Setting Printer Permissions
Printers have similar permissions to that of files in Windows with the (default) NTFS file system. You can assign access control types or capabilities among the users and groups of the computer or network.
Thus you could give User A full printing and printer management access, while User B has only printing access, and User C has no printing capabilities at all.
As discussed in a previous article about file sharing and permissions, to get the best out of access control lists (ACLs), each computer on the network should have matching user accounts created on them, even if each user doesn't get on each PC.
This is because without creating a domain (versus workgroup) network and using Active Directory, you can specify access in ACLs only with users who have a Windows account on that particular computer.
Without replicating the accounts on all the computers, you'd just be able to classify access to the Administrator or Everyone group, which are globally recognized. (In other words, you won't be able to do as I discussed in the previous paragraph.)
When you're ready to define the printer permissions, open the Control Panel and browse to the Printer (or Printer and Faxes) window.
Then right-click on the printer icon, select Properties, and on the dialog that opens, choose the Security tab.
As Figure 3 shows, you'll see a list of groups and users, in which you can define the following permissions for each:
- Print: This option lets users print, cancel, pause, and restart print jobs they've sent to the printer.
- Manage documents: This option lets the users also manage other user's print jobs that are waiting in the print queue.
- Manage printers: This option gives the users the ability to rename, delete, share, and choose preferences for the printer, in addition to management rights of print jobs.
- Special permissions: This option lets the users do things such as change the printer owner if it actually becomes necessary.
For example, you could deny all permissions for the Everyone group and add desired users to the list to individually specify what type of access you want to give to each user on the network.
You might also want to do the same for the Administrators group if you don't want them all to have full rights.