Download Print Management Software Software de Control de Impresiones - Español Version Logiciel de Controle d Impression - Version Française Druckmanager - Deutsche Version Software Gestione Stampa - Versión Italiana Software para Controle de Impressão - Versão Português Tulostuksenhallintaohjelmisto ПО для управления печатью 打印管理器 - 中文简体版 列印管理器 - 中文繁體版 プリンターマネージャーソフトウェア - 日本語版 인쇄 관리 소프트웨어 برنامج إدارة الطباعة Printbeheeroplossing - Dutch Version Price Buy License Print Management Software Print Management Software Print Management Software

Print Management Guide - Assigning printer permissions

When a printer is installed on a network, default printer permissions are assigned that allow all users to print, and allow select groups to manage the printer, the documents sent to it, or both. Because the printer is available to all users on the network, you might want to limit access for some users by assigning specific printer permissions. For example, you could give all non administrative users in a department the Print permission and give all managers the Print and Manage Documents permissions. In this way, all users and managers can print documents, but managers can also change the print status of any document sent to the printer.

Windows provides three levels of printing security permissions: Print, Manage Printers, and Manage Documents. When multiple permissions are assigned to a group of users, the least restrictive permissions apply. However, when Deny is applied, it takes precedence over any permission. The following is a brief explanation of the types of tasks a user can perform at each permission level.

Print

The user can connect to a printer and send documents to the printer. By default, the Print permission is assigned to all members of the Everyone group.

Manage Printers

The user can perform the tasks associated with the Print permission and has complete administrative control of the printer. The user can pause and restart the printer, change spooler settings, share a printer, adjust printer permissions, and change printer properties. By default, the Manage Printers permission is assigned to members of the Administrators and Power Users groups.

By default, members of the Administrators and Power Users groups have full access, which means that the users are assigned the Print, Manage Documents, and Manage Printers permissions.

Manage Documents

The user can pause, resume, restart, cancel, and rearrange the order of documents submitted by all other users. The user cannot, however, send documents to the printer or control the status of the printer. By default, the Manage Documents permission is assigned to members of the Creator Owner group.

When a user is assigned the Manage Documents permission, the user cannot access existing documents currently waiting to print. The permission will only apply to documents sent to the printer after the permission is assigned to the user.

Deny

All of the preceding permissions are denied for the printer. When access is denied, the user cannot use or manage the printer or adjust any of the permissions.

Printing permissions assigned to groups

Windowsassigns printer permissions to six groups of users. These groups include Administrators, Creator Owner, Everyone, Power Users, Print Operators, and Server Operators. By default, each group is assigned a combination of the Print, Manage Documents, and Manage Printers permissions as shown in the following table.

 

Group Print Manage Documents Manage Printers
Administrators X X X
Creator Owner   X  
Everyone X    
Power Users X X X
Print Operators X X X
Server Operators X X X

The Print Operators and Server Operators groups are located only on domain controllers.

Members of this group can manage, create, share, and delete printers and print queues. Members of this group can load and unload device drivers on the server. Users who can load and unload device drivers also have the ability to load malicious code on the server. As a security best practice, only add trusted users to this group.

Each permission consists of a group of special rights that allow the user to perform specific tasks. The following table summarizes the level of access associated with each of the printing security permissions. 

Tasks permitted Print Manage Documents (applies to documents only) Manage Printers
Print X   X
Manage Printers     X
Manage Documents   X  
Read Permissions X X X
Change Permissions   X X
Take Ownership   X X

To set Group Policy for printers

Start Group Policy according to the object you want to set printer policy to. For more information on how to start Group Policy, see Related Topics.

After selecting the properties page of the object you want to set printer policy to, select the Group Policy node.

If you want to set policies that apply only to computers, expand the Computer Configuration node, and then expand Administrative Templates.

If you want to set policies that apply only to users, expand the User Configuration node, expand Administrative Templates, and then expand Control Panel.

Double-click Printers to open a listing of policies.

Double-click the printer policy you want to set.

On the Policy tab, enable or disable the policy by selecting or clearing the appropriate radio button. With some policies, you might need to enter additional information.

Note

If you do not want to change the current state of the policy setting, leave it as it is (not configured) to save processing time.