RE: Anonymous Web based printing for standard users
From: DaveB (DaveB_at_discussions.microsoft.com)
Date: 03/02/05
- Next message: Scott C: "RE: w3wp.exe taking 100% when moving from 1 cpu P4 to dual xeon"
- Previous message: Steven Burn: "Re: IIS Monitoring"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 2 Mar 2005 07:25:06 -0800
Cliff,
We have the same problem and have been srtuggling with it for some time now.
I doubt you will get any help from Microsoft. This seems to be part of the
"all or nothing" mentality that has been their foundation for years. An
effective security policy should be one that allows some flexability to give
users rights to perform routine operations without having to give them the
keys to the kingdom.
The only solution that we can find is to temporarily add the user to the
local admin group, login and install the printer(s) as the user, then remove
them from the admin group.
So much for efficient administration!
DaveB
"Cliff" wrote:
> I'm having some problems setting this up correctly. A company wants a
> solution where a client can plug into their network, browse to a webpage and
> connect to a printer. I have set a DNS alias for the Print server with IIS on
> called Printers and auto-forward to http://printers/printers. I have
> installed Web based printing, enabled Internet Printing in the Web Service
> Extensions and enabled Web-Based Printing in the Default Domain Group Policy.
> The IIS anonymous user has been given print rights to all the printers and
> the Directory Security for the site has been set to Anonymous access only.
>
> This works to a degree as i can see all the printers available and check the
> status of them but if a standard user (non-local admin) tries to connect it
> comes up with "you do not have enough privilege to complete the printer
> installation on the local machine" on WinXP clients or "Access Denied" on
> Win2K clients.
>
> I have done a bit of searching and from what i've read there are 2 ways
> which the printer is installed, either using IPP or RPC. When IPP is used it
> creates a local queue which requires local admin rights and with RPC it does
> the spooling remotely so therefore doesn't require admin rights. Here's a
> quote:
>
>
>
> --------------------------------------------------------------------------------
>
> When the Initialize and script ActiveX controls not marked as safe setting
> for the local intranet is set to Disable or to Prompt, Windows creates a
> remote procedure call (RPC) printer connection when you try to connect to an
> intranet-based printer through your Web browser. In this scenario, printer
> installations are successful for both users and administrators because RPC
> printer connections use the Windows remote spooler.
>
> --------------------------------------------------------------------------------
>
>
> I've tried messing with this setting, adding the server to the trusted zone
> and dropping security to low for Intranet but nothing seems to make any
> difference, anyone got any ideas?
- Next message: Scott C: "RE: w3wp.exe taking 100% when moving from 1 cpu P4 to dual xeon"
- Previous message: Steven Burn: "Re: IIS Monitoring"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
