Internet Printing

This section provides information about:

  • The benefits of Internet printing

  • How Internet printing communicates with sites on the Internet

  • How to control Internet printing to prevent the flow of information to and from the Internet

    Important For greater control over the communication between components in Windows XP and sites on the Internet, use Windows XP Professional with Service Pack 2 instead of with Service Pack 1. Windows XP Service Pack 2 provides a number of new Group Policy settings that control communication between components in the operating system and sites on the Internet. For more information, see the Microsoft Web site at:

    https://go.microsoft.com/fwlink/?LinkId=23354

    https://go.microsoft.com/fwlink/?LinkId=29133

On This Page

Benefits and Purposes of Internet printing
Overview: Using Internet Printing in a Managed Environment
How Internet Printing Communicates with Sites on the Internet
Controlling Internet Printing to Prevent the Flow of Information to and from the Internet
Procedures for Disabling Internet Printing
Related Links

Benefits and Purposes of Internet printing

Internet printing makes it possible for client computers running Microsoft Windows XP Professional with Service Pack 1 (SP1) to use printers located anywhere in the world by sending print jobs using Hypertext Transfer Protocol (HTTP).

Additionally, computers running Windows XP can use Microsoft Internet Information Services (IIS) or a Web peer server to create a Web page that provides information about printers and provides the transport for printing over the Internet.

Overview: Using Internet Printing in a Managed Environment

You need to consider both the server and client components of Internet printing:

  • Server: It is possible for a person who logs on as the administrator of a computer running Windows XP to install IIS and then configure that computer to act as a print server, allowing Internet printing. In a managed environment, you may want to prevent users from logging on as administrators so they cannot install IIS. You may also want to disable the Internet printing functionality of IIS, or properly secure IIS and Internet printing so that they are available only to authorized users.

  • Client: Client computers can install an Internet printer using a Web browser, the Add Printer Wizard, or the Run dialog box. In order to prevent Internet printing, you must remove the ability for users to add an Internet printer.

You can find details about how to configure your Windows XP implementation to achieve these goals later in this section.

How Internet Printing Communicates with Sites on the Internet

The Internet printing process is as follows:

  1. A user connects to a print server over the Internet by typing the URL for the print device.

  2. The HTTP request is sent over the Internet to the print server.

  3. The print server requires the client to provide authentication information. This ensures that only authorized users print documents on the print server.

  4. After a user has authorized access to the print server, the server presents status information to the user by using Active Server Pages (ASP), which contain information about currently available printers.

  5. When the user connects to any of the printers on the Internet printing Web page, the Windows XP client first tries to find a driver for the printer locally. If an appropriate driver cannot be found, the print server generates a cabinet file (.cab file, also known as a setup file) that contains the appropriate printer driver files. The print server downloads the .cab file to the client computer. The user on the client computer is prompted for permission to download the .cab file.

  6. After users connect to an Internet printer, they can send documents to the print server by using Internet Printing Protocol (IPP).

Communication for Internet printing uses IPP and HTTP (or HTTPS) over any port that the print server has configured for this service. Because the service is using HTTP or HTTPS, this is typically port 80 or port 443. Because Internet printing does support HTTPS traffic, communication can be encrypted, depending on the user’s Internet browser settings.

Client computers running Windows XP can use Internet printing by default. Users must be authenticated by the print server, however, before they can use any of the printers connected to that server. If you install IIS on Windows XP (which requires being logged on as an administrator), Internet printing is automatically enabled as a feature of IIS. As described earlier, you can disable or restrict computers running Windows XP from hosting Internet printing through a variety of methods. See the following subsections for additional details.

The print server can use IIS and other technologies to collect and log extensive data about the user, the computer that sends the printing request, and the request itself. It is beyond the scope of this white paper to describe Web site operations and the specifics of what type of information can be collected. For more information about IIS and other related resources, see "Internet Information Services in Windows XP with SP1" in this white paper.

Controlling Internet Printing to Prevent the Flow of Information to and from the Internet

Client Computers

To prevent the use of Internet printing from a client computer running Windows XP, you can delete the registry key that the Print Spooler service uses to load the Internet print provider. The procedure for this method is provided in the next subsection.

How Deleting the Internet Print Provider Registry Key Can Affect Users and Applications

Deleting the Internet print provider registry key on a client computer will prevent users of that computer from using Internet printing through the Run dialog box, the Add Printer Wizard, and the browser. Deleting this key, however, may affect other print operations.

As described earlier, a person logged on as an administrator on a computer running Windows XP can install IIS and can then configure that computer to act as a print server, allowing Internet printing from other computers. In order to control this, you can do the following:

  • Prevent users from logging on as administrators, which prevents them from installing IIS (recommended)

  • Use Group Policy to disable Internet printing when IIS is installed

  • Restrict access to the printer to limited user IDs

Procedures for Disabling Internet Printing

Procedures for Disabling Internet Printing on a Client Computer Running Windows XP

To prevent users from using Internet printing on a client computer running Windows XP, delete the Internet print provider registry key as described in the following procedure. This procedure must be performed on every computer running Windows XP in your organization. In order to ensure that these actions are correctly performed on all computers, consider using an automated setup routine or script.

To delete the Internet print provider registry key
  1. Click Start, and then either click Control Panel, or point to Settings and then click Control Panel.

  2. Double-click Administrative Tools, and then double-click Services.

  3. Stop the Print Spooler service.

  4. Use the Microsoft Registry Editor (regedit.exe) to delete the following key from the registry:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
    \Print\Providers\Internet Print Provider

  5. Restart the Print Spooler service.

    Caution Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer. You can also use the Last Known Good Configuration startup option if you encounter problems after manual changes have been applied.

Procedures for disabling Internet printing on a computer running IIS

It is recommended that you prevent users from installing IIS. More details on how to achieve this can be found in "Internet Information Services in Windows XP SP1" in this white paper.

The next best option is to disable Internet printing on the computer that is running IIS. The following procedure describes how to do this through Group Policy.

To disable Internet printing using Group Policy
  1. As needed, see Appendix B, "Learning About Group Policy and Updating Administrative Templates," and then edit an appropriate GPO.

  2. Click Computer Configuration, click Administrative Templates, and then click Printers.

  3. In the details pane, double-click Web-based Printing.

  4. Select Disabled.

For general information about Group Policy, see Appendix B, "Learning About Group Policy and Updating Administrative Templates."

To learn about specific Group Policy settings that can be applied to computers running Windows XP, see the Group Policy Settings Reference on the Microsoft Web site at:

https://go.microsoft.com/fwlink/?LinkId=29911

Note The Group Policy Settings Reference includes information about settings for Windows XP with SP1 as well as settings for other Windows operating systems, such as Windows XP with SP2. You can choose the operating system for which you want to view information about settings.

For more information about the use of IIS in a controlled environment, see "Internet Information Services in Windows XP with SP1" in this white paper.

For more information about Internet printing, see the following sources: