If you’re dealing with a client or company that has roaming laptops, you definitely want a way to have anonymous printing. After all, it’s such a pain to have to authenticate these users or guests. You would think that giving “everyone” permissions full access on both NTFS and the printer share would do the trick. Nope..not true. Even if you go into GPO and enable “everyone” to include anonymous logins, it still won’t work. The only way to get this route to work is to turn on the “guest” account and open a lot of holes during authetication through SAM configuration, etc. Regardless, it’s a mute point….THERE’S A BETTER WAY!!

Welcome to “Internet Printing” through IIS. When installing IIS through Windows Add/Remove, make sure to check the “Internet Printing” box in the IIS sub-menu (right above NNTP and SMTP). This will install a virtual directory in your “default web site” called “printers”.

Here’s the next step and most important. Right click the “printers” virtual directory in IIS and go to properties. The “directory security” tab is where all the magic happens. As you probably guessed, you want to allow “anonymous access”. Now, go to the IP Address and Restrictions. Deny all access except your companies/clients subnet. If you don’t this this step, and you have port 80 forwarding through your firewall, anyone will be able to print and view your printers.

Navigate to: http://servername/printers

You will see your servers printers (assuming you already installed them). You can click on a printer then view it’s properties in the left menu. You will see the path to the printer. Copy this path for when installing a new printer on a laptop.

Next, simple go to the laptop and “add printer”. Then choose the “connect” option and type the http:// path from above.

Viola!

Here’s the corresponding KB article:
http://support.microsoft.com/kb/323428