Network Printing

Auditing Printing Events

Auditing is a means of tracking a printer's usage. It's possible to specify which groups or users and which actions to audit for a particular printer, as well as audit both successful and failed actions. Windows 2000 stores the data that is generated from auditing a file, which can be viewed and published in various formats using Event Viewer.

To change audit entries, you use the Audit Entry for printer_name page of the Printer Properties dialog box (Figure 4.16).

Enlarge figure

Figure 4.16 Example of an Audit Entry Page

To add, remove, view, or edit audit entries for a printer

In the Properties dialog box for the printer, click the Security tab, and then click Advanced.
Click the Auditing tab.
If the tab is not visible, this means you do not have administrator permissions (Manage Printers, Manage Documents) for the server and you cannot continue.
Use the Add and Remove buttons to specify user names and/or groups to be audited, or the View/Edit button to change settings.
The Add and View/Edit buttons take you to the Audit Entry for printer_name page as shown in Figure 4.16.
On the Audit Entry page, under Apply onto, specify whether the auditing should be done by printer, by document, or both.
Under Access, select check boxes as appropriate to tailor the auditing for the users or groups appearing in the Name box:
- Successful means "Audit all successful attempts to perform this action."
- Failed means "Audit all failed attempts to perform this action."
- Print, Manage Printers, and Manage Documents are the printing permissions. Read Permissions, Change Permissions, and Take Ownership are permissions to control permissions. Table 4.4 shows the associated events that are audited by selecting each permission.
To configure another user or group for auditing, click Choose Account.
When finished, click OK to save all your settings.

Note

Most printers should not be audited: the Event Log service would fill up with useless information. It is best to limit auditing to select, high-security printers.

Table 4.4 Audit Events Matrix for Printers

	Permission Selected for Auditing
Event	Print	Manage Documents	Manage Printers	Read Permissions	Change Permissions	Take Ownership
Printing documents	Audited	Not audited	Not audited	Not audited	Not audited	Not audited
Changing document printing preferences	Audited	Not audited	Not audited	Not audited	Not audited	Not audited
Changing document job properties	Not audited	Audited	Not audited	Not audited	Not audited	Not audited
Pausing, restarting, moving, and deleting documents	Not audited	Audited	Not audited	Not audited	Not audited	Not audited
Changing document printing defaults	Not audited	Audited	Audited	Not audited	Not audited	Not audited
Creating a printer share	Not audited	Not audited	Audited	Not audited	Not audited	Not audited
Changing printer properties	Not audited	Not audited	Audited	Not audited	Not audited	Not audited
Deleting a printer	Not audited	Not audited	Audited	Not audited	Not audited	Not audited
Reading printer permissions	Not audited	Not audited	Not audited	Audited	Not audited	Not audited
Changing printer permissions	Not audited	Not audited	Not audited	Not audited	Audited	Not audited
Taking ownership	Not audited	Not audited	Not audited	Not audited	Not audited	Audited

Important

For this procedure to work, the Audit Object Access option in Group Policy must be set to audit successful attempts, failed attempts, or both. To access this option, click Computer Configuration, Windows Settings, Security Settings, Local Policies, and then click Audit Policy.