/build/static/layout/Breadcrumb_cap_w.png

How to install Network Printer as IP Based Local Printer

With the new print vulnerabilities, I am considering moving all the printers back to local printers and manage them via Kace.   Has anyone done this before and have some suggestions on doing this?


0 Comments   [ + ] Show comments

Answers (2)

Posted by: Kiyolaka 2 months ago
Green Belt
0

While doable, this would NOT be fun to manage.


I understand your concern over the vulnerability but this does seem like a bit over a knee jerk reaction, especially if you have Least Privalage Access and network segregation configured in your environment.

Do you have a primary printer manufacturer in your environment? E.G. is everything HP?


At the very least you would want to map the printers by their fully qualified DNS name (Based off serial number) opposed to IP, mapping by IP will generate a lot of nuisance for you if the IP has to be changed for some reason or you replace it with a different system, reuse the IP and some machine still has the old entry there.

Posted by: TopMountainJVG 1 month ago
White Belt
0

Yeah fun is not something I would describe this as.  Necessary is probably more accurate.  Thank you for the DNS suggestion.  

We are also Scripting this via gpo with the replace option so that if we do need to make a change it will replicate out.



Comments:
  • The print nightmare stuff has blown over, but managing printers in this fashion is going to cause you long term headaches, One good example is the recently disclosed print driver vulnerability. This would be 100X easier to remediate if you were centrally managing drivers via a print server opposed to trying to manage driver updates independently on X number of systems and likely play whack a mole with configurations that were unique to a given machine as the settings aren't being handled print server side.

    https://www.cisecurity.org/advisory/a-vulnerability-in-hp-xerox-and-samsung-printer-drivers-could-allow-attackers-to-gain-administrator-rights-on-a-system/

    From a security standpoint, you also open yourself up more if you are providing workstations with direct port access to printers opposed to having that traffic piped through a print server. As the printers have more exposure it would then be "ideal" to regularly monitor and upgrade their firmware when there is a vulnerability (another unpleasant task) - Kiyolaka 1 month ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ