Kyle T
Premium Member
Registered: 11th Sep 04
Location: Selby, North Yorkshire
User status: Offline
|
Somehow I've got almost 10 years into my career without ever dealing with printers... which is a good thing tbh 
I've now got to face up to it... so far so good.
My plan is as follows:
Deploy 4 Xerox WorkCenter printers in the corporate HQ, sharing them all from a 2012 R2 Print Server so I can AD "integrate" them.
I've done all that fine with my first two printers that arrived, but if I'm on a non-domain joined computer and I search for printers on the network - it finds the printer on its' IP Address directly (ie not via the share) so I can connect to it, download drivers and use it... completely bypassing the print server queue with all my settings on it.
If I go to devices and printers on a domain joined computer, the list only shows the printers that are shared from the server, which is good - but if I go to manually define a printer by manually entering the IP address, it still creates the direct queue.
I'm hoping to prevent anybody from manually connecting to the IP of the printer, and I want everybody forced into using the shared AD queue.
If we get a guest or BYOD type scenario's, I've got a guest WiFi and a guest printer setup on that - which they can connect to directly.
Is this a print server setting, or a Xerox setting, or is it even possible? I'm guessing an ACL on a device somewhere to block anything other than the print servers IP.... but the quick look I've had cant find anything on the WorkCenter GUI.
Lotus Elise 111R
Impreza WRX STi
|
Ian
Site Administrator
Registered: 28th Aug 99
Location: Liverpool
User status: Online
|
Might not be related to your issue but this is how I got round the classroom quotas in my last job - remote desktop to a computer off the domain and set up a direct connection to the printer on IP.
|
Steve
Premium Member
Registered: 30th Mar 02
Location: Worcestershire Drives: Defender
User status: Offline
|
Perhaps set the printers up on a vlan witha dif subnet
|
pow
Premium Member
Registered: 11th Sep 06
Location: Hazlemere, Buckinghamshire
User status: Offline
|
The computer needs to authenticate to the server to be able to see the shared printer instance (\\server, input username and password, there it'll be). Computers on a domain obviously have already autheticated witht he server so no problem there.
Also, separate the printers off to their own VLAN and only allow the server VLAN access to the printer VLAN 
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
All good ideas above, printer may also have security settings to stop this.
|
Kyle T
Premium Member
Registered: 11th Sep 04
Location: Selby, North Yorkshire
User status: Offline
|
Thanks guys, I continued clicking around the web consoles last night.
Three of our devices are big old copier/scanner/multifunction jobbies and the fourth is a wee laserjet type thing.
The web console for the laserjet has got an ACL section, I just need to add the /32 address of the server and voila - it works.
The web console for the MFPs though is much more complex due to all the added functionality, and I can't for the life of me find the equivalent settings.
I'm sure they exist though, so I'll keep hunting.
I'd rather this over doing this at L3 because I don't want to be beaten, but if all else fails...
Lotus Elise 111R
Impreza WRX STi
|
