- Jamf Nation Community
- Products
- Jamf Pro
- Non Admin Adding Printer
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Non Admin Adding Printer
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-11-2009 02:14 PM
I set up a managed preference for non admin users to add printers. I
scoped it to one computer and rebooted. This machine still has a
padlock and cannot add/remove or pause a printer. Does anyone else do
this via Manage Preferences?
Kathie Iorizzo
Lower School Technician
The Latin School of Chicago
kiorizzo at latinschool.org
312.582.6136
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-11-2009 04:28 PM
It doesn't allow users to add printers from System Preferences, it
will let them add one by selecting add printer from the printer drop
down menu when they are trying to print. I personally could not get
that managed pref to work. I ended up creating a policy that executed
the command dscl . -append /Groups/_lpadmin GroupMembership $3
That will add the user to the lpadmin group and all of my problems
were solved. If anyone can figure out how to get the managed pref to
work, I would love to hear how.
:)
--
Alan Benedict
?
Macintosh Technician
The Integer Group
O: 515-247-2738
C: 515-770-8234
http://www.integer.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-11-2009 04:37 PM
Maybe I am off on this, but isn't every user a member of _lpadmin?
Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry: 913-449-7589
office: 913-627-0351
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-11-2009 05:18 PM
In 10.5.8 it is for sure broke, even for admins from what I can tell so we've even had to add the admin group back into the _lpadmin group!
Craig Ernst
UW-Eau Claire
(715) 836-3639
Sent from my iPhone
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-11-2009 11:05 PM
No tom only admins are added to lpadmin, I just added my AD all users group to lpadmin, I used the caspers managed prefs as well so sorry I can't say which one fixed it, but it works fine for me, the padlock is still in the sys perfs but the + and - are active for any user so u can add and delete printers without unlocking the padlock, u can also pause and resemue print queues and delete jobs
Criss
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-12-2009 04:25 AM
How do you ad them to the group? Are you using OD?
Sent from my iPhone on T-Mobile
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-12-2009 05:43 AM
I had this problem but only with PPC machines. Copy the /etc/authorization file from a working Intel machine to the PPC machines fixed this printing issue for me.
- JD
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-12-2009 05:44 AM
One way to add a user to the lpadmin group is to setup a policy to issue the following command:
dscl . append /Groups/lpadmin GroupMembership username
We've used this to add in a building level tech account besides the system admin account.
Jason Weber
Technology Support Cluster Specialist
Independent School District 196
jason.weber at district196.org
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-12-2009 05:59 AM
To get a non-admin account or a network based Active Directory or Open
Directory account to be able to add a printer without password
authorization, you can also edit /etc/cups/cupsd.conf
Look for the following lines:
# All administration operations require an administrator to
authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class
CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
and comment two of the lines to look like this...
# All administration operations require an administrator to
authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class
CUPS-Delete-Class CUPS-Set-Default>
# AuthType Default
# Require user @SYSTEM
Order deny,allow
</Limit>
Once that is done, reboot the computer. That will allow a user to add a
printer from an application when printer. As in, when they are in
Microsoft Word for example, they navigate to File--> Print, in the print
window they will be able to choose Add Printer and not be prompted for a
password. The Print & Fax PreferencePane is still password protected so no
user (other than an admin) will be able to add a printer from that
location.
I built this in as a part fo my image, but I also created a package and
policy to automatically push it out to machines that were imaged prior to
this fix being put in place.
Steve
--
Steven Diver, Network Manager
Adlai E. Stevenson High School / www.d125.org
Email: sdiver at d125.org / Phone: 847.415.4304
"Be not simply good, be good for something."
-Henry David Thoreau (1817-1862)
