Security management requires step-by-step prevention and how to use itGroup PolicyMakes network printing more efficient? This article provides a detailed description.
Using a printer in a LAN not only effectively saves printing costs, but also greatly improves printing efficiency. However, due to the openness of the networkNetwork PrinterManagement is not as convenient as local printer management. To this end, many print users carefully summed up and found a lot of tips for efficient management of network printers, I naturally is no exception. This is not the case. I will start from the system group policy settings to recommend several efficient management of network printers, hoping to be useful to all of you!
Beware of "Stealing" network printers"
By default, any user can use the "Browse printer" function in the "Add Printer" Wizard window to easily find all network printers in the LAN; if no security measures are taken for any printer, any user can secretly install these network printers locally, the printer's "host" may have no idea about this. As a result, network printers are in danger of being illegally used. To avoid this risk, is there a way for common users to easily find all installed printers on the network by browsing the network? The answer is yes. we can follow the steps below:
Click Start/run to open the system running dialog box, and enter the Group Policy Edit command gpedit. msc, click OK to open the Group Policy editing page;
In the left-side area of the interface, double-click the "user configuration", "management template", "Control Panel", and "Printer" Folders one by one, in the window area on the right of the corresponding "Printer" folder, select the "Browse network for printer" option and right-click it to execute the "properties" command from the pop-up menu, open the attribute settings window shown in 1. Select the "disabled" option in the window and click "OK, in this case, the "Browse printer" option will not appear in the "Add Printer" Wizard window, so other common users will not be able to easily find the target network printer to be installed through the network, the installation can only be performed unless he knows the detailed path of the target printer.
Figure 1
TIPS: if we do not configure the "Browse network to find printers" option, the system will automatically enable the network browsing function, allowing users to browse the network, find any printer in the LAN. Of course, even if we disable the "browse the network to find the printer" option, you can still search for the printer in the LAN in other ways and share and install the printer without permissions.
Avoid "stealing and deleting" network printers"
Generally, any user can use the control panel window of the Local Computer to delete the printer installed on the local system as he/she wishes. However, this poses a threat to the use of the security belt for the printer, this is because if the host of the computer temporarily leaves the computer for a while, and the other "destructive elements" just took the opportunity to enter the control panel window of the local system, if you secretly Delete the local network printer, the host of the computer will not be able to use the network printer for Shared printing in the future. In view of this, we can use the following setup steps to prevent the network printer from being "secretly" deleted by other users through the control panel window:
Click Start/run to open the system running dialog box, and enter the Group Policy Edit command gpedit. msc, click OK to open the Group Policy editing page;
In the left-side area of the interface, double-click the "user configuration", "management template", "Control Panel", and "Printer" Folders one by one, in the window area on the right of the corresponding "Printer" folder, select the "" option and right-click it to execute the "properties" command from the pop-up context menu, in the subsequent property settings window, select the "enabled" option and click "OK". In this way, when other illegal elements open the control panel window of the local system, when you try to secretly delete a network printer installed on your local computer, the system will automatically display the prompt page shown in 2, warning that the hacker has no permission to delete the network printer at will, in this way, the local network printer can be effectively protected.
Figure 2
Tip: even if the "" option is enabled, this option will be powerless if illegal elements use other methods to delete the local network printer!
"Force" to prevent the use of network printers
In a computer installed with Windows 2003 or Windows XP, we can enable the built-in firewall to protect the security of the local system, and when we want to use a network printer in the LAN, you can select the "file and printer sharing" option on the firewall settings page shown in 3 to ensure that the system uses a network printer under firewall security protection. But sometimes, in order to completely block network printing, we do not want ordinary users to freely set the "file and printer sharing" function of the Windows built-in firewall, the firewall restrictions can be easily crossed to achieve network printing; to achieve this, you can follow the steps below:
Figure 3
Click Start/run to open the system running dialog box, and enter the Group Policy Edit command gpedit. msc, click OK to open the Group Policy editing page;
In the left-side area of the interface, double-click the "Computer Configuration", "management template", "network", "network connection", and "standard configuration file" Folders one by one, in the window area on the right of the corresponding "standard configuration file", select the "Windows Firewall: Allow file and printer sharing exceptions" option and right-click it, right-click the pop-up menu and run the "attribute" command. In the subsequent property settings window, select the "disabled" option and click "OK, in this way, even if other users want to enable the "file and printer sharing" function, but they open the firewall settings page shown in Figure 3 again, but we found that "file and printer sharing" has become optional, so that we can truly "forcibly" Prevent the use of network printers.
Blocks remote control of network printers
As you know, with permission permits and appropriate settings, you can use the IE browser window on any computer that can access the Internet, perform remote control for the specified network printer, for example, view the technical parameters and working status of the target printer, send a print task to the printer, or remotely install the network printer. Although this remote control method can greatly improve the management efficiency of network printers, it also poses a threat to the secure use of network printers. Is there a way to prevent normal users, can I use the IE browser window to manage or print the printer directly? The answer is yes. You can refer to the following steps to prevent remote control network printers:
Click Start/run to open the system running dialog box, and enter the Group Policy Edit command gpedit. msc, click OK to open the Group Policy editing page;
Figure 4
In the left-side area of the page, double-click "Computer Configuration", "management template", and "Printer" Folders one by one. In the window area on the right of the "Printer" folder, select the "WEB-based Printing" option, right-click it, and run the "attribute" command from the shortcut menu, in Figure 4, select the "disabled" option and click "OK". In this way, no user can access the IE browser window, remote control network printer.
Guard against random installation of network printers
To install a network printer, you can use the "Add Printer" wizard in the control panel window, or remote installation in the IE browser window. Therefore, to prevent normal users from installing a network printer on a local computer, we must use the following two methods:
If you want to prevent normal users from installing a network printer by using the "Add Printer" wizard in the control panel window, click "start"/"run" command in sequence, open the system running dialog box and enter the Group Policy Editing Command "gpedit. msc, click OK to open the system's group policy editing interface. Then, in the left-side area of the interface, double-click the "user configuration", "management template", "Control Panel", and "Printer" Folders one by one. In the window area on the right of the "Printer" folder, select the "" option, right-click it, and run the "properties" command from the shortcut menu. In Figure 5, select the "enabled" option, click "OK". When other illegal elements open the control panel window of the local system and try to install the network printer through the "Add Printer" Wizard, the system automatically displays a warning message indicating that no installation is permitted.
Figure 5
If we want to prevent normal users from remotely installing a network printer by using the "Add Printer" function in the IE browser window, we can first open the system group policy editing window as shown above, double-click the "user configuration", "management template", "Control Panel", and "Printer" Folders one by one. In the window area on the right of the "Printer" folder, select the Browse shared website to find a printer option, right-click it, and run the "properties" command from the shortcut menu, select the "enabled" option on the page that appears, and click the "OK" button, so that when a common user remotely controls the network printer through the WEB page, the "Add Printer" option will not be found on the page, so that the network printer installation will be blocked.
The clever use of group policies makes network printing more efficient and makes the network more secure. More knowledge about group policies needs to be learned and consolidated by readers.