Print Server for non-Domain users

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi guys,

I've set up my server1 as a print server, to serve my USB printer. The printer is running ok on the server itself, but i have a question.

The server is root DC, but there are actually currently no machines in the flat running as attached to the domain (i havent created a child domain yet so i dont want to add the machines/users to the root domain). Is there a way i can set the server shares up so that these non-domain machines and their local accounts can access the printers on the server?

I tried setting the print$ share to have anonymous logon with read access but trying to access it or just plain \\server1 comes up with a login prompt.

Thanks
Fergal

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Fergal,

A domain by default has a certain amount of security "out of the tin", so to speak!

If you connect the desktop machine and join the domain, once that computer has an account within ADUC you should be able to browse the database (from My network places) and print unless you configure it not to.

Si

 

Fergal,

A domain is a security boundary. It is designed to allow authorized users access to system resources including network shared folders and printers. Therefore it is also designed to DISallow UNauthorized users access to network resources, such as printers. In your case, non-domain users are being treated the same as UNauthorized users.

 

so.. if i join the pc to the domain but keep with the local accounts (for now) it would allow access to the printer server, provided i set anonymous logons to have access? or would i still need to set up user accounts?

 

Fergal,

I have a computer account that has been created within ADUC. I can log on to the XP machine using the local administrator account and password and search through Active Directory (from My network places), find the printer and print to it. I haven't modified the domain in any way yet, so it should work for you too.

Hope this helps.

Si

 

ah right. cool. thanks for the info. Im not overly keen on adding the computers to the root domain, but until i can set up another server to create the child domain on it will have to suffice. i might just create the user accounts on the system too, that way it reduces the need to remember to change two sets of passwords - then drop them down to the child domain when i create it.

 

Fergal,

Any particular reason for not wanting to add anything to the root?

Si

 

Fergal,

You would need to create DOMAIN user accounts, a computer account for the client computer, then give permissions to use the printer to the DOMAIN user accounts.

 

you can do this, and it would work for accessing a domain resource from a non-domain pc, but i dont think it would work for printing

 

This is correct - a non domain member can print to a domain based printer, provided that there is a user account set up with the correct privilages. For example the administrator for the DC could log into a non domain PC as administrator and as long as the passwords match bingo.

What r h lee said is true, a domain is a security boundry and you therefore wouldn't expect this to work, but it does, i have done it many times when i don't want to join a PC to my domain. Go figure

 

And of course the same deal applies for web access.

Note that domain to workgroup access offers better functionality than workgroup to domain access because of the domain security boundary.