Enabling and Securing Internet Printing

Internet Printing Protocol (IPP) is defined in the Internet engineering task force (IETF) request for comment (RFC) 2910. IPP is a useful tool that can simplify the publishing and management of printers within an enterprise. You can use this tool to expose printer shares to both their intranet Remote Procedure Call (RPC) and Internet (HTTP) users.

RPC offers more features and is the preferred method of connecting to printers in an intranet environment. If the user's Internet Explorer security is set Medium to High he will connect via HTTP. For the user to acquire a True-connect like a UNC share over RPC, his Internet Explorer security settings must be set to medium-low. Microsoft is focusing on more features on the RPC capabilities over the HTTP IPP feature set.

Standard Windows Server 2003 print server shares can be exposed via IPP through the use of a simple URL such as http://< servername >/printers . This enables users to connect and automatically configure printers and administrators to view and manage print queues from a single Web page per IPP-enabled print server.

Installing and Configuring Internet Printing Protocol (IPP)

On a Windows Server 2003 with IIS 6.0, Internet Printing and Active Server Pages (required for Web-based printer management) are not installed by default. To install these required services you must perform the following steps:

1. Go to Control Panel, choose Add/Remove Programs, and then Add Remove Windows Components.

2. Open Application Server, Internet Information Services (IIS) and then select Internet Printing, as shown in Figure 19.3.

   Figure 19.3. Installing Internet Printing Service.

   

3. Finally, go to World Wide Web Service, select Active Server Pages, and then select OK.

With HTTP, the print server generates a .cab file that contains the required .inf and installation files and sends the .cab file to the client. On the client computer, the .cab file starts the Add Printer Wizard to complete the installation. A progress bar is displayed in the browser while the printer drivers are being installed.

Securing Internet Printing

You must pay special attention to printers that you've shared to intranet and Internet users. Removing the Everyone group and allowing only authenticated domain users or defined security groups print access is a best practice. The security on the printer is set at the share level as follows :

1. Click on Start and then click Printers and Faxes.

2. Right-click on the desired printer and select Sharing.

3. On the Security tab, select the Everyone group and click the Remove button.

4. To select groups with Print, Manage Printers, Manage Documents, or Special Permissions access, click on the Add button and choose the appropriate Active Directory security groups. Then select the Desired Level of Access check box under the Allow column.