2

I've setup print management got everything rolling out via GPO, and things are looking really good.

However I attempted to lock down the executives Printer by removing the "Everyone" group from their printer, and instead using an AD security group with print permissions.

It unfortunately stopped the executives from printing to that printer(it was that kind of day). As soon as I gave the "Everyone" group print access again everyone could again print.

I still want to lock the printer down, but I'm obviously doing something wrong. The executives are members of the security group. It is tied to a mapped drive GPO and the drives are mapping for them, so I know they have access, I just don't understand why the security group isn't allowing them to use the printer.

How should I be restricting access to this printer?

William Finnigan
  • 23
  • 2

1 Answers1

0

The Everyone group is a meta-group that includes, by definition, everyone, including members of other groups. Normally this wouldn't be a problem, unless you explicitly Deny access to Everyone. When you do that, Everyone is ... locked out.

So double-check on how you are 'removing access'. Simply leaving the Everyone group off the Allow list shouldn't cause the problem you describe, but putting Everyone on the Deny list will. I would check to make sure that Everyone hasn't been included in a Deny security group related to that printer.

George Erhard
  • 814
  • 6
  • 12