Jamf Nation Community

Matt · ‎10-18-2011

I can't get this to work (included in the resource kit.) Does anyone have a script out there that Unlocks the Printer Pane for Non-Admin users?

--
Matt Lee, CCA/ACA/ACMT/ACPT/ACDT
Senior IT Analyst / Desktop Architecture Team / Apple S.M.E / JAMF Casper Administrator
Fox Networks Group

tlarkin · ‎10-18-2011

I add users to the _lpadmin group so they can add printers from the add printer dialog when printing from any application. It should also allow them to clear queues as well.

Is there a specific reason you need to grant them access to the full pane?

-Tom

Report Inappropriate Content · ‎10-18-2011

Crazy! I just did this today…

I just had set a policy to run this…

/usr/sbin/dseditgroup -o edit -n /Local/Default -u ladmin -P urpasswd -a everyone -t group lpadmin

Matt · ‎10-18-2011

Its a company policy to have printers available to non admin users.

tlarkin · ‎10-18-2011

You can give them access to install, add, and manage their own pritners by just adding them to the lpadmin group

for example, here is my self service script that allows users to add them self to the group if they wish to add a printer:

#!/bin/bash

# this is to be used via self service of the Casper Suite # grab current user

CurrentUser=/bin/ls -l /dev/console | /bin/awk '{ print $3}'

# add user to _lpadmin group

/usr/bin/dscl . append /Groups/_lpadmin GroupMembership $CurrentUser

/bin/echo "Added $CurrentUser to the _lpadmin group, exiting script..."

exit 0

Matt · ‎10-18-2011

Thats awesome Thomas! I am sure I can run this as a run once login per user right?

On Oct 18, 2011, at 2:03 PM, Thomas Larkin wrote:

You can give them access to install, add, and manage their own pritners by just adding them to the lpadmin group

for example, here is my self service script that allows users to add them self to the group if they wish to add a printer:

#!/bin/bash

# this is to be used via self service of the Casper Suite
# grab current user

CurrentUser=/bin/ls -l /dev/console | /bin/awk '{ print $3}'

# add user to _lpadmin group

/usr/bin/dscl . append /Groups/_lpadmin GroupMembership $CurrentUser

/bin/echo "Added $CurrentUser to the _lpadmin group, exiting script..."

exit 0

tlarkin · ‎10-18-2011

yeah sure but if Casper runs it, just get rid of that detect user stuff and use the built in variable of $3 to show the current user since Casper does that at log in

Matt · ‎10-18-2011

/usr/bin/dscl . append /Groups/_lpadmin GroupMembership $3
/bin/echo "Added $CurrentUser to the _lpadmin group, exiting script..."

exit 0

Is that what you mean?

On Oct 18, 2011, at 2:11 PM, Thomas Larkin wrote:

yeah sure but if Casper runs it, just get rid of that detect user stuff and use the built in variable of $3 to show the current user since Casper does that at log in

lisacherie · ‎10-18-2011

Try this (you may need to undo changes that have been made to /etc/authorization or other changes first):

com.apple.mcxprinting

RequireAdminToAddPrinters boolean false

Lisa Davies
ICT Client Services Manager
Saint Ignatius' College, Riverview
Phone: 02 9882 8413
Mobile: 0417 005 735

On 19/10/2011, at 8:14 AM, Matthew Lee wrote:

/usr/bin/dscl . append /Groups/_lpadmin GroupMembership $3
/bin/echo "Added $CurrentUser to the _lpadmin group, exiting script..."

exit 0

Is that what you mean?

On Oct 18, 2011, at 2:11 PM, Thomas Larkin wrote:

yeah sure but if Casper runs it, just get rid of that detect user stuff and use the built in variable of $3 to show the current user since Casper does that at log in

tlarkin · ‎10-19-2011

Whenever Casper runs a script at log in, the frame work sets some parameters

$1 = boot volume name $2 = computer name $3 = current logged in user

http://www.jamfsoftware.com/kb/article.php?id=040

So, really all you need to do is a one liner

dscl . append /Groups/_lpadmin GroupMembership $3

that is it, but only if you run it as a log in policy

Jamf Nation Community

Unlock Printer Pane Script