4 Replies Latest reply on Jan 27, 2016 11:58 AM by Steven English

    UP8.4 with Pop-ups - Who sent the print job?

    gavin.devilliers@lexmark.co.za Wayfarer

      I have a customer who uses UP8.4 with Pop up clients on the user workstations.  The customer has a scenario where a confidential document was printed by a user but the job was "delegated" to someone else by putting the username of another user to release the job.  Is there any way to determine who the originator of the print job was?

        • Re: UP8.4 with Pop-ups - Who sent the print job?
          Paul LaFollette Guide

          So ... To make sure I'm on the same page as you ...

           

          You want to know what username the document was created under or originated from, not the username the Pharos Popup tags to the print job in place of the originating username.   Or to put it another way, you want what username the person was using at the computer, not the username the user inputs into the Popup prompt.

           

          Is that correct?

           

          I've wondered about that information, wondered if the print job still has the originating username and the Pharos Popup simply "tags" the print job with the username from the Popup.   In that scenario, Uniprint has no use for the originating username because it is told to ignore that information.  I wouldn't be surprised if that information is not retained anywhere...  If it's in the Uniprint logs, I haven't found it but I'm not an expert on the Uniprint logs either (far from it).

           

          However ... You might be able to sleuth out that information from the OS, if your systems are set to log the print activity in the Event logs.  On your print server (assuming it's a Windows OS, 2008 or newer), in the Event viewer, look in the Applications and Services Logs, in the Microsoft/Windows section, PrintService and look in the Operational logs.   There, if you know the date and time of the print job, might be able to find the information you're looking for.  ... The other option is to examine the Event logs of the specific computer that was used but that will only be useful if the user's computer is also tracking these kinds of events and unfortunately, Windows OS has that level of event logging turned off by default (but it's turned on by default in "server" OS).  If your system doesn't show any events in that log, logging those events have not been turned on.  To turn on the logging, simply right-click on the icon for the Operational logs and click on "Enable Log" and from then on it will log print events.  -- Unfortunately, I've found these logs to often be "weak" on important detail and strong on detail you and I could probably care less about.  It might have the info you want... it might not.

           

          Lastly, If you knew what computer (or what group of computers) and also the date/time of the print job, you might be able to narrow down who sent the print job by examining the Security Event logs of the originating computer (or computers).  If your organization has User logon/logoff being audited in the Event Logs, in the Windows Logs section, Security logs you will find the logon and logoff events in detail (almost too much detail). Unfortunately, if your organization hasn't turned this auditing on (in the group policy settings, or gpedit.msc) the logon/logoff info won't be there.

           

          I don't know if any of this helps, but that's what I know.

           

          - Paul L.

          1 of 1 people found this helpful
            • Re: UP8.4 with Pop-ups - Who sent the print job?
              Steven English Guide

              Paul Lafollette,

               

              I believe you are correct that the job is essentially tagged (along with popup question answers/info) and forwarded to Pharos.  It does not care who the true job owner (Windows job owner), but my recollection is that instead of creating a folder to store jobs that matches whatever random name/string that the user entered as the owner, Pharos creates a folder that matches the user name of the windows owner as it should be a safe folder name to create.  If you can isolate it down to a job ID, you can find the Windows username that submitted the job (provided this has not changed).

               

              Regards,

              Steven

            • Re: UP8.4 with Pop-ups - Who sent the print job?
              Steven English Guide

              Gavin de Villiers,

               

              Most likely you will not be able to find out - at least not through normal reports/channels or with definitive results as Pharos does not know the physical presence behind the keyboard.  I think the best info you could get from Pharos if the job is not still in a queue would be to know which workstation the job originated from in order to see who was logged on at the time.  From there you could try matching up the timelines to see who was on the computer, but you would need to have had logs enabled during the time that the offending print was submitted.

               

              If the job is either still in the queued jobs list or the printed jobs list, it can be tracked back into the local JobStore (C:\ProgramData\PharosSystems\SecureRelease\JobStore), which I believe stores the jobs in a folder that matches the Windows interactive username (not each popup username).  That should help narrow it down, but only if the workstations require identification on a per person level.  Otherwise, getting the IP address from the logs as described above and then trying to track down time to get a username would be your best bt.

               

              If anyone else knows of an easier way to track it down, I am up for learning.

               

              Regards,

              Steven

                • Re: UP8.4 with Pop-ups - Who sent the print job?
                  Paul LaFollette Guide

                  Steven English

                   

                  You are correct.  The print jobs are stored in a folder that matches the Windows interactive username (not each popup username).  I hadn't thought of looking there so I tested it.   It would help to narrow it down, but as you said only if 1) the job is still being held and 2) you know the approximate date/time of the print job.

                   

                  That suggests the print job related Event logs (if actively logged) may contain the Windows interactive username rather than the popup username.

                   

                  - Paul L.

                  1 of 1 people found this helpful