0

I want to be able to give a group of people permission to delete all the jobs in a print queue (specifically teachers deleting pupils print jobs)

Up until now we've just made them members of the "print operators" group, but that is not ideal and it causes problems due to the whole AdminSDHolder protected groups issue: http://support.microsoft.com/kb/318180

I've gone to AD and started the delegate control wizard there but can't see a manage documents part - only add/remove printer objects.

Anyone know how to do this? Thanks Kieran.

Kieran Walsh
  • 908
  • 7
  • 14
  • 31

1 Answers1

2

You need to set "manage documents" permissions on the printers. That can be automated easily with SetACL like this:

SetACL.exe -on "\\server1\HP LaserJet 4050" -ot prn -actn ace -ace "n:domain1\HelpDesk;p:man_docs"

Example taken from here.

Helge Klein
  • 2,031
  • 1
  • 15
  • 22
  • Thanks, nice script, but I'd like some way to do this globally if possible - we've got about 60 printers and also when a new printer gets added then someone has to remember to run the script permissions. Did you use this script because you think there is no way to globally delegate the permissions for a group? – Kieran Walsh Aug 31 '11 at 10:37
  • There is no way to do that globally. You need to automate this on your own. That is what large corporations do, too. – Helge Klein Aug 31 '11 at 10:38