Posted on 02-21-2018 10:29 AM
I work in a school district where we have given teachers MacBooks. We have restricted the teachers from adding printers because we would really like to cut down on the insane amount of printing that they were doing. Before we had done this, a lot of the teachers had brought their own personal computers and added our IP base network printers. So we were thinking that they would do the same with their new district issued MacBooks and blocked the addition of printers behind admin credentials.
We have given them the option to all print to the district's Xerox machines and that's it. However, a lot of these users would like to add their own personal printers. I was wondering if there was a way to allow the users to add their own personal home printers while still restricting them from adding a IP based network printer?
I've seen some scripts that would add the user to a specific group that would allow them to add printers, but I am nervous that this would allow them to start adding printers here within the district?
Any help would be appreciated!
Posted on 02-21-2018 10:38 AM
Adding the users to the lpadmin group should do the trick.
Posted on 02-21-2018 11:35 AM
I was reading about the lpadmin group, but could use some clarification.
This would allow them to add a printer from home but not allow them to enter ip addresses for network printers? Is there more to it than that?
Also, I appreciate the response!
Posted on 02-21-2018 01:51 PM
Posted on 02-21-2018 05:23 PM
I'm not sure you can limit the user to adding printers without IP. Most home/personal use printers are Wi-Fi based and the easiest way to set those up is via IP.
On another note, this is what we use in house...
#!/bin/bash # Allow staff to add printers and manage print queue without administrative rights /usr/sbin/dseditgroup -o edit -a everyone -t group lpadmin exit 0
Posted on 04-14-2022 02:36 PM
This worked great for me, Thanks
Posted on 02-22-2018 02:56 AM
We use -
#!/bin/bash # Workaround as shown in https://www.jamf.com/jamf-nation/discussions/19050/add-wifi-networks-without-admin-privileges # Allows non-admin users to add printers and manage their WiFi configuration. #For WiFi /usr/bin/security authorizationdb write system.preferences.network allow /usr/bin/security authorizationdb write system.services.systemconfiguration.network allow #For printing /usr/bin/security authorizationdb write system.preferences.printing allow /usr/bin/security authorizationdb write system.print.operator allow /usr/sbin/dseditgroup -o edit -n /Local/Default -a everyone -t group lpadmin /usr/sbin/dseditgroup -o edit -n /Local/Default -a everyone -t group _lpadmin exit 0;
Posted on 04-14-2022 12:54 PM
Posted on 03-22-2023 02:25 PM
All the suggestions don't work on Ventura, and probably Monterey and Big Sur.
I'm running MacOS Ventura and Jamf 10.45.1, and there is a solution.
In Jamf Configuration Policies, under Printing, click Allow user to modify printer list, AND Allow printers that connect directly to the user's computer.
After checking those two boxes and making sure the affected computers have picked up the new profiles, the standard and mobile users are now able to add printers.