Mac OS X v10.5.7 or later: Allowing managed users to add or delete printers

In Mac OS X 10.5.7 or later, access to add or delete network printers on a client computer is controlled by membership in the lpadmin group. You can control the ability of managed user accounts to add and delete printers by controlling the membership of this group.

To a give a managed user the ability to add or delete network printers on a workstation, add the user to the workstation's local lpadmin group.

For network users

If the workstation is always on the managed network, add a managed network group to the local lpadmin group. All members of the group will then have the ability to add or delete network printers on this workstation.

Execute the following Terminal command:

dseditgroup -o edit -n /Local/Default -u admin -p -a printerusers -t group lpadmin

...where "admin" is the name of a local administrator account on the workstation (you will be prompted for this account password), and "printerusers" is the short name of the network group.

For mobile users

If the workstation can be used off of the managed network (the user has a mobile account), you must add one or more individual user accounts to the local lpadmin group. Each account added will have the ability to add and delete network printers on this workstation regardless of location.

Execute the following Terminal command:

dseditgroup -o edit -n /Local/Default -u admin -p -a student -t user lpadmin

...where "admin" is the name of a local administrator account on the workstation (you will be prompted for this account password), and "student" is the short name of the network user.