Blog: printing

We normally recommend a customer password protect the management interfaces of their networked printers.  In general, it seems a wise thing to not allow just anyone who is so inclined to changed printer configurations.

However, we have also shown it to be simple to redirect printer output if you change a printer's IP address.  We turned one printer off (Printer #1) and then changed the IP address of Printer #2 to be that of Printer #1.  A print job sent to Printer #1 now prints on Printer #2.

It's not a difficult thing to get the IP address of a printer especially if you have physical access to the printer. Thus, even if for only a while until someone determines an IP address change was the culprit, it would be possible for someone to intercept potentially sensitive documents if they had the ability to change printer IP addresses.

Using port security or sticky MAC addresses on switches would also help with this security issue by preventing anyone from attaching their own printer to the network when the management interfaces of you printers are password protected.


 

I had come across a user that was unable to print to their local printer.  The printer was situated underneath the desk in a dark corner so it wasn’t very visible.  I decided to check the USB cable first to make sure it was connected.  Unplugging it and plugging it back in showed the USB connected message in the system tray.

As I pulled the printer out a little further, I saw that it had a LCD panel that said “Select your language”.  I hit OK to select English, then selected the Country.  After the selections were confirmed, all of the jobs in the print queue started printing.

The user had replaced the toner cartridge recently, so that could have been when the prompt started.  If you're working on a printer problem in the future it's probably worth asking the user if it has an LCD screen and to check that it is not waiting on some kind of response.


 

After installing Windows updates a customer’s HP 6000 Desktop, running Windows 7, would not POST (Power On Self Test). After powering on it would display a HP logo and go no further. I had access to another identical system so I switched the memory, then hard drive and got the same problem both times. I decided to just put the other system in place of that original one. I connected all the cable and got the same problem on the second desktop. At that point I unplugged all but the display and power, since I have seen keyboards cause this type of problem, this time it booted without hanging. I reconnected the mouse and keyboard and it booted fine. I then reconnected the USB printer and it would not POST. I put the original system back in place, without the USB printer connected and it worked fine.

The HP 3005 printer that was connected was bought refurbished and apparently had started affecting the boot process. The decision was made to replace the defective printer so it was retired.


 

The growth of the cloud is ever expanding and people are creating new services allowing you to connect to your data and resources from essentially anywhere in the world. The latest addition to cloud services is Google Cloud Print (http://www.google.com/chrome/intl/en/p/cloudprint.html) and I've been playing around with it at home. This beta service allows you to print to your printer from any computer or smart phone, regardless of your location.

The main requirement is Chrome version 9.0.597.1 (or greater) on the computer connected to your printer.  Once installed, enable the Google Cloud Print connector in Google Chrome. When you enable that setting your printers are “shared” with your Google account and available for use.

Currently only available for your mobile browser and for Google Docs or Gmail, to use this service, simple expand the menu and click Print on a message or click the “Print” link that appears next to the attachments. Here is what it looks like from a mobile browser: [more]

A window will appear letting you know what printers are available.

Simply select one and your document will be submitted for printing!


 

I recently worked on a problem where a user had a PC with a network printer added utilizing HP’s Univeral Print Driver. The user RDP’s to a Terminal Server and this “local” network printer is redirected through to their Terminal Server Session. When the user attempted to print to the redirected network printer, they received the following error message:

"The selected printer 'HP Universal Printing PCL6' is not a supported HP device"

Printing from the PC to the network printer as well as printing from the TS directly to the network printer worked. [more]

Knowing that the UPD utilizes bidirectional communication when printing, it is my best guess that this was not working via the TS port that was created when the redirected network printer was auto-generated at login. This behavior does not occur with all model printers.

I enabled and configured SNMP with an established SNMP community name on both the network printer port on the print server as well as through the Web Interface on the network printer. Once that was done, printing via the redirected network printer worked.


 

One of our Lubbock IT support clients uses both the PS and PCL6 versions of the Xerox Global Print Driver (GPD) in a Windows 2008-x86 clustered print server environment.

To fix an issue that we were having with v5.173 of the GPD, Xerox suggested we upgraded to the current 5.185 version of the driver.

I successfully upgraded the PS language of the v5.185 driver on both print servers without any problems.

The problem appeared after I upgraded the PCL6 driver. I downloaded and installed the PCL6 driver to both print servers. Both servers showed that the update was installed successfully; however, the version of the driver within print management still showed to be v5.173. When I pulled up the printer that was using the driver, the version showed to be the updated version (5.185). When print jobs were sent to printers using the updated PCL6 version of this driver, the print spooler would crash and fail over. This occurred on both print servers. [more]

I was unable to uninstall the driver at this time, because over 40 printers were pointed to this driver. I then modified each printer to use the PS version of the driver. After doing so, I then removed the driver package from the print server through print management. I successfully removed the driver and the package from one print server. On the second print server, I received the following error upon removal: “Failed to remove driver package x2univx.inf. Driver package in use.” The driver itself was no longer listed in the print management window.

I then reinstalled v5.185 of the global print driver on both servers. Printing was successful on the print server on which the driver was removed successfully. However, the print spooler continued to crash on the server which had the error on driver removal. I attempted to remove the driver again, but received the same error. Restarting the print spooler as well as the server after an install but before the removal did not alleviate the issue. At this point, I called Xerox. Unfamiliar with the issue, they suggested I remove some files manually from the print virtual quorum. I completed this process, but the error still occurred upon driver removal.

Finally, I reinstalled v5.173 of the global print driver. After a successful installation, I then attempted to remove the driver.  The driver package was removed successfully and installed the new version of the driver (v5.185). I modified some of the printers to use this new driver and printing was successful.


 

A customer that had been printing duplex documents to a HP LaserJet 8150 had to send the printer off for repairs.  When they got it back and reconnected it to the network, they were unable to print duplex.  Printing test pages from the printer’s console came out duplexed and the settings on the display showed that duplexing was enabled. 

When I went to look at the printer properties on the printer server, I found a setting under the Device Settings tab for Duplex Unit.  It was set to Not Installed.  As soon as I changed it to Installed, users were able to print on both sides of the page.  I’m not sure what caused the printer to lose this functionality while it was being repaired, but this was the solution. [more]


 

Not all Xerox printer models are fully supported by the Global Print driver. In some cases, even newer models are not yet supported by the current version of the GPD. In this case, the driver switches to Basic Printing Mode, which disables several of the functionalities of the printer (Accounting, Color Options, etc.)

In a situation as described above, the automatic detection of the printer model can be disabled and the driver can be manually pointed to a fully supported model. Note that it is important to find a model that is close in functionality so that the correct options can be configured. Alternatively, you can select Xerox WorkCentre Device or Xerox Free Flow Device for select Xerox models and have access to more features. [more]

How-to Manually Configure the Xerox Global Print Driver

If you would like to manually select the device to configure the X-GPD and to manually configure the
installable options, do the following steps:

  1. Right-click on the current printer and select Properties.
  2. Select the Configuration tab.
  3. Select the Bi-Directional Setup button.
  4. Select the Off option button.
  5. Select OK.
  6. Select Apply.
  7. Select the Options tab.
  8. Select the new printer in the Configuration field. Select Apply.

 

During recent bank audits, our LANguard scans have been flagging some systems by saying “Administrator account with blank password”.  We would typically look at the systems it flagged, determine they were printers, and not worry about it too much.  After some unsuccessful poking around in LANguard, one of our network engineers and I could not figure out what tests it uses to determine that the admin password is blank.  My coworker recommended attempting to connect a shared drive the next time I see that scan result at a bank.  As usual, my coworker's intuition was right.  The next time LANguard came up with that finding, I was able to connect to share drives (\\printer name\ipc$) on multiple printers using the username “Administrator” and a blank password for authentication. [more]

So far, the only reason I have found that printers are using SMB file sharing is to allow access to any flash memory cards that might be in the printer.  At this point, it doesn’t seem like a big security risk, but there may be a time when printers will need to be setup with a telnet management password, an HTTP management password, and a Windows administrator password.


 

We ran into a problem where the print properties or preferences of a shared printer being accessed on a Microsoft Windows client PC would cause the print driver to be re-vended (downloaded/installed) from the server and an Event ID: 20 entry to be logged in the Event Log. Event ID: 20 indicates that a print driver has been added or updated. Slow client UI response and/or slow server performance was also reported. In some instances, the driver would generate over 100 Event ID: 20 entries in the Event Log. Selection of the printer from an application may freeze up the application and printing to printer was reported to take up to 15-20 minutes.

This issue can occur if the privileges on the print server are set such that users with print access also have manage permissions on the print queue. [more]

My Solution 

Disable queue manage permissions for users. NOTE: In my situation, the user was a domain admin. Removing manage permission for domain admins would prevent further access to the printer. I had to add a separate group to allow management permission before removing administrator permissions.

To change permissions:

  1. From the print server, right-click the printer queue (object) in the Print & Fax window.
  2. Select Properties.
  3. Select the Security tab.
  4. Click the User Group used for printing permissions.
  5. Deselect the check in the box next to Manage Printers under the Allow column.

HP's Solution

Upgrade to UPD version 5.1 or later.