13.92. How to work with groups

Groups can be used to control access to printers and deploy printers based on users’ and computers’ group membership.

• About groups
• Exclusive access examples
  • Hide print queues from users

• How to enable Azure AD groups
• How to enable Google groups
• How to add groups to a print queue
• How to add print queues to a group
• How to make a workflow available to selected groups

• Groups page
• Group properties
  • Settings, Secure print tab
  • Settings, Printix Go tab
  • Settings, Capture workflows tab
• Group properties, Print queues tab
  • Print queue properties, Groups tab
• Group properties, Users tab
  • User properties, Groups tab
• Group properties, Computers tab
  • Computer properties, Groups tab

About groups

*Printix will only synchronize users/group membership for users that are registered in Printix and for groups once these groups are used within Printix, that is, if users are a member of a group that: A) Is used with Print queues, B) Is used with Secure print, that is (Must print securely groups, Printer later by default groups, or Secure print level groups), C) Is used with Home office, D) Is used with Capture workflows, or E) Is used with Site manager roles.

*Why does a group have no or missing users?

*Nested groups are not supported.

• Azure AD groups
  • Users’ membership of groups is maintained in Microsoft Azure (portal.azure.com)
  • Computers that are registered with Azure AD can have their membership of (device) groups maintained in Microsoft Endpoint Manager admin center (endpoint.microsoft.com) or Microsoft Azure (portal.azure.com). See also: Microsoft documentation on: Add groups to organize users and devices
    • Computer groups are used only in connection with Home office and print queue properties Add print queue automatically and Set as default printer.
  • Groups are synchronized automatically at approximately 20 minute intervals. Only changes are synchronized.
  • Nested groups are not supported.
  • Enable dynamic memberships to manage memberships through the rules you specify.
  • Please refer to the Microsoft Azure AD documentation.

• Google groups
  • Users’ membership of groups is maintained in your Google Admin console (admin.google.com)
  • Groups are synchronized automatically at approximately 20 minute intervals. Only changes are synchronized.
  • Nested groups are not supported.
  • Computer groups are not supported.
  • Please refer to the Google Workspace Administrator Help.

• Print queues
  • Print queue/group membership is maintained in Printix Administrator by adding groups to print queues.
  • A print queue that has Exclusive access checked for one or more groups, can be accessed ONLY by the users in any of those groups.
  • A print queue that does not have Exclusive access checked for any group, can be accessed by all users.
  • Printing to a print queue without access will result in a message like: Print to BNM is not allowed.
  • A print queue that has Add print queue automatically, will be added automatically to the computer, when a user in any of those groups signs in.
  • A print queue that has Set as default printer checked, will become the default printer for the users and computers in the group.
  • A print queue can be Exempt from secure print.

Access to print queues is obviously also subjected to restrictions imposed by networks.

Exclusive access examples

Shows how access to print queues within a network can be controlled for five users, four print queues (ASD, BNM, CVB, and DFG) and three groups (G1, G2 and G3).

• Jane (member of the groups G1 and G2) is allowed to use print queue: ASD, BNM, CVB, and DFG.
• Paul (member of the group G1) is allowed to use print queue: ASD, BNM, and DFG.
• Mary (member of the groups G2 and G3) is allowed to use print queue: ASD, CVB, and DFG.
  If Mary attempts to print to the BNM print queue she will see the message: Print to BNM is not allowed.
• John (member of the group G3) can use print queue: DFG.
• Bob (not a member of any group) can use print queue: DFG.

Hide print queues from users

Printix Client can be configured via useGroupPermissions to set security permissions on print queues. Exclusive access groups on print queues will now limit the security permissions accordingly, and only users being members of the Exclusive access groups will be able to see and print to the restricted print queues. Otherwise all installed print queues is made available to the signed in user.

1. Select Windows logo key + R to open Run.
2. Type: regedit, and select OK.
3. In Registry Editor browse to:
   HKEY_LOCAL_MACHINE\SOFTWARE\
   printix.net\Printix Client\
4. In the Printix Client folder add the DWORD value name useGroupPermissions.
   It can take on these Decimal values (hex value in parenthesis):
   • 0 (0×00000000)
     This is the default. Printix Client will make all installed print queues available to the signed in user.
   • 1 (0×00000001)
     Printix Client will look at the users’ group membership and only make print queues with Exclusive access available to the signed in user. The groups MUST be in both Active Directory and Azure AD.