Archived from groups: microsoft.public.win2000.printing,microsoft.public.win2000.general (
More info?)
"Bruce Sanderson" <bsanders@junk.junk> wrote in
news:#Q5#36DtFHA.1472@TK2MSFTNGP15.phx.gbl:
> Subject: Re: Connecting to a 2000 print server without a username and
> password? From: "Bruce Sanderson" <bsanders@junk.junk>
> Date: Wed, 7 Sep 2005 23:29:49 -0700
> Newsgroups:
> microsoft.public.win2000.printing,microsoft.public.win2000.general
> X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
>
> Granting anonymous access to resources can be problematic and is not
> usually recommended.
>
> See if the information at
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/
> DepKit/2c82586e-bd58-42b7-9976-228a23721e35.mspx or
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/
> ServerHelp/1494bf2c-b596-4785-93bb-bc86f8e548d5.mspx is any use.
>
> If security (access management/control) on the computer sharing the
> printer is not a concern, you could enable the Guest account on that
> computer; this will allow anonymous authentication. Be careful what
> resources (shares, folders etc.) that the Guest account has access to.
> If I recall correctly, on Windows 2000, the Guest account is included
> in the Everyone group.
>
> Another thing you can do that is sometimes useful is to put a command
> like the one below in either a user's Start Menu\Programs\Startup or
> the All User\Start Menu\Programs\Startup folder on the client computer
> or in a logon script.
>
> net use \\servername\ipc$ password /user:username
>
> This will authenticate the Windows session running the command (on the
> client computer) to the specified computer (servername) using the
> username and password specified in the command. Then, the user can
> use a resource (e.g. printer) to which that username has permissions.
> There are a couple of downsides to this approach:
>
> 1. the username and password are in plain text in the command line,
> thus exposing that user account to compromise
> 2. if there are other resources (e.g. file shares) on that server the
> user needs to access with a different user account, that will most
> likely not be possible becuase a given Windows session can only be
> authenticated on the target server with one user account at at time;
> the net use command causes authentication on the target computer, so
> the user can not use a different user account to access a different
> resource on that computer.
>
> --
> Bruce Sanderson MVP Printing
>
http://members.shaw.ca/bsanders
>
Bruce, you are awesome! Thanks so much for writing such a detailed and
clear response. It answers all of my questions.
>
> "L" <lnl@lnl.lnl.lnl.org.invalid> wrote in message
> news:Xns96C3E04D27E31lnllnllnllnlorginval@216.196.97.131...
>> How can I set up security on a Windows 2000 Server print queue so
>> that users logged into local accounts at a workstation, not
>> authenticated to an active directory server, can add a printer
>> without needing to use a username and password? I've tried adding
>> Anonymous Login to the security tab but that didn't seem to work.
>>
>> Thanks.
>
>
>
>