I have a question about shared printers, and how to best limit access to them.
I have a printer shared from our print server (\\server01\printer01) and I locked it down to just the security groups that should have access via the share security tab.
I also have the AD object for that printer, which allows anyone to access that printer. I figured that it was better to lock it down via the share, because I didn't want to leave the share open for any unauthenticated users.
Any thoughts on how I can do this better, or how I've totally fubar'd up my network? It seems to work for the moment, except for the times when I look at the AD permissions and go "I thought I locked this down".
Best Answer
Instead of messing with the share's security, you should simply edit the printer object's security settings to your liking (probably removing the Everyone:Print ACE in the process which is set by default):