2

Is there a way to audit the actual contents of print jobs sent to a Windows 2008 / Windows 2012 print server?

I'm not interested in the metadata (pages, username, datatime etc), but the job itself - as in the data that was printed.

I can't find anything that would allow IT Security to see what the printer actually printed. Our concern is that malicious users could print "Hello World.docx" and be stealing classified information, but we'd only see "Hello World.docx" in the job description.

I'd love to have a PDF or similar copy of every job sent to IT Security.

ben
  • 123
  • 3

2 Answers2

2

This has already been asked and answered (partly) in a previous stack-exchange article. It's a simple configuration change so save a copy of every printed document. You will need to make sure you have a great deal of storage available before you enable that.

The problem is not saving the documents and knowing what was printed and when, that's very easy, the problem is using the information pro-actively. Generally this information is used to re-construct events after the fact.

Community
  • 1
GdD
  • 17,399
  • 2
  • 42
  • 64
1

Besides Windows saving the files, printers, themselves, have options to store print jobs for auditing purposes.

schroeder
  • 129,372
  • 55
  • 299
  • 340