Restricting Printer Access Using Security Permissions in a Windows Domain

Overview

This lab simulates restricting printer access using security permissions on a shared network printer. A shared printer hosted on a Windows Server is configured to deny printing access, and the restriction is verified from a domain-joined client.

Skills Demonstrated
Installing and sharing a virtual printer between server and client
Connecting to a network-shared printer via UNC path
Simulating real-world printing issues by stopping the Print Spooler service
Diagnosing printer offline status from the client system
Restoring printing functionality by restarting Windows Print Spooler
Understanding printer-client-server communication within a domain

Tools Used
Windows Server (Active Directory Domain Services)
Windows 10
Control Panel – Devices and Printers
Printer Properties – Security Tab
Run Dialog
Active Directory Users and Computers (dsa.msc)

1. Environment Setup

Installed a Windows Server VM
Created a local Administrator account
Installed Active Directory Domain Services (AD DS)
Promoted the server to a Domain Controller with the domain name: lab.local

Created a domain user:
- Name: John Doe
- Logon Name: j.doe

On the Windows Server, opened:
Control Panel > Devices and Printers
Added a printer using manual settings with fake IP: 10.0.0.199

Selected generic printer drivers
Named the printer LabPrinter and enabled printer sharing

3. Connect Client to Shared Printer

On the Windows 10 Client, opened Run dialog
Connected to the shared printer using:
\192.168.56.101\LabPrinter

4. Restrict Printer Permissions

On the Windows Server, opened LabPrinter Properties
Navigated to the Security tab
Removed Print permission for Everyone group

5. Attempt to Print from Client

On the John Doe client machine, attempted to print a test page from LabPrinter
Received "Access is Denied" error message
This confirms the permission restriction is working