In an effort to try to remove the ability for users to print directly to an MFP shared printer, relegating the users to use their badge ID for more secure printing while in the office... Currently testing with one printer by removing the 'Everyone' group and adding an 'Allow' group the access to print (for exceptions). SO far that does the trick. And I can print all day with my badge but when I try to print directly it fails immediately, WHICH IS the desired outcome.
My trouble is trying to find ANY log entries on any Log server, be it a DC, or a logging specific server. Or on the copiers themselves. I've scoured the Admin Log in the "Microsoft-PrintServices-Admin" log. I enabled the "Operational" Log as well which had nothing of my attempted print jobs that failed.
I've been looking on some of the Domain Controllers and so far with no luck. Here are the logs I've looked into so far. I just would love to know if anyone has attempted this, and what log (if any) a failed print job would show in, and what event ID it might have?
List of log names I've looked into so far:
Classic Security log,
Microsoft-Windows-SMBServer-Security,
Microsoft-Windows-NTFS/Operational,
Microsoft-PrintServices/Admin,
Microsoft-PrintServices/Operational,
Microsoft-Windows-SMBClient/Security,
Microsoft-Windows-SMBClient/Connection,
Microsoft-Windows-SMBClient/Audit,
Microsoft-Windows-NTLM/Operational.
Thanks a million!
I'd love to use:
Get-WinEvent -ComputerName DC-SERVER -FilterHashtable @{
>> LogName = 'Microsoft-Windows-SMBServer/Security'
>> ID = '551'} -MaxEvents 10 | Format-List
But not knowing the correct logname, or event ID makes it hard.