Windows 2000 and Printing: What were they thinking?
Jean Francois Micouleau
Jean-Francois.Micouleau at dalalu.fr
Sat Apr 28 18:20:38 GMT 2001
On Sat, 28 Apr 2001, Patrick Goetz wrote:
> But in any case, I set up printer drivers on the Samba printer server as
> per the instructions and mounted them on the W2K machine as
> root/administrator as required by W2K. If W2K needs the drivers to be
> installed locally when I do this, shouldn't this have happened
> automatically? Shouldn't permissions on the spool directory be set up by
> default to allow what 99.999% of all users want; I mean don't most people
> want to have access to a printer if such is available? What magical,
> undocumented, un-newsgrouped incantations do I have to perform to get the
> drivers in a state where ordinary users can mount printers?
It used to be that way back when NT4sp3 was the standard. And Microsoft
changed it for security concerns. Remember the printer driver is running
in kernel ring 0 (totally stupid but I disgress), that means it has access
to all the resources, including reformating the hard disk. A malicious
hacker can send an email to plain joe user which contains a small script
and a fake printer driver (thanks outlook for running scripts behind your
back, but I disgress again...).
Even if I agree with you it's plain boring to have the administrator setup
the printers on each workstations, Microsoft have understood it was a
problem. So since w2k you can push the drivers to the workstation from a
central place. It's documented in the KB
as someone else mentioned on this list some days ago.
Private note to Jerry: can you add a link to this KB in the howtos ?
If someone wants to send a pizza (for me) and some cat food (for my cat),
I'm willing to add that "push printer driver" function to rpcclient.
PS: I also accept T-bone steaks instead of pizza.
More information about the samba-ntdom