# Deny Group of Users Printing



## karl_009 (Oct 9, 2007)

Hi

We have a group of users that will be logging on to a Terminal Server; this group should not be able to print.

I have not been able to find anything in the group policy to stop printing, how ever I have done one thing which should work but doesnt.

I have made a Security Group in the AD added theses users to that group, gone to the print server and to that printer and sent the print to deny but the printer still prints the documents, when I set the Everyone Group to deny and the printer stops...

From what I understand the deny permission takes over any of the allow permissions.

Any ideas whats going on or what I could do?

Thanks


----------



## Squashman (Apr 4, 2003)

Can't you just deny access to the printers themselves.
http://www.windowsnetworking.com/ar...-Printer-Usage-Windows-Server-2003-Part2.html


----------



## karl_009 (Oct 9, 2007)

It doesn&#8217;t work.

The reason being the user is logged on to two separate accounts.

The local one on there machine is there main account, then we have a portal that holds company images which are plans ect this is the account which they access via the TS it is a restricted account users can browse only the areas that contains these images, but now printing of these is being stopped.

But users still use the TS server for some specialist software so all printing cant be stopped only printing from this group / user.

But with the method suggested above say the local machine is logged on as 'Karl' and the TS user is logged on as 'plans' you set the printer to deny user 'plans' well it wont work cause of the TS redirection you would have to deny the user 'Karl' which is the local user account, this would stop the local machine from printing normal documents.


----------



## jmwills (Sep 28, 2005)

We use the Group "Authenicated Users" as access to all printers. You can use or create in AD that will contain those users you wish to deny access. On the permissions tab, use Deny and that will override the access granted by Authenticated users.


----------



## karl_009 (Oct 9, 2007)

This is what I have done with regards to what jmwills has said:

Added 'Authenticated Users' removed 'Everyone'

Set permissions for 'AU' to Print

Added the group 'Plans - Read Only' 

Set permissions for 'P - RO' to Deny

How ever it still allowed the user 'plans' to print them.

Did I do something wrong?


----------



## jmwills (Sep 28, 2005)

Users would have to log off and them back on for Kerberos permissions to be changed.


----------



## karl_009 (Oct 9, 2007)

I have logged off the TS Server and then logged back on but it still allows the logged on user to print.


----------

