PC Review


Reply
Thread Tools Rate Thread

Can I give printing rights without giving login rights?

 
 
Peter
Guest
Posts: n/a
 
      5th Dec 2003

I have a PC (admin) with a printer attached, and some PCs (user)
networked to it which I want to access the printer.

I can make it work if I create a user account on the admin PC for
every user on the LAN.

But then it is possible for each of the users to login into the admin
PC. Obviously only under their user login, but I don't want them to be
able to login at all.

How can I create a user account but with login **on that machine**
blocked?


Peter.
--
Return address is invalid to help stop junk mail.
E-mail replies to (E-Mail Removed) but remove the X and the Y.
Please do NOT copy usenet posts to email - it is NOT necessary.
 
Reply With Quote
 
 
 
 
Jetro
Guest
Posts: n/a
 
      5th Dec 2003
You can enable Guest account and lock down its desktop or purchase the
server.


 
Reply With Quote
 
 
 
 
Peter
Guest
Posts: n/a
 
      6th Dec 2003

"Jetro" <(E-Mail Removed)> wrote

>You can enable Guest account and lock down its desktop or purchase the
>server.


Doesn't enabling the Guest account create a big security hole?


Peter.
--
Return address is invalid to help stop junk mail.
E-mail replies to (E-Mail Removed) but remove the X and the Y.
Please do NOT copy usenet posts to email - it is NOT necessary.
 
Reply With Quote
 
Jetro
Guest
Posts: n/a
 
      6th Dec 2003
Not related to the subject. As you see, the practical solution is a domain.


 
Reply With Quote
 
Peter
Guest
Posts: n/a
 
      8th Dec 2003

"Jetro" <(E-Mail Removed)> wrote

>Not related to the subject. As you see, the practical solution is a domain.
>


Perhaps you could offer more than cryptic 1-line replies; I might then
have a chance of understanding them.


Peter.
--
Return address is invalid to help stop junk mail.
E-mail replies to (E-Mail Removed) but remove the X and the Y.
Please do NOT copy usenet posts to email - it is NOT necessary.
 
Reply With Quote
 
Jetro
Guest
Posts: n/a
 
      8th Dec 2003
Did I offend you somehow?
That's impossible to disable the logon on particular workstation in the
workgroup environment. You need the domain with domain controller (server).
Enabled Guest account is a breach in the security, you are right, but I
wouldn't bother about the workgroup security at all - nothing is secure.
http://support.microsoft.com/default...;en-us;Q299909
HOW TO: Join a Workgroup in Windows 2000 Server

 
Reply With Quote
 
Peter
Guest
Posts: n/a
 
      9th Dec 2003

"Jetro" <(E-Mail Removed)> wrote:

>Did I offend you somehow?
>That's impossible to disable the logon on particular workstation in the
>workgroup environment. You need the domain with domain controller (server).
>Enabled Guest account is a breach in the security, you are right, but I
>wouldn't bother about the workgroup security at all - nothing is secure.
>http://support.microsoft.com/default...;en-us;Q299909
>HOW TO: Join a Workgroup in Windows 2000 Server


OK, thank you, I understand that it cannot be done. In a workgroup
system, if you want rights to a printer attached to PC X then you also
have inevitable login rights into PC X console.

Perhaps if the printer in question was directly ethernet-attached
(rather difficult with a UBS-only inkjet pritner), or attached to a PC
which is only used as a print server, that would be a solution.

This raises an interesting question... if I did dedicate a PC to act
as a print server, that same PC could also run an email server and
filter out all the Swen spam... run Winfax, etc etc...


Peter.
--
Return address is invalid to help stop junk mail.
E-mail replies to (E-Mail Removed) but remove the X and the Y.
Please do NOT copy usenet posts to email - it is NOT necessary.
 
Reply With Quote
 
Jetro
Guest
Posts: n/a
 
      9th Dec 2003
The printer can be attached to any workstation, say, nearest to admin
computer, or you could buy hardware print server. WinFax could be run as
distributed shared application etc etc etc. As to the workstation acting as
an email server... It wouldn't be productive enough and limited by 10
simultaneous connections in the case of W2kPro, but dedicated Linux machine
would be sufficient for everything.


 
Reply With Quote
 
Peter
Guest
Posts: n/a
 
      9th Dec 2003

(E-Mail Removed) (Peter) wrote

>OK, thank you, I understand that it cannot be done. In a workgroup
>system, if you want rights to a printer attached to PC X then you also
>have inevitable login rights into PC X console.


I have just proven the above is wrong!

I have created an account for my son on my own PC (the one which has
the printer attached to it) and tried to login using his login/pwd on
my PC and it says only an administrator can login.

That's good news. No idea how it was achieved There must be some
config on my PC which specifies that only administrators can login.


Peter.
--
Return address is invalid to help stop junk mail.
E-mail replies to (E-Mail Removed) but remove the X and the Y.
Please do NOT copy usenet posts to email - it is NOT necessary.
 
Reply With Quote
 
Jetro
Guest
Posts: n/a
 
      11th Dec 2003
Alright, here is the trick - I just forgot about it (don't remember when I
configured the workgroup last time - 10 years ago?! ;-)
Create special group and add restricted users to it. Run 'gpedit.msc' and
drill down to
ComputerConfiguration/WindowsSettings/SecuritySettings/LocalPolicies/UserRig
htsAssignment: DenyLogonLocally - add the group mentioned above.
If you locked down yourself (I did), you need 'ntrights.exe' from
ResourceKit. Run from any remote machine as administrator:
ntrights -u {user or group} -m \\lockedcomputer -r
SeDenyInteractiveLogonRight

Indeed, if you have ntrights.exe around already, you can lock interactive
logon directly.


 
Reply With Quote
 
 
 
Reply

Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Give network access without giving access to the computer itself? Doc_Phoenix Windows Vista Networking 4 1st Jul 2008 12:35 AM
Outlook 2002: Is there a way to give users editor rights to each others' calendars without receiving meeting request invitations for each other? KingCronos Microsoft Outlook 0 29th Jan 2007 05:50 PM
How to give users rights to change IP addr without giving Admin ri =?Utf-8?B?ZG91Z2xhc0tO?= Windows XP Networking 0 21st Sep 2005 02:07 AM
Full rights on DC without giving Domain Admin rights? dude Microsoft Windows 2000 Active Directory 1 3rd Jun 2004 06:27 PM
Giving users rights without admin on server Microsoft Windows 2000 Networking 1 6th Feb 2004 07:23 PM


Features
 

Advertising
 

Newsgroups
 


All times are GMT +1. The time now is 11:06 PM.