Contents
In addition to having the printers deployed to the machines, Interaction between the user and the campus PaperCut server through the PaperCut Client is also required to successfully print.
The FollowMe Print Queues are
- WolfPrint-BlackAndWhite
- WolfPrint-Color
Windows
Change to IPP based printing
On the July 2016 Patch Tuesday, Microsoft released a security update, MS16-087, that makes it extremely difficult to deploy connections to Samba-based print queues (which WolfPrint has been using) without admin access to the workstations. The part of the update that affects the use of Samba is a new requirement that drivers downloaded through the Windows Point-and-Print feature are signed or require admin approval to install on the workstation.
The vulnerability is critical enough that we have made some changes to the recommended method for deploying printers to Windows machines. As of August 1, 2016, it is possible to deploy IPP-based print queues to Windows through SCCM instead of using Samba. This bypasses Samba and goes directly to CUPS on our servers. Benefits of this change include:
- Better load balancing on the server side and failover if one of the servers or campus data centers becomes unavailable.
- SSL encrypted connections between client and server.
In most cases, clients already connected to one of the printers through Samba will still be able to print to that printer, but machines that get re-imaged and new print queues added to machines will not work without admin intervention.
Samba-based printing services were discontinued in the WolfPrint environment on May 11, 2017
Enabling IPP Printing in Windows
To enable printing to the WOLFPRINT print servers from Windows, you will need to do one of the following:
- Link the “OITLAB-Unity-Allow IPP Printing” group policy to your OUs.
- Duplicate the settings in your policies.
This policy has the following settings:
Computer Configuration -> Policies -> Administrative Templates -> System -> Internet Communication Manager -> Internet Communication settings -> Turn off printing over HTTP: Disabled
PaperCut Client
The PaperCut Client is available to WolfTech AD Windows machines and installed via SCCM using the “<OU>-SW-PaperCut-PaperCut MF Client-AUTO” software group, where <OU> is your college or department OU name in WolfTech AD.
Deploying FollowMe Print Queues
OIT has made available groups under the “Software Packages\Special Configurations” OU at the NCSU level for deploying each of the FollowMe printers along with the appropriate driver. To add the printers to a machine, add it to one or more of the following groups for each printer that you need to install:
- “<OU>-SC-WolfPrint-Printer WolfPrint_BlackAndWhite-1.0″ for the WolfPrint-BlackAndWhite printer.
- “<OU>-SC-WolfPrint-Printer WolfPrint_Color-1.0″ for the WolfPrint-Color printer
where OU is your college or department OU name in WolfTech AD.
macOS
PaperCut Client
Installation of the PaperCut Client in macOS requires two packages that are in Jamf Pro. The first package installs the client and will change whenever an upgrade to the campus PaperCut server occurs:
The second package configures the client to connect to the PaperCut server used by WolfPrint. The settings package rarely changes but should be re-deployed whenever a newer version of PaperCut is deployed. The priority is also set on this package such that it will install after the client package if deployed in the same policy. Because of this, OIT recommends using the same policy to deploy both the client and settings packages.
Deploying FollowMe Print Queues
The printers are defined in the UNC System Jamf Pro service:
These printers use the Generic Postscript Printer driver, so a separate driver installation is not needed. These printers can be added with a computer policy in Jamf Pro.
Linux
Departments using the shared puppet codebase from the CLS environment can deploy WolfPrint printers and get the PaperCut Client using the profile::printing profile class with the following hiera setting:
--- profile::printing::enable_wolfprint: true