Freely Share Printer in Windows Server 2003

[ICBM]

We have our server running Server 2003. We are sharing our printer, and people are able to print to it, but they have to log into the server first. What I would like to do is remove any password restriction on the shared printer so nobody has to log in to print to it.

When I added the printer to our XP machines it asked for a username and password. This morning when people logged back into their local machines, they were getting print errors. To get it working, they just had to double click on the server in My Network Places, enter their username and password, and then viola, they were able to print to it just fine. I want to remove the hassle of having to do that. If I can provide any more information, please let me know. Thank you very much for any help you can provide.

 

[netsysadmin]

I am guessing you are not running an AD domain?

John

 

[ICBM]

Correct. We just have all of our machines setup in a workgroup. We basically just use the server as a file server. We are trying to run all of our print jobs through it as well. We are a small company and we just felt that running AD would be overkill.

 

[Zap]

Not positive this will help, but something to try...

Go into printer properties on the server, click on the Security tab, add "Everyone" to the list and allow that user to print.

 

[ICBM]

Thanks for the reply. Everyone is already under the security tab with the ability to print.

We had a similar issue with a computer using vista business. Anytime anyone wanted to add or use the shared printer, it would ask for a username and password. Under the Network and Sharing Center in the control panel, there was a specific option to require a password for printing. We turned it off, and now anyone on our network can add or print to that printer without the need for a password. This is what we want to do with the printers on the 2003 server.

 

[RebateMonger]

In Server 2003, "Everyone" essentially means "Authenticated Users".

Did you try the "Anonymous Logon" account?

 

[ICBM]

RebateMonger you have led me to a new area. The local security settings is where I found the option to make everyone include anonymous users. I found that setting, but I found another setting which may work out better for us. I would want to run that by you guys first though. The "Shares that can be accessed anonymously" seems like what we would want to do. What is currently listed under that is "COMCFG , DFS$, CHEYALERT$". Is there anyway I could use this setting and just add the printers I want to share for anonymous access?

 

[ICBM]

Quick update here. I think I have figured this out. I was able to add anonymous login to the individual share. I have yet to verify if this works yet, but I am hopeful. Thanks alot RebateMonger. I should have thought of the Anonymous login.

 

[netsysadmin]

For security reasons I would not do anonymous access to your shares. That will open some very large holes in your server! How do you have your user accounts setup not. Do you have identical user accounts on your servers and workstations? Does each user sign in with there own user login? How many user do you have?

John

 

[RebateMonger]

Originally posted by: ICBM
Quick update here. I think I have figured this out. I was able to add anonymous login to the individual share. I have yet to verify if this works yet, but I am hopeful. Thanks alot RebateMonger. I should have thought of the Anonymous login.

I only intended to suggest you can use "Anonymous Logon" for the Printer Sharing. I wouldn't suggest it for File Shares.

 

[ICBM]

Well I just added the anonymous user to only the printer I was sharing. It still required users to enter their passwords before being able to print.

What I am just going to do is make all user accounts identical on the server, that way when they log in, it should also clear them for whatever shares they are supposed to have access to. It's the way it should be done I suppose, at least in our setup.

The more I have thought about it, I agree with netsysadmin about leaving a security hole. We are running around 12 users total on our network btw. The networking situation is really quite a mess and I am slowly trying to get things organized and as secure as can be.

I appreciate everyone replying and sharing their thoughts.

 

[RebateMonger]

Originally posted by: ICBM
The more I have thought about it, I agree with netsysadmin about leaving a security hole. We are running around 12 users total on our network btw. The networking situation is really quite a mess and I am slowly trying to get things organized and as secure as can be.

Doing this stuff with Active Directory is much easier to manage. Managing Local accounts will drive you crazy, unless you completely abandon any pretense of security. I have several clients with five to ten employees who are all on SBS 2003 with Active Directory and their own mail server.

 

[ICBM]

Hmm, I guess I just always thought it would be more trouble to switch over to Active Directory than just dealing with our current number of users. Definitely food for thought. Thanks.