Re: Inherited Permissions for Printers
From: Herb Martin (news_at_LearnQuick.com)
Date: 01/11/05
- Next message: gurvinder.nijjar: "Domain controllers"
- Previous message: Paul K: "Re: Schema import/export or backup and restore"
- In reply to: Chriss3 [MVP]: "Re: Inherited Permissions for Printers"
- Next in thread: Chriss3 [MVP]: "Re: Inherited Permissions for Printers"
- Reply: Chriss3 [MVP]: "Re: Inherited Permissions for Printers"
- Reply: Paul Hadfield: "Re: Inherited Permissions for Printers"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 11 Jan 2005 09:19:46 -0600
"Chriss3 [MVP]" <noSpamHere@chrisse.se> wrote in message
news:eMZ8B1#9EHA.2996@TK2MSFTNGP10.phx.gbl...
> Hello Paul,
> Good question. Yes it's possible to inheritance the Security (ACL) from
the
> computer object in the Active Directory, since all printers published in
> active directory is child objects to it's host/computer/server.
I don't think so. The Printer's so published are not
"children" of the computer object for several reasons
but the most important is that Computer objects are
NOT containers.
Also note, the Computer object in AD will not get
you permissions to the actual PRINTER (queue)
anyway.
Also, since these are local printers they may not
even be published in AD.
> You can give the "IT Helpdesk Staff" Full Control of child objects of type
> PrinterObjects or just Add / Remove Printer Objects. You should see an
entry
> for the Printer Operators group with rights Add / Remove Printer Objects
in
> the ACL list on the computer/host/server object in AD.
Unless I am totally wrong about this, there is no
place to "inherit permissions" on the PRINTER
(queue) share objects themselves since they have
no parent.
I.E., you still won't be able to print.
A Restricted Group MIGHT help but the group
used will need to be one that is already assigned
by default, or there must be another way to give
this group the requisite permissions.
A startup script might wrap this stuff up by
enumerating Print shares etc.....
-- Herb Martin > > -- > Regards > Christoffer Andersson > Microsoft MVP - Directory Services > > No email replies please - reply in the newsgroup > ------------------------------------------------ > http://www.chrisse.se - Active Directory Tips > > "Paul Hadfield" <paul@anon.com> skrev i meddelandet > news:%239EC3G99EHA.1084@tk2msftngp13.phx.gbl... > > All, > > > > I realise this is a printing question, but I think it's probably more > > GPO/AD related too. > > > > Is there any way that permissions for locally installed printers on a > > Windows 2000 Advanced server can be set to inherit in the same way that > > files and folders can? E.g. when someone creates a new local printer, I > > want to be able to specify what the default security permissions will be > > set to. > > > > We have a Windows 2000 domain with print queues set up locally on Windows > > 2000 Advanced Server member servers. I'm trying to set up our member > > servers so that when a member of the domain security group "IT Helpdesk > > Staff" creates a new local printer, the correct permissions are > > automatically assigned to it and all the IT staff needs to do is add the > > relevant User groups with print access. > > > > The domain secirity group "IT Helpdesk Staff" has only domain user rights > > but is also a member of the local Power Users group on the Windows 2000 > > member servers, and so has full permissions to create new printers > > locally. > > > > Thanks again, > > Paul. > > > > > > > >
- Next message: gurvinder.nijjar: "Domain controllers"
- Previous message: Paul K: "Re: Schema import/export or backup and restore"
- In reply to: Chriss3 [MVP]: "Re: Inherited Permissions for Printers"
- Next in thread: Chriss3 [MVP]: "Re: Inherited Permissions for Printers"
- Reply: Chriss3 [MVP]: "Re: Inherited Permissions for Printers"
- Reply: Paul Hadfield: "Re: Inherited Permissions for Printers"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
