MMAgeek
Enthusiast
Enthusiast

Disabling printer redirection for remote users only

Jump to solution

Hi we have a client requirement that when users connect to the View 5.2 platform internally (over PCoIP) they are able to get both printers mapped with location based printing GPO and any locally attached usb printers. However when a user works from outside the LAN the requirement is to disable all printer redirection - they do not want sensitive documents being printed from outside the office.

What is the best way to achieve this?

0 Kudos
1 Solution

Accepted Solutions
MMAgeek
Enthusiast
Enthusiast

In case anyone is interested i managed to resolve this by using a vbs script run using the RunOnConnect option from the View agent GPO. It queries the volatile environmental variables for the name of the external access view connection servers. and if it matches it then checks group membership. If not a member of the remote-printing-allowed group it disables the thinprint services.

strComputer = "."

Set objNetwork = WScript.CreateObject("Wscript.Network")

Set objSysInfo = CreateObject("ADSystemInfo" )

strUserDN = objSysInfo.userName

Set objUser = GetObject("LDAP://" & strUserDN)

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

Set objShell = CreateObject("WScript.Shell")

'--------------------------------------------------------

' IsMember Function

'--------------------------------------------------------

Function IsMember(strGroup)

' Function to test one user for group membership.

' objUser is the user object with global scope.

' strGroup is the NT Name of the group to test.

' objGroupList is a dictionary object with global scope.

' Returns True if the user is a member of the group.

Dim objGroup

If IsEmpty(objGroupList) Then

   Set objGroupList = CreateObject("Scripting.Dictionary" )

   objGroupList.CompareMode = vbTextCompare

   For Each objGroup In objUser.Groups

      objGroupList(objGroup.sAMAccountName) = True

   Next

End If

IsMember = objGroupList.Exists(strGroup)

End Function

'--------------------------------------------------------

' Check to see if client logged into external View Connection Servers

' Disable printing if not member of AD Group remote-printing-allowed

'--------------------------------------------------------

If objShell.ExpandEnvironmentStrings("%ViewClient_Broker_DNS_Name%") = "GR1VCSV01.domain.net" _

Or objShell.ExpandEnvironmentStrings("%ViewClient_Broker_DNS_Name%") = "GR1VCSV02.domain.net" _

Then

If IsMember("remote-printing-allowed") Then

   echo "Virtual Printing Enabled"

Else

Set colServiceList = objWMIService.ExecQuery _

    ("Select * from Win32_Service where Name = 'TPAutoConnSvc' OR Name = 'TPVCGateway'")

For Each objService in colServiceList

    If objService.State = "Running" Then

        objService.StopService()

        Wscript.Sleep 5000

    End If

    errReturnCode = objService.ChangeStartMode("Disabled")  

end if

end If

View solution in original post

0 Kudos
3 Replies
memaad
Commander
Commander

Hi,

Refer this http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=200362...

Regards

Mohammed

Mohammed Emaad |VCP 3, 4,5 |VCP -NV 6 | VCP-DT 51 | vCAP4-DCA | VCAP5DCA | | Mark it as helpful or correct if my suggestion is useful.
0 Kudos
MMAgeek
Enthusiast
Enthusiast

Thanks, but that won't solve the problem - some users will use the same laptop to access the environment from both inside and outside the LAN, so we cannot ask them to change registry keys or stop services once they are working remotely. Other users will use their home PCs but again we cannot ask them to stop services or edit registry keys - they will just change it back if they want to print something.

0 Kudos
MMAgeek
Enthusiast
Enthusiast

In case anyone is interested i managed to resolve this by using a vbs script run using the RunOnConnect option from the View agent GPO. It queries the volatile environmental variables for the name of the external access view connection servers. and if it matches it then checks group membership. If not a member of the remote-printing-allowed group it disables the thinprint services.

strComputer = "."

Set objNetwork = WScript.CreateObject("Wscript.Network")

Set objSysInfo = CreateObject("ADSystemInfo" )

strUserDN = objSysInfo.userName

Set objUser = GetObject("LDAP://" & strUserDN)

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

Set objShell = CreateObject("WScript.Shell")

'--------------------------------------------------------

' IsMember Function

'--------------------------------------------------------

Function IsMember(strGroup)

' Function to test one user for group membership.

' objUser is the user object with global scope.

' strGroup is the NT Name of the group to test.

' objGroupList is a dictionary object with global scope.

' Returns True if the user is a member of the group.

Dim objGroup

If IsEmpty(objGroupList) Then

   Set objGroupList = CreateObject("Scripting.Dictionary" )

   objGroupList.CompareMode = vbTextCompare

   For Each objGroup In objUser.Groups

      objGroupList(objGroup.sAMAccountName) = True

   Next

End If

IsMember = objGroupList.Exists(strGroup)

End Function

'--------------------------------------------------------

' Check to see if client logged into external View Connection Servers

' Disable printing if not member of AD Group remote-printing-allowed

'--------------------------------------------------------

If objShell.ExpandEnvironmentStrings("%ViewClient_Broker_DNS_Name%") = "GR1VCSV01.domain.net" _

Or objShell.ExpandEnvironmentStrings("%ViewClient_Broker_DNS_Name%") = "GR1VCSV02.domain.net" _

Then

If IsMember("remote-printing-allowed") Then

   echo "Virtual Printing Enabled"

Else

Set colServiceList = objWMIService.ExecQuery _

    ("Select * from Win32_Service where Name = 'TPAutoConnSvc' OR Name = 'TPVCGateway'")

For Each objService in colServiceList

    If objService.State = "Running" Then

        objService.StopService()

        Wscript.Sleep 5000

    End If

    errReturnCode = objService.ChangeStartMode("Disabled")  

end if

end If

View solution in original post

0 Kudos