Forum Discussion
Permission Groups for Universal Print break SharePoint Online
Thanks Saurabh_Bansal
We were able to utilize the option of "Allow access to everyone in my organization" when creating printer shares to reduce the number of Security Groups that would be needed. Since not all printers need granular permissions, we were able to sell leadership on this being the default option. The number of printers specifically needing different permissions because of prior complaints or being in sensitive areas where people may complain about stray print jobs, really only numbers in the few hundreds.
To still restrict printing, we were able to utilize licensing to removed the Universal Print feature from our Dynamic Group that manages our licensing so that students are still not able to print, even with the "everyone in my organization" toggled on. We created a new licensing group with just Universal Print enabled for student helpers that will be allowed to print.
Not ideal as having those fine-tuned granular permissions, but at least it allows us to continue with Universal Print without breaking SharePoint, which was the main objective.
Thanks for your help and prompt feedback.
Shaun
Microsofttusdshaun - Thanks for the feedback and we will work on the documentation.
This would happen if you add one person to many printers' access list.
Can you help us understand your configuration a bit more?
- Are your printers available to all users or only a given set of users?
- If to a given set of users, then are they part of a security group?
- Do you add security group to printer's permissions or each user individually?
- If security group - then do you add the same security group to each printer?
We typically recommend using "Allow All" toggle in printer access if printer needs to be availalbe to all the Universal Print enabled users. Is that an option for you?
Thanks
Saurabh
Thanks Saurabh_Bansal
We were able to utilize the option of "Allow access to everyone in my organization" when creating printer shares to reduce the number of Security Groups that would be needed. Since not all printers need granular permissions, we were able to sell leadership on this being the default option. The number of printers specifically needing different permissions because of prior complaints or being in sensitive areas where people may complain about stray print jobs, really only numbers in the few hundreds.
To still restrict printing, we were able to utilize licensing to removed the Universal Print feature from our Dynamic Group that manages our licensing so that students are still not able to print, even with the "everyone in my organization" toggled on. We created a new licensing group with just Universal Print enabled for student helpers that will be allowed to print.
Not ideal as having those fine-tuned granular permissions, but at least it allows us to continue with Universal Print without breaking SharePoint, which was the main objective.
Thanks for your help and prompt feedback.
Shaun
- Are your printers available to all users or only a given set of users?
Sadly, as we are an education institution we cannot utilize the allow all users function. Students are not allowed to print as part of our paperless efforts. - If to a given set of users, then are they part of a security group?
Yes, we added our OrganizationalWidePrintUsers security group to every print share we created which is why users ended up having indirect membership in every single UniversalPrint security group associated with those shares. - Do you add security group to printer's permissions or each user individually?
To the printer's permissions as we created the shares. - If security group - then do you add the same security group to each printer?
Yes, we did not want to micromanage printer permissions for each staff member that transferred between sites or working at multiple sites so we utilized the same security group.
Thanks for the response, it's appreciated.
- Are your printers available to all users or only a given set of users?