Shared Secure Printer
The Windows Print Scout (released in August 2021) provided a local print server-based job storage and delivery without the need for workstation Print Scouts. For example, sites with SAP integration where machines are shared among users may want to store print jobs in print servers.
The Shared Secure Printer (i.e. print server based queue) solution requires a print server to host the secure queue and allows users to print to the queue via LPD/LPR protocol. The LPD protocol provides printing user info. The Print Scout server maps the user info, by searching the Active Directory for the corresponding email address. The print job's owner ID is then set to the user’s email address, before the job is sent to the print server.
Starting in September 2022, the Windows Print Scout adds the ability to extract print job data, such as username or document name. In large enterprise environments with SAP integrations for example, all print jobs are recorded as owned by the system user. HP Insights requires the user’s email address of the registered user to it can list and release the job from a secure printer. You can configure your SAP system to add fields (e.g. username, document name) into the print spool file as PJL headers so that the Print Scout can extract the actual username(in this case the user’s email address) or document name of the submitted print job.
Note: This feature comes with security risks and may only work with specific work flows. Contact HP Support for more information.
Note: Shared Secure Printer does not support the Document Storage and Data Privacy Regions feature.
Prerequisite
Before installing the Print Scout on your server, install LDP Server features from Server Manager.
Installing Print scout with shared secure printer
Use the command line option /hostsecurequeue to install a network shared secure queue on a print server. On a supported Windows Server OS, run the following command to install the secure queue on a print server.
Add the command line option /extractfromjobdata to scan the print job data (by looking for @PJL SET USERNAME = name).
PrintScoutInstaller.exe /printserver /hostsecurequeue /extractfromjobdata
After installation:
- A secure queue called the HP Secure Printer is created on the print server. You will need to add this queue on users’ workstations using LPD/LPR protocol. Notice that the spaces on the secure queue have been removed.
- The following registry key is set to the following
SOFTWARE\PharosSystems\PrintAgent\PrintTracker\ExtractFromJobData\Enabled = 1 (DWORD)
Note: The shared secure printer feature is supported on OpenID only. Email authentication and Active Directory are not supported.
Add the Queue on Users' Workstations
After installing the Print Scout in print server mode with Shared Secure Printer, you will need to add this queue on users’ workstations using LPD/LPR protocol.
Limitation: IPP driver does not support Shared Secure Printer
Shared Secure Printer only works when the driver on the queue is set to Windows Manufacturer Driver. A fresh install of the Print Scout on a non-server OS will set the driver to IPP by default so when installing the Print Scout on a non-server OS using the /printserver command, the driver must be manually changed through the Print Scout Config Tool after installation. On a server OS, the IPP driver is not installed so no action is required. To set the queue to Manufacturer Driver, launch the Print Scout Configuration tool and go to the Default Settings > Secure Queue Settings for Deployment section. Refer to the Secure Print IPP Queues document for more information on how to set the driver to Windows Manufacturer Driver.
If the driver remains set to IPP, then Shared Secure Printer jobs will not beprocessed correctly, and they will be treated as Print-at-Home print jobs.