Download Print Admin 1.1 http://jochsner.dyndns.org/Scripts/Installers/PrintAdmin.dmghttp://livepage.apple.com/shapeimage_2_link_0

The purpose of this package installer is to provide you with an easy way to install a package that will make the currently logging in user a member of the local _lpadmin group.  Starting with 10.5.7, you can add a user to the local _lpadmin group and that user will be able to add and delete printers without being a local admin.  It checks to see if the user exists in Open Directory in a group named "printadmins" (this must be the exact short name of the group in Open Directory - without quotes).  If that user exists in that group, they are added to the local _lpadmin group on the machine they are logging into, so that they can add and remove printers on the machine.  As soon as you take this user out of the group in Open Directory (and they log out of the machine), they will be removed from the local lpadmin group on the workstation.  This way, you can somewhat dynamically give users access to add and remove printers, if needed, without having to touch any of the machines.  This also works with Mobile Accounts (PHD's) - so if you want to have a user login and have a mobile account created (via Workgroup Manager) - it will also make them a member of the local _lpadmin group.  And again, if you need to take away that control, you can simply remove them out of the printadmins group in Open Directory, and once they logout and log back in, they will no longer be able to add or delete printers.  Any user that is a local admin is exempt from this script.  I have also added the ability for computer management of this feature, as well.  So, if you make a computer group called printadmins - you can put whatever computers or groups of computers in this computer group - and any computers in this group - will have all users set to be printer admins.  Just like in MCX rules - computers  and computer groups override user groups.  So, if you have a computer that is in the printadmins computer group - each user that logs into this machine, will be a local admin.  If there is no computer group called printadminsh, it will look for a user group with the same name. 


What's New in Version 1.1?

  1. -All local users will be excluded


The package installs the following:


/etc/login.hook

/etc/logout.hook

/etc/hooks/LIPrintAdmin.hook

/etc/hooks/LOPrintAdmin.hook

Sets a login and logout hook (defaults write /private/var/root/Library/Preferences/com.apple.loginwindow LoginHook /etc/login.hook and logout.hook)


I have added in all of my packages, to take one or more of the packages that I have created, and install them on top of each other.  By default, only one script can be associated with a login hook, but by installing any of my packages, you will be able to install multiple login scripts that will all run at login.  So, if you want to use several of my packages, you don't have to try and figure out how to get them all inside of one script - simply install any of the installer packages and that package will get added to any of your existing login/logout hooks (and if you don't have any set, it will set up the current package up as a login hook).  


Disclaimer:  Use these packages and scripts at your own risk.  Although I have complete confidence in these scripts, you are reminded that use of these scripts are at your own risk without any warranty.  In no event shall I be liable for any damage that these scripts might cause.  Test these scripts out extensively before mass deploying it to your machines.


Questions - please contact me at jochsner1@me.com