Home > Batch Scripting, Citrix, Remote Desktop Services (RDS), Server Based Computing, XenApp > How to hide a local printer on a Terminal / XenApp Server

How to hide a local printer on a Terminal / XenApp Server

We had a problem recently with the adobe professional suite installing a local printer on the XenApp server, this was great for users licensed to use Adobe Professional, but for users that weren’t it gave them a possibility to infringe the licensing simply by printing to this printer.

To limit the printer, you simply need to assign custom permissions to the printer. Allowing members of a group the ability to print to it (i.e. adobe professional users) and restricting everyone else. This works brilliantly as if the user has no permissions to the printer the user cant even see it!

This can be done manually if you wish, but you can also script it using SetAcl.exe. Below is an example of how to remove the permissions from a local printer:

setacl.exe -on “adobe pdf” -ot prn -actn clear -clr dacl,sacl

The following will grant the “local administrators” group full control of the printer for troubleshooting:

setacl.exe -on “adobe pdf” -ot prn -actn ace -ace “n:administrators;p:full”‘

And the following will grant the domain group “apps acrobat writer” the ability to view and print to the printer

setacl.exe -on “adobe pdf” -ot prn -actn ace -ace “n:domain\Apps Acrobat Writer 9;p:print”

 The whole lot together is below in Enteo scripting format:

Execute(‘.\extern$\setacl.exe -on “adobe pdf” -ot prn -actn clear -clr dacl,sacl’)/?
Execute(‘.\extern$\setacl.exe -on “adobe pdf” -ot prn -actn ace -ace “n:administrators;p:full”‘)/?
Execute(‘.\extern$\setacl.exe -on “adobe pdf” -ot prn -actn ace -ace “n:Domain\GroupName;p:print”‘)/?

  1. February 24, 2012 at 2:30 pm

    Just what I need, thanks!

  2. Dominik Britz
    February 26, 2013 at 1:03 pm

    Is this only for Systems < Windows 7? Does not work for me with Windows 7. Users cannot access printer but it is shown

    • Dominik Britz
      February 26, 2013 at 2:17 pm

      Confirmed: On XP the printer is not shown to user if user has no rights. On 7 the printer is shown

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: