members.shaw.ca/bsanders/NetPrinterAllUsers.htm: Adding A Network Printer For All Users
Dilemma for me. I don't want to give all my users any sort of admin access to their machines. At the same time, I want them to be able to add new network printers without having me log in for them as admin to install the new driver once.
Three solutions. One, give users access to the location where printer drivers are stored (\WINDOWS\system32\spool\drivers\w32x86\3), which would open up another security hole. Or, two, push out the driver to all machines remotely, which should then allow the user to add the network printer without having to access the directory for drivers. Finally, three, install the printer for all users on each machine, which could also be done remotely by script.
To me, the second option seems to be the most secure. I definitely don't want to give user access to a system32 directory. I also don't want all users to have access to printer, even though we already have printer accounting in place. No need to give users more than they need. It usually results in more questions, at least in my current environment. Pushing out the print driver seems to be the best solution. Now, how to push out the driver?
No comments:
Post a Comment