Is it possible to configure a printer shared from a generic file and print server in a domain, call it FILEPRINT01, which has a shared printer called OFFICE01, to only allow certain computers to print to it?
Imagine our users can hot desk and any given user can use any given client computer… but we only want people on certain computers to be allowed to print?
For example,
MARY on CLIENT01 tries to print to \\FILEPRINT01\OFFICE01 - OK
JOHN on CLIENT01 tried to print to \\FILEPRINT01\OFFICE01 - OK
MARY on CLIENT99 tries to print to \\FILEPRINT01\OFFICE01 - NO
JOHN on CLIENT99 tries to print to \\FILEPRINT01\OFFICE01 - NO
So, John and Mary are both allowed to print to the printer but only CLIENT01 is allowed print to it so if either user tries to print from that machine it will work. However, CLIENT99 is not allowed print to the printer so when either user tries to print it will not be allowed.
Is this possible?
Best Answer
Much like when I asked this:
Device-based permissions in a Windows Printing environment
It turns out not to be possible. Printing is handled on the User's token, not the device's token. So when a user goes to print, they access the print-share with their own security credentials. The Workstation's credentials are no part of that transaction. Therefore, you can't do device-based restrictions for printing on Windows.