Troubleshoot Access to Resources (part 4) - Securing Network Traffic for Remote Desktop Protocol (RDP) Access

- Configure and Troubleshoot Access to Resources (part 3) - IPSec for Securing Network Traffic on the Local LAN

- Configure and Troubleshoot Access to Resources (part 1) - Permissions

Other -----------------

- Windows Update (part 4) - Troubleshooting Updates

- Windows Update (part 3) - Windows Server Update Services Server (WSUS)

- Windows Update (part 2) - Automatic Updates

- Windows Update (part 1) - Manual Updates

- Windows Defender and Other Defenses Against Malware

- Windows Firewall

- Troubleshoot Security Configuration Issues (part 2) - Securing Data in Storage with Encrypting File System & Securing Computers with the Security Configuration and Analysis Tool

- Troubleshoot Security Configuration Issues (part 1) - The Windows Security Center & Securing the Operating System and Data in Storage with BitLocker

- Configure and Troubleshoot Security for Windows Internet Explorer 7 (part 4) - Digital Certificates

- Configure and Troubleshoot Security for Windows Internet Explorer 7 (part 3) - Cookie-Handling & ActiveX Opt-In