Information Technology Reference
In-Depth Information
The Pause option puts the selected printer into pause mode so that documents will
remain in the queue without being printed.
The Resume option releases the printer from pause mode.
The Cancel All Documents option deletes all documents from the queue.
The following options are available in the Document Actions category:
The Pause option selects a document in the right pane. Click the Pause link to hold that
document.
The Resume option selects a document in the right pane. Click the Resume link to
release that document for printing.
The Cancel option selects a document in the right pane. Click the Cancel link to delete
the document from queue.
How It Works
Browser-based printing is a convenient and often underutilized tool for both administrators
and end users. However, in order to use it confidently, attention must be paid to the security
environment.
In the early days of Windows 2000, a vulnerability was discovered that would allow an
attacker to exploit the Internet Printing service and compromise the system (see Microsoft
KB 815021 for details). Although Microsoft released a fix for this vulnerability, many adminis-
trators became concerned about the use of Internet Printing and were reluctant to deploy it.
Windows Server 2003 is much more secure than Windows 2000 “out of the box,” yet it is
not immune to attack, and vulnerabilities are frequently discovered. Therefore, administrators
should take caution when exposing services to the Internet, or even to a trusted environment
in which an insider threat may exist.
In either an intranet or Internet scenario, the administrator must address key issues, such
as the following:
Which users or groups should have rights to Internet Printing?
What level of permissions should users have? Should they be administrators, operators,
or end users?
From where should users be able to access Internet Printing? Should they have access
from all locations or from predefined IP addresses only?
Over which channels should users have access? Should port 80 or an alternate port be
opened on the firewall to allow direct, Internet-based access? Or should users be required
to first establish an encrypted session, such as a virtual private network (VPN)?
