Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Vista

Group Policy Settings (part 5) - Point and Print Restrictions & Digital Certificates and Authenticode

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
3/14/2011 10:18:13 PM

Point and Print Restrictions

Point and Print restrictions allow you to control access to selected shared printers on the corporate network. By default, printers are shared with the permissions set to Allow—Print for the Everyone group. This says that any user can connect to a shared printer, automatically download any required printer drivers, and submit print jobs to that device. Permissions can be adjusted on the printer properties to further control this access. The Point and Print restrictions in a GPO can be used in addition to these permissions to control printer access for large groups of users in an AD environment.

This setting is located under User Configuration > Administrative Templates > Control Panel > Printers, as shown in Figure 11.

Figure 11. Configuring Point and Print restrictions.


The fully qualified domain name (FQDN) of the print server must be added to complete the GPO setting.

This GPO setting requires that you construct a list of print servers that the users are allowed to download drivers from and then submit print jobs to. You can further restrict the driver download to only those drivers that have been tested, approved, and digitally signed by Microsoft’s Windows Hardware Quality Labs (WHQL), the testing arm of Microsoft for third-party drivers.

Digital Certificates and Authenticode

As users connect to web servers, their browsers download the HTML file and image files and also download and execute active content, like ActiveX controls. Active content, also called mobile code, is a major source of malware (viruses and spyware) and is often heavily restricted in a corporate environment.

To ensure that your ActiveX controls are safe and usable by all who visit your website is to have the ActiveX control tested and digitally signed by Microsoft. When an ActiveX control is signed by Microsoft, it is called Authenticode, and it is generally trusted to be safe for your users to run. However, on occasion, these tested and approved ActiveX controls can still conflict with other software running on your client computers, so having it signed by Microsoft is still not a guarantee of safety.

Caution

Be Careful with Authenticode Restrictions Enabling restrictions on your browsers to allow only approved publishers of Authenticode enhances the security of browsing but can cause web applications and other website functions that rely on unsigned and unapproved publishers of ActiveX controls to fail.


You can restrict the browsers on your users’ computers to execute Authenticode only from a select list of publishers that you approve. To do this, you must enable a setting in a GPO that is located under User Configuration > Windows Settings > Internet Explorer Maintenance > Security > Authenticode Settings. The setting is labeled Enable Trusted Publisher Lockdown. This setting, shown in Figure 12, disables users from accepting any certificates (used in the Authenticode) from publishers that aren’t on your approved publishers list.

Figure 12. Configuring trusted publisher lockdown.
Other -----------------
- Group Policy Settings (part 1) - Desktop Settings & Software Deployment by GPO
- Group Policy Object Overview (part 2) - Applying GPOs to a Computer and User in an AD Environment
- Group Policy Object Overview (part 1) - Building a Local Computer Policy & The Domain Member Computer
- User Account Control (UAC)
- Troubleshoot Authentication Issues - SmartCards
- Configure and Troubleshoot Access to Resources (part 4) - Securing Network Traffic for Remote Desktop Protocol (RDP) Access
- Configure and Troubleshoot Access to Resources (part 3) - IPSec for Securing Network Traffic on the Local LAN
- Configure and Troubleshoot Access to Resources (part 2) - Printer Sharing
- Configure and Troubleshoot Access to Resources (part 1) - Permissions
- Windows Update (part 4) - Troubleshooting Updates
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server