The article describes the System Policies, which restrict the access to the adjustments, forbids deleting or adding new printers to the system.
While elaborating on the security rules for computer system, the part of rules are dedicated to the printer management. The prohibitions against: settings adjustment, addition or new printers installation are included to management of printers in the framework of security rules. The second, what can be emphasised while creating stricter rules - the access to printers must be under proper supervision to avoid undesirable, on the reason of elementary paper and supplying materials economy, or not authorised, on the reason of conducting confidentiality measures.
As far as I revealed, all the illustrated policies for management of printers can be located in both HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER system registry hives and applied to Local Machine or Current User respectively. If the same policy was applied both to HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER, while conflict exists, the policy with Local Machine range has the priority over the policy with the range of Current User.
All the values have numeric DWORD type. The value equals "1" stands for the active state of the policy, its absence or value "0" cancels the restriction introduced by the system policy.
The last, what I would like to give the accent to in the preface is in order to put for sure into the effect the system policy, Windows must be restarted.
Disable Addition of Printers
The numeric value "NoAddPrinter" located in the branch "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" is responsible for this policy. This system policy prohibits from using the applet Printers from the Control Panel to add new printers to the system.
While attempt to install new printer using Printers folder, the message appears explaining that due to restrictions set by system administrator this action is impossible.
Disable Deletion of Printers
DWORD-value "NoDeletePrinter" stores the state of this system policy, which is created in the branch "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". This policy prohibits from deleting of printers from the system. Printer can be deleted by selecting the Delete menu item in short-cut menu of the corresponding printer shown in Printers folder in Control Panel. While attempt to delete printer using Printers folder, the message appears explaining that this is impossible due to restrictions introduced by system administrator.
Hide General and Details Pages
This policy can be applied under Windows 95, 98 and ME.
The value "NoPrinterTabs" stores the state of this policy, which must be located in the same "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" branch as above-mentioned system policies. If this policy is enabled, the General and Details pages are hidden in the printer property dialog box, thus protecting from the changing of specific settings. Since the Details page allows manipulating the system settings, therefore there may be the need to remove the access to it for not experienced users.
The implementation in Activity and Authentication Analyzer
In order to see the state of above-mentioned policies or to manipulate them in Activity and Authentication Analyzer follow in the left navigation pane next way:
Computer Administration then Control Panel, Printers item after this, and find in the right list items corresponding to these policies named:
- Disable Addition of Printers
- Disable Deletion of Printers
- Hide General and Details Pages
No comments:
Post a Comment