Preventing inter office printing accidents Marten <absolute88[ at ]hotmail.com> 12/11/2008 4:31:34 PM We are a multi site organization running 2003 Standard domain controllers at each site. All DCs are in the same domain and therefore sharing the AD. Each office has its own networked printers and I haven't had to worry too much about printing issues before. But one has arised that hopefully I can get some suggestions for. Our accounting systems is running through terminal services from head office. Lately, one satellite office has been acidentally printing confidential info to anther satellite office's printers. What I would like to do is set up printer security so that people who have logged in at a site can use the regional printers. While I do have a security group defined to list each site's native users (Site1-Home), I can't completely restrict the printers based on that as staff do travel between offices and will need to use the those regional printers when visiting. There is another regional security group that defines who in each office can use the accounting system (Site2-Acct). I could deny other sites' accountingf groups from the printer, but wouldn't that also block the user when visiting and not using the accounting system? Any suggestions? Marten

Re: Preventing inter office printing accidents "Anthony [MVP]" <anthony[ at ]no-reply.com> 12/11/2008 9:27:30 PM Marten, What you could do is, in Terminal Services, only enable printing to mapped printers. Anthony, http://www.airdesk.co.uk "Marten" <absolute88[ at ]hotmail.com> wrote in message news:ruc2k4d2ofs7vagdeuvpvuoukrmrioah0j[ at ]4ax.com... [Quoted Text] > We are a multi site organization running 2003 Standard domain > controllers at each site. All DCs are in the same domain and therefore > sharing the AD. Each office has its own networked printers and I > haven't had to worry too much about printing issues before. But one > has arised that hopefully I can get some suggestions for. > > Our accounting systems is running through terminal services from head > office. Lately, one satellite office has been acidentally printing > confidential info to anther satellite office's printers. > > What I would like to do is set up printer security so that people who > have logged in at a site can use the regional printers. While I do > have a security group defined to list each site's native users > (Site1-Home), I can't completely restrict the printers based on that > as staff do travel between offices and will need to use the those > regional printers when visiting. > > There is another regional security group that defines who in each > office can use the accounting system (Site2-Acct). I could deny other > sites' accountingf groups from the printer, but wouldn't that also > block the user when visiting and not using the accounting system? > > Any suggestions? > > Marten

Re: Preventing inter office printing accidents Marten <absolute88[ at ]hotmail.com> 12/12/2008 11:18:04 PM Thanks for the feedback. I'd have to map back to a printer on the PC, not one of the network devices. The accountants have personal printers for confidentiality and check runs. Perhaps add a user id test to the login script? If user = xxxxx and login location = yyyy then map printer. Wouldn't want everyone in the office using the private printer. Does that sound reasonable? Marten On Thu, 11 Dec 2008 21:27:30 -0000, "Anthony [MVP]" <anthony[ at ]no-reply.com> wrote: [Quoted Text] >Marten, >What you could do is, in Terminal Services, only enable printing to mapped >printers. >Anthony, >http://www.airdesk.co.uk > > > > >"Marten" <absolute88[ at ]hotmail.com> wrote in message >news:ruc2k4d2ofs7vagdeuvpvuoukrmrioah0j[ at ]4ax.com... >> We are a multi site organization running 2003 Standard domain >> controllers at each site. All DCs are in the same domain and therefore >> sharing the AD. Each office has its own networked printers and I >> haven't had to worry too much about printing issues before. But one >> has arised that hopefully I can get some suggestions for. >> >> Our accounting systems is running through terminal services from head >> office. Lately, one satellite office has been acidentally printing >> confidential info to anther satellite office's printers. >> >> What I would like to do is set up printer security so that people who >> have logged in at a site can use the regional printers. While I do >> have a security group defined to list each site's native users >> (Site1-Home), I can't completely restrict the printers based on that >> as staff do travel between offices and will need to use the those >> regional printers when visiting. >> >> There is another regional security group that defines who in each >> office can use the accounting system (Site2-Acct). I could deny other >> sites' accountingf groups from the printer, but wouldn't that also >> block the user when visiting and not using the accounting system? >> >> Any suggestions? >> >> Marten

Re: Preventing inter office printing accidents "Anthony [MVP]" <anthony[ at ]no-reply.com> 12/13/2008 1:25:01 PM If it is a client local printer, then it can be reached as a redirected client printer in the TS session. It sounds rather more complicated than it should be. If the accountants are capable of printing confidential info to their local printer, aren't they capable of realizing which printer they are printing to? It seems the essence of the business problem is that you want them to be able to choose a printer normally, but not for the finance system. In that case you would have to map a specific printer, and also prevent access to Add Printers. What is the Finance System? Does it have its own method of assigning printers to users and/or jobs? Anthony http://www.airdesk.co.uk "Marten" <absolute88[ at ]hotmail.com> wrote in message news:62s5k4piga7t25agcg4jic53pp6ccdn1nj[ at ]4ax.com... [Quoted Text] > Thanks for the feedback. > > I'd have to map back to a printer on the PC, not one of the network > devices. The accountants have personal printers for confidentiality > and check runs. > > Perhaps add a user id test to the login script? If user = xxxxx and > login location = yyyy then map printer. Wouldn't want everyone in the > office using the private printer. > > Does that sound reasonable? > > Marten > > On Thu, 11 Dec 2008 21:27:30 -0000, "Anthony [MVP]" > <anthony[ at ]no-reply.com> wrote: > >>Marten, >>What you could do is, in Terminal Services, only enable printing to mapped >>printers. >>Anthony, >>http://www.airdesk.co.uk >> >> >> >> >>"Marten" <absolute88[ at ]hotmail.com> wrote in message >>news:ruc2k4d2ofs7vagdeuvpvuoukrmrioah0j[ at ]4ax.com... >>> We are a multi site organization running 2003 Standard domain >>> controllers at each site. All DCs are in the same domain and therefore >>> sharing the AD. Each office has its own networked printers and I >>> haven't had to worry too much about printing issues before. But one >>> has arised that hopefully I can get some suggestions for. >>> >>> Our accounting systems is running through terminal services from head >>> office. Lately, one satellite office has been acidentally printing >>> confidential info to anther satellite office's printers. >>> >>> What I would like to do is set up printer security so that people who >>> have logged in at a site can use the regional printers. While I do >>> have a security group defined to list each site's native users >>> (Site1-Home), I can't completely restrict the printers based on that >>> as staff do travel between offices and will need to use the those >>> regional printers when visiting. >>> >>> There is another regional security group that defines who in each >>> office can use the accounting system (Site2-Acct). I could deny other >>> sites' accountingf groups from the printer, but wouldn't that also >>> block the user when visiting and not using the accounting system? >>> >>> Any suggestions? >>> >>> Marten >

Re: Preventing inter office printing accidents Marten <absolute88[ at ]hotmail.com> 12/15/2008 5:19:34 PM The product is Wind2 by Deltek. I'm wondering if the product has been configured to remember where it printed to the last time a specific report was generated. The one user that prompted my inquiry had printed a different report several times to her local printer successfully. She then ran a different report and it printed out half way across the continent. The TS server has the general printer in each office installed. We were having trouble with the spool subsystem crashing and we thought it had to de with TS client asking for unknown printer drivers. My main problems is that 95% of the users don't understand that they are in a TS session and that they need to confirm their printer location. Just because a particular printer is where Word printed to doesn't mean the accounting will as well. I was thinking if I could restrict their printing to a geographical area it would be helpful. I'll look more into the mapping of printers in the login script. Thanks Marten On Sat, 13 Dec 2008 13:25:01 -0000, "Anthony [MVP]" <anthony[ at ]no-reply.com> wrote: [Quoted Text] >If it is a client local printer, then it can be reached as a redirected >client printer in the TS session. > >It sounds rather more complicated than it should be. If the accountants are >capable of printing confidential info to their local printer, aren't they >capable of realizing which printer they are printing to? It seems the >essence of the business problem is that you want them to be able to choose a >printer normally, but not for the finance system. In that case you would >have to map a specific printer, and also prevent access to Add Printers. > >What is the Finance System? Does it have its own method of assigning >printers to users and/or jobs? > >Anthony >http://www.airdesk.co.uk