Re: RDP Printing by station
- From: "TP" <tperson.knowspamn@xxxxxxxxxxxxxxx>
- Date: Wed, 13 Dec 2006 12:05:38 -0500
Okay, I was hoping that *all* of the stations that you wanted to *allow* printing from would be from static ips, that way we could use a combo of ipsec and different listener settings to accomplish your goal. My understanding now is that you may have some stations at given site that allow printing, and some that do not, and that these stations may or may not be coming from different public ips, and may or may not have static ips.
Regarding WTSClientHardware, it is not used for RDP connections, it will always return 0. MAC addresses are usually unique, but do not forget that the end user can manually set the MAC address if they want.
The fact that you have control over the application code gives us lots of options. For example:
1.) You could use client name, but that is not guaranteed to be unique (although it is likely to be unique at a given physical location). Like the MAC address, the name is configurable by the PC admin, so that may not meet your security requirements.
Clientname is exposed as an environment variable, making it easier to access by novice programmers.
2.) You could "roll your own" method using virtual channels. This would allow you to check the MAC address, or maybe a combination of things like MAC address, HD serial number, etc. Your application on the server could first check for your virtual channel, if it doesn't exist disable printing. If the channel does exist obtain the unique id from the client, check if printing is permitted, and enable/disable printing accordingly.
The downside of this approach is that you will have to deploy additional software (besides the TS client) to machines that will print. Machines that will be denied printing capability would not need the additional software piece. If you are using TSWeb you could deploy your client software piece that way.
Please let me know if you have any questions and what your thoughts are.
Thanks.
-TP
flippergonzo wrote:
Hey TP,
the stations that are to be denied printing at not going to typically
have static IPs. In some cases we will be able to give them statics,
but overall it's not something that I can count on being able to
control at every customer site.
I'm planning on using both auto created printers (redirected) and
network printers configured on the terminal server(s) with the
printers physically located at the customer site.
A more specific idea of the customers and reasons for this might help.
The scenario is actually for medical software and regulations
stipulate that you must be able to deny certain computers (in a exam
room for instance) from printing from that application.
The application used generally is a custom application so it could
definitely be changed. The best way that I can think of would be to
allow/deny based upon the MAC address since they will be unique (in
theory at least!) and we can add those addresses to an approve/deny
list within the application. So the application would have to be
changed to obtain the MAC address of the Terminal client for that
session and compare it to the predefined list.
If my way of thinking is correct, then my question is how would one
request the MAC address of the terminal client session? (This is why
I'd also inquired if the WTSClientHardwareId references the MAC
address of the client.)
One last question...if the
WTSQuerySessionInformation/WTSClientHardwareId is the solution, does
anyone know if these queries work when pointing at a Mac OS X RDP
client?
Thanks again!
.
- Follow-Ups:
- Re: RDP Printing by station
- From: flippergonzo
- Re: RDP Printing by station
- References:
- RDP Printing by station
- From: flippergonzo
- Re: RDP Printing by station
- From: TP
- Re: RDP Printing by station
- From: flippergonzo
- RDP Printing by station
- Prev by Date: Re: Windows 2003 server for Small Business
- Next by Date: Re: Timeout value in new RDP 6.0 client
- Previous by thread: Re: RDP Printing by station
- Next by thread: Re: RDP Printing by station
- Index(es):
Relevant Pages
|
