Spooler Crashing in Windows 2016

Originally published on March 8, 2019

None of us truly believe IT fairies exist. But most of will swear that IT goblins are real! IT goblins are those issues that seem sporadic, spontaneous, and almost impossible to pinpoint the root cause. And it feels like print servers are the ideal nesting ground for these IT goblins.

One of the areas that seem to be the most problematic and hardest to troubleshoot is that of print servers and the spooler service. Though the cause may be hard to pinpoint, the symptoms of a print server spooler crash are obvious!

The first sign of a print spooler crash is your help desk phone starts ringing off the hook because everyone’s prints have suddenly stalled out. The second sign is all the front office employees are ready to break down your door because no one can send any new prints. The third sign of a spooler crash is the steam coming out of executives’ heads because business operations have stopped due to the inability to print.

This is one of those areas where the tried and true “have you tried to restart it” is actually solid advice. If you take this nuclear approach to fixing your print server spooler, by rebooting the server you will restart the spooler service and clear all bad print jobs that may have been the causing crash. Yes, it is a down and dirty approach, and yes everyone is going to need to go click reprint again. But at least the steam is no longer coming out of your executives’ heads.

Don’t want to take the old nuclear approach? You can achieve the same results by opening a command prompt with administrative rights and run the command “net stop spooler” then “net start spooler.” If you are one of those new-fangled GUI IT guys/gals, access the list of services under Administrative Tools in Server 2008, then choose the “Restart” option from the contextual menu after locating the Print Spooler process.

If this is a once-in-a-while occurrence, and those IT goblins just need to go, then it may be time to take a more targeted approach. Here are some of the more common areas those IT goblins hide when it comes to print spooler in Server 2016 and how to remedy them.

Sometimes the goblins are hiding in rogue print drivers. Some print drivers can cause memory corruption or are incompatible with other drivers that may be loaded on the print server. If you suspect that a bad driver is ultimately resulting in the print spooler not working, you can try one of three things:

  1. Enable print driver isolation. This is probably the most highly recommended first step when you encounter print spooler crashing, because it keeps print drivers from interfering with basic software printing processes. By isolating them, they inflict less damage when they choke.
  2. Update your print drivers to the latest version. Manufacturers occasionally release new print drivers with tweaks and bug fixes that address compatibility issues. But keep in mind that updating your drivers can occasionally introduce new problems and incompatibilities. If that happens, then…
  3. Downgrade the rogue print driver. If you’ve identified a problematic print driver that is definitely up to date, every now and then rolling back to an earlier version can rectify the situation. You can pinpoint this by checking Windows Event viewer and comparing when the spooler started crashing and what drivers were recently updated.

Sometimes the goblins will hide in corrupt print jobs. If you aren’t able to pinpoint a bad driver, it may be the print jobs that cause print spooler crashing in Server 2016. You’ll first want to check the print queue and see if there are “stuck” or “ghost” jobs and purge them. Then use the spooler restart steps above. To further pinpoint the bad job you can monitor the spooler as users submit their prints. Look for any jobs opening on non-standard printing ports, non-standard file types, or jobs that seem unusually large.

Sometimes the goblins are in excessive printer sessions. Let’s face it, print servers and Microsoft printing service has not gotten a lot of love from Redmond. The Windows Print Service since server 2008 has been losing feature after feature, e.g. print server clustering, and has not had any major improvements. Even though the server OS that the print spooler is running maybe 8 years newer, those print servers get overwhelmed pretty easily.

So a good area to check for spooler crashes may be watching how many active printer sessions your print environment is establishing with that server. Too many simultaneous sessions will flood the print queue and cause the print spooler to crash. There are workarounds to accommodate additional sessions, but this can involve editing sensitive registry settings. The typical fix for this is to purchase an additional print server. Too bad Microsoft got rid of print server clustering. 🙁

If you are sick of chasing around those IT goblins, a surefire way to stop them from mucking up your print environment is to just completely eliminate your print servers altogether. PrinterLogic makes that possible through its proven cost-effective, low-footprint enterprise print management solution that provides all the functionality of print servers—and much, much more—with none of the usual drawbacks.

With PrinterLogic, instead of print spooler crashing and long troubleshooting processes, you get features like centralized management, self-service printer installation, print job reporting, seamless integration with virtual solutions and the option to easily add Mobile Printing and Secure Printing across your entire print environment. Download a free 30-day trial today.

Changes to Printing in Windows Server 2019

Originally published on Feb 22, 2019

Server 2019 is Here!
For those of us who have been operating in the Windows server space for a while now, it may feel odd that a new server version is already being released! Since 2003, IT organizations have had almost 4 years between the stress of server upgrades. But starting with Windows Server 2016, Microsoft has moved from releasing a new server version every few years to a semi-annual release cycle.

Microsoft is targeting Windows Server releases during Spring and Fall about every 18 months. This new release cycle will be consistent with the rest of the major release cycles coming out of Redmond, including Windows 10 and Microsoft Office 365. This new release strategy will bring cutting-edge features to customers much faster, but it may also cause strain on IT departments to keep up with the update cycle and changes in each release.

I wanted to help anyone who is curious about how Server 2019 may impact their print environment, so I put on my scuba suit and did some TechNet diving for you. Here are the most important changes to Server 2019 and printing.

On, Then Off, Then On Again
Most organizations that are taking advantage of Server Core desire a server OS that is lean and stripped of any unnecessary functionality. In Server 2016 Microsoft started enabling print server components by default. However, in 2019 Microsoft has done another 180 and again disabled print server components by default in Server Core.

If you would like to enable the print feature in Server Core 2019, you can do so by running the cmdlet “Install-WindowsFeature Print-Server.”

Removal of Common Type 4 Drivers
Starting in Windows 10’s version 1809 release in October, we saw that Microsoft removed common type 4 drivers that were previously shipped with the OS. Microsoft has removed the built-in type 4 driver repository in order to “reduce the Windows footprint and provide more storage.” This was somewhat burdensome for users who would have to run Windows Update service to load the print drivers they needed for their specific printers.

With the release of Server 2019, we see that Microsoft has taken the same approach by removing the common type 4 drivers that were shipped with Server 2016. This has left many IT departments in a bind when standing up a new Microsoft 2019 Server that will be running as a print server. IT departments now must locate and load the type 4 drivers they need to support their printer fleet. This problem is amplified for an organization that has many different types of printers in their fleet.

Still No Spooler Clustering
One of the implications of Server 2019 and print servers isn’t so much a feature that was added or a feature that was removed, but the rather a feature that is still missing. Starting with Server 2012 Microsoft removed the ability to cluster print server spoolers. This has forced organizations to accept their print servers as a single point of failure. Many organizations were hopeful that print server clustering was going to be reintroduced with Server 2016, but were sadly disappointed. The continued absence of this feature in Server 2019 makes me wonder if Microsoft is paying any attention to their own print server spooling service.

Stay Tuned
With the faster release cycle of Microsoft server versions, we all may ultimately benefit from Microsoft’s ability to react to market demands quickly and release features that benefit enterprise IT environments. Here at PrinterLogic we will keep gladly sifting through and finding the most relevant changes to printing and bubble them to the top for anyone interested. Subscribe to this blog for the latest updates.

If you want to keep your server core as “lean” as possible, why not completely remove the print server role? Or if you are stressing about building out a type 4 driver repository, or want to completely eliminate print servers and the single point of failure, let PrinterLogic show you how to modernize your print environment and eliminate the need for print servers. Download a free 30-day trial today.

3 Common Security Mistakes When It Comes to Printing in Federal Organizations

In 2019, the online training platform Skillbox sent a rogue print job to unsecured network printers. To do that, they relied on a search tool called Shodan that discovers vulnerable Internet-connected devices. It was the very same tool that a prankster known as HackerGiraffe had used to hijack 50,000 network printers a few months earlier.

Both HackerGiraffe and Skillbox used Shodan for benign purposes. One was to promote a YouTube channel. The other was to print out flyers for a new design course. But, what’s worrying is that they were able to breach the defenses of security-conscious organizations.

Every few months, an equally high-profile—and much more serious—cyberattack makes headlines. This serves as an urgent reminder to federal governments and their agencies to reinforce their security infrastructures.

Often, government printing and print management are forgotten in that process. A Spiceworks study found that just 22% of organizations actively monitor their printer syslogs. Furthermore, only 13% integrate their printers into security information and event management (SIEM) tools. A 2019 Quocirca Global Print Security report found that nearly 60% of organizations had suffered a print-related data loss in the past year.

What explains that mismatch? Why are the vulnerabilities of printers and print management software frequently overlooked? And more importantly, what can federal IT officials do to fix things?

The three most common print security mistakes

To answer those questions, it’s important to first identify where government printing often goes wrong.

1. Lack of awareness

Printers have been around for ages. That leads even tech-savvy people to see them as part of the furniture. But, of course, they’re not “dumb” at all. Like IoT devices, they’re connected to the network 24-7. This exposes all of their vulnerabilities to the network.

2. Using outdated legacy technology

When a printer is working like it should, it becomes an afterthought. From a print management standpoint, admins often hold off on updating printer drivers for fear of breaking functionality. This leaves the print environment riddled with exploitable, out-of-date software.

3. User error

It’s one thing to have tons of secure print safeguards in place. It’s another thing to make sure your end users actually utilize them. That’s one reason why phishing attacks are still t he most effective way of breaching IT security.

Security-conscious organizations take these mistakes seriously. They treat them more like outright threats to a secure print environment. PrinterLogic’s next-generation print management software is a valuable tool for addressing those threats.

Streamline printing while hardening security

The US Department of Defense and the US Department of Homeland Security trust PrinterLogic’s serverless printing infrastructure. More than 40 other federal entities use PrinterLogic to keep their print environments safe.

That’s not just because PrinterLogic offers dedicated secure print functionality. PrinterLogic’s streamlined print management allows IT to monitor the print environment more easily, as well as keep it up to date.

Secure print management by design

PrinterLogic’s Direct IP printing platform is inherently secure, keeping print jobs local. There are other federal security features that are worth noting as well.

FIPS 140-2 compliance

As the first print management software company to be independently tested and meet the FIPS 140-2 standard, PrinterLogic is a perfect solution for data-sensitive sectors.

Advanced reporting & monitoring

PrinterLogic’s Admin Console lets federal IT officials supervise and control the entire print environment from a single pane of glass. That includes updating drivers using a common repository. And it all happens safely behind the organization’s firewall.

Secure release printing

CAC/PIV is a tried-and-tested secure printing method in government printing. PrinterLogic’s CAC/PIV solution works with your existing printers. Not only is it easy to implement and, it also empowers your end users to conveniently release their print jobs from any printer.

On top of that, PrinterLogic’s unique direct IP printing platform makes it possible to eliminate print servers. Doing so reduces the attack surface by design and thwarts malicious actors.

PrinterLogic is ideal for government printing

As long as IT networks exist, there will be people who try to exploit their weaknesses to steal data.

By avoiding the common mistakes in print security, PrinterLogic helps eliminate those vulnerabilities. With inherently secure software, you’ll prevent your organization from becoming a statistic. Our print management software is a proven solution for government printing that simultaneously streamlines, simplifies and hardens your print environment to protect it against attacks.

The Continual March Into the Cloud

A lot of organizations are moving forward with Cloud first strategies. One of the biggest hurdles for IT departments to overcome when going “cloud first” is understanding what to do with their print infrastructure. A cloud first strategy is in line with best practices for modernizing IT, data-center consolidation, and reducing infrastructure footprint.

When architecting an enterprise cloud strategy, an organization has two different approaches to printing to consider. These are:

  • A cloud based print server (Microsoft or otherwise).
  • A cloud based management server.

The key to understanding the difference between these two approaches is to understand how the print job is routed from the source to its destination.

Cloud Based Print Servers and Common Pain Points
Cloud Based Print Servers require a print job to be sent from its origin point to a print server in the cloud. For most organizations, this would require the job:

  1. be passed from a workstation
  2. through border routers
  3. to a remote cloud “print server” hosted in the provider’s data center,
  4. which would then render and spool the print job
  5. before redirecting it back to the local area network
  6. so it can be output on the printer.

Cloud Based Print Server Diagram

By moving the print queueing and spooling from a local print server to a cloud based print server, an organization can get rid of their dependency on local print servers, but there will be tradeoffs that must be accepted:

  • Single points of failure (a site loses connectivity)
    • If the cloud print service is unreachable, no one can print to any printer
  • Users can become frustrated waiting for print jobs as they are pulled from the cloud to the local printers
  • Sites with limited WAN connections will experience strain on their WAN links because every print job must be routed to the cloud and back to the site again
  • Forced use of universal or proprietary cloud drivers results in loss of advanced printer features
    • Affecting MFPs that could otherwise take advantage of duplexing, stapling, finishing options and other advanced printer functionality

Cloud based print servers not only introduce the above problems but fail to address the traditional problems with on-prem print servers:

  • Reliance on scripting or GPOs to get printers installed at the workstation level
  • No accurate tracking and auditing of who is printing what, from where, to which printers
  • Can’t enforce cost-efficient print settings like duplexing and/or grayscale printing

As it turns out, cloud based print servers present many of the same challenges as traditional on-prem print servers.

Direct IP Printing Managed by the Cloud
In contrast to cloud based printing, a better, more efficient and more reliable approach is to eliminate all print servers completely, both on-prem and in the cloud. Direct IP printing is a stable and proven printing architecture that eliminates the dependency on a print server routing a job to a printer.

With direct IP printing, when a user clicks print, their local workstation opens a connection directly with the printer on the local area network. This differs from a cloud print server trying to reach through the cloud access point to establish a connection with the printer.

Direct IP printing architecture improves upon cloud based print servers by providing:

  • Redundancy—If a site loses internet connectivity, everyone can still print to any printer.
  • Simplicity—No extra open firewall ports and print streams stay on the local area network.
  • Print jobs print out immediately—Even faster than they did with local print servers.
  • Improved Connections—Sites with limited WAN connections will not waste precious bandwidth routing print jobs through cloud access points.
  • Advanced Functionality—MFPs retain their extra features (stapling, watermarking, PIN printing, etc.)
  • Policies and enforcement—Any advanced features or “eco print” settings that the printers support can be applied.
  • Complete Visibility—All print jobs are tracked and reported across all manufacturers, without using SNMP and includes local/USB printer usage.

PrinterLogic helps IT professionals eliminate print servers and deliver a highly-available serverless print infrastructure with our centrally managed direct IP platform. Check out the case studies and other resources at www.printerlogic.com to see how organizations around the globe deploy PrinterLogic to solve workforce print problems and secure print environments.

4 Ways to Improve the Security Profile of Your Print Environment

With all the recent advances in—and focus on—cybersecurity, we could be forgiven for assuming that data breaches are occurring less than ever before. Unfortunately, the opposite is true. The constantly increasing complexity of technology and the speed with which it evolves means that data breach incidents, both accidental and intentional, continue to rise.

Through our interactions with thousands of IT professionals across a wide range of industries and business sectors, we’ve learned four specific strategies to improve the security of print environments. While many approaches to more secure printing were identified, these four continued to bubble to the top of conversations. They are:

  • Prevent print data loss
  • Integrate AAA with printing
  • Reduce attack surface
  • Employ hardened management solutions

Why be concerned about print security?
The short answer is: because up to this point most organizations have NOT been concerned with it. “Printers are a culturally trusted technology because they’re perceived as not being new,” says Kayne McGladrey, director of information security services at Integral Partners.1

Hewlett-Packard reports that almost 90 percent of enterprise businesses have suffered at least one data loss specifically because of unsecured printing!2 A Gartner report identifies printers as among the first Internet-capable devices to be incorporated into enterprise networks, but points out that awareness of the accompanying security risks of these IoT printers is still lagging.3

Here’s an example of what they mean. In January 2017, a white-hat hacker in the U.K. compromised more than 150,000 printers and multifunction devices (MFDs) around the world and forced them to print rogue documents. The hacker also used an undisclosed remote command execution in the web interfaces of certain devices to access print data stored on them.

Additionally, the U.S. Federal Trade Commission (FTC) updated its document titled, Digital Copier Data Security: A Guide for Businesses, to warn organizations to secure their MFDs. In the previous editions of this guide, the FTC had stated clearly, “Digital copiers are computers.” But its 2017 edition, the commission went a step further, recommending that organizations understand the impact of adding and using MFDs on their networks and to treat them as they would a PC or server because they’re vulnerable to the same security risks.4

Michael Howard, the Worldwide Security Practice Lead at Hewlett-Packard, recently said “the biggest mistake companies make when it comes to securing sensitive data is…

“not securing their printing fleet.”

And those breaches are expensive, Howard says, with an average cost of $5.4 million per incident and $136 per compromised record.2 That’s in addition to costs associated with loss of corporate reputation.

Here’s more on the top four ways that our conversations with IT professionals have determined to improve printer security.

1. Prevent Print Data Loss (Print DLP)
No organization wants sensitive files and information to walk out the door in a worker’s or contractor’s bag. User-level print monitoring that tracks every print document to its originating workstation and printer can deter this kind of document exfiltration by allowing admins to see who printed what, when and where. In the event of an actual data breach, a database of print job histories can help identify the devices and persons who printed the affected files.

Compliance regulations and security best practices already require many businesses to have in place procedures for regularly reviewing records of system activity. By storing an audit trail of all print activity, compliance can be validated and any out-of-compliance situations can be quickly identified and corrected.

2. Extend AAA into Printing
Organizations are quick to think of AAA for logical and physical access. But perhaps because print resides in a gray area that lives in the “analog-digital divide,” it’s often ignored. Organizations must remember to extend current Authentication, Authorization and Accounting controls into their printing space. Failure to extend these safeguards can leave printing as an open avenue for data breaches. Users should be authenticated before accessing printers and sending print data. All printers should have an authorization policy defined and only be accessible to authenticated users. All printing should be accounted for, no matter the source or destination of a print document.

Additional security can be integrated by enforcing authentication at the printer before a document prints. Users can leverage their identification badges, or other method of identity authentication, in order to initiate and retrieve a print job while physically at the printer. This prevents unintentional breaches when documents containing sensitive data may be left unattended on the printer for long periods. It also deters malicious actors from engaging in “visual hacking,” which includes snatching sensitive documents from the output tray.5

3. Reduce Attack Surface
A typical business printing environment includes print servers to support and synchronize printers on the network. These print servers also centralize queues and temporarily spool print jobs as they await printing. The unintended effect of storing and routing print documents through a server is to increase the attack surface for a malicious actor to exploit and gain access to restricted data. By snooping or exploiting one server, a malicious actor can gain insight into all print data that passes through it.

By consolidating print servers, or perhaps removing them completely and transitioning to a centrally managed direct IP printing model, the attack surface is reduced. In addition, the removal of a single point of exploitation provides a more secure print environment against any malicious actor. Configuring print infrastructure to avoid the local storage of any document on a printing device before the document is printed also eliminates an attack vector.

4. Employ Hardened Management Solutions
Because of the nature of their mission, IT departments typically have high demands placed on them by organizations. It’s no wonder that IT often seeks tools or solutions that can help ease their burden by delivering better and more efficient internal services. However any IT management solutions that trade security for efficiency, or introduce risk in the name of streamlining a process, should be avoided.

All new platforms and toolsets should be held to security standards defined by trusted and reputable governing bodies like the International Organization for Standardization’s ISO/IEC 27002 or the National Institute of Standards and Technologies’ Common Criteria Certification and FIPS 140-2. Before any new toolset or platform enters the organization’s environment, it should be evaluated to comply with these frameworks, standards, and security best practices.

Conclusion
The cost of preventable data breaches, whether accidental or the result of a cyber attack, continues to grow. It’s critical for organizations to take immediate action to minimize risk by securing their print infrastructure. The four strategies identified here come directly from our conversations with thousands of IT professionals. Any of the four represents a good place to start.

Consultants at PrinterLogic are available to help you with these and other secure printing approaches. If you liked this blog, you can download a hard copy here, and if you think PrinterLogic is right for your IT environment, try our serverless print-management software in your organization for 30 days at no charge.

 

  1. https://www.csoonline.com/article/3229907/security/are-you-doing-all-you-can-to-protect-your-confidential-documents.html
  2. https://digitalguardian.com/blog/expert-guide-securing-sensitive-data-34-experts-reveal-biggest-mistakes-companies-make-data#Howard
  3. Market Insight: IoT Security Gaps Highlight Emerging Print Market Opportunities Published: 31 October 2017 ID: G00336890 Analysts: Kristin Von Manowski, Deborah ToKish
  4. https://www.ftc.gov/tips-advice/business-center/guidance/digital-copier-data-security-guide-businesses
  5. https://news.3m.com/press-release/company-english/new-global-study-reveals-majority-visual-hacking-attempts-are-successf

Problems with Current CAC/PIV Secure Printing Solutions

In our recent blog, Barriers to CAC/PIV Secure Printing Implementation, we discussed PrinterLogic’s research into why federal agencies had put off deployment of a CAC/PIV secure-printing solution. Part two of that investigation was to survey agencies who had implemented a CAC/PIV solution to learn more about the pros and cons of their approach, as well as their level of satisfaction with the solution.

We learned that some agencies were not happy with their current CAC/PIV implementation because the solutions were too complicated to maintain, or because they introduced additional risks, or because they invested in a solution that had not paid off.

Most server-based print-management solutions employ one of the three common network printing architectures: centralized print server, distributed print servers, or a combination of both. These packages inherit the associated challenges and security risks of print servers in general, and include:

  • Centralized points of vulnerability for all print jobs at one location
  • Centralized points of failure that delays mission-critical printing
  • Absence of digitally signed print jobs resulting in a lack of document integrity

Each of these risks create new challenges, as outlined below:

  1. Single points of vulnerability. Whether they are centralized and distributed, print-server networks use one location for all print data. Any unauthorized or malicious access compromises every print job on the server. While most of this access is unintentional, malicious access is initiated by an authorized user with detailed system knowledge. Most print-server architectures make it possible for a single actor to access large amounts of sensitive or classified print data. If one document is breached, it’s fair to assume that all print data at that location is compromised. Even when security measures protect data at rest, these server-based systems use centralized document file stores, print-job repositories, or print queues that become high-value targets for malicious actors. By definition, they are a weak link in the security of a network.
  2. Single points of failure. If a print server or communication with that server fails, printing comes to a standstill until the issue is resolved. Even with high-availability failover or clustered print networks, printing of mission-critical data stalls out and negatively affects the productivity of an entire organization.
  3. Lack of document integrity. Most server-based print management packages rely on device-based printer and MFP CAC/PIV solutions. They are single-vendor designs that do not have direct access to the user’s CAC/PIV card when authenticating at the printer. Instead, the CAC/PIV solution passes the user information to the print-management software. Jobs are not digitally signed before release at the printer, which creates a vulnerability in the agency’s print security. These print-management systems have no way of knowing if a print job was altered before appearing on the printer.

Based on this research, PrinterLogic has developed a cost-effective CAC/PIV secure pull-printing system that works with ANY network printer, requires no print servers, and gives complete visibility into print activity on the network. Read about it in our new blog, The PrinterLogic CAC/PIV Advantage, call our Federal Sales Desk at 435-216-1939 for more information, or to schedule a WebEx product demonstration and a 30-day free trial.

Barriers to CAC/PIV Secure Printing Implementation

Federal agencies understand the gravity of a security leak, especially when it comes to sensitive topics. Since HSPD-12 came out in 2004, agencies have been working to secure their desktops, laptops, door access, emails and any sensitive information using FIPS-201 compliant smart cards.

Even so, government agencies struggle to secure their print infrastructure—while maintaining ease of use for employees.

Because printing converts data to physical media, it is considered one of the most vulnerable security areas within an organization. Once data is printed it is difficult to control, and it’s easy to imagine how risky it is to have sensitive information sitting on a printer tray in plain sight. Anyone could pick it up, stash it in their briefcase, and walk out of the building. Once a breach like this occurs, the information is nearly impossible to retrieve.

It’s well known that Common Access Cards (CAC) or Personal Identity Verification (PIV) smart cards can be used for multi-factor authentication at a printer to secure printing and mitigate these risks. The odd thing is that many federal agencies have been slow to implement CAC/PIV secure printing solutions. Therefore, PrinterLogic, a leader in secure pull printing, conducted research with agency IT personnel to find out why.

Our research identified four key reasons why federal agencies are slow to implement CAC/PIV secure printing:

  1. Difficulty justifying replacing the entire printer fleet. Most printers in an agency fleet do not have an integrated CAC/PIV reader. Implementing CAC/PIV solutions across an entire agency is a high-cost scenario that involves lots of expensive devices and massive infrastructure changes. Upgrades of this magnitude require a lot of planning and are accompanied by big incremental budget approvals. Workers and support staff need training on the new printers, as well as the software to manage them. Large deployments can take years to complete, and productivity suffers during the transition period.
  2. Installed base of functioning printers has to be abandoned. Printers that are in service and still work are like the laws of inertia: They tend to stay in service unless acted upon by an opposing force. In most organizations, working printers are used until they break or can no longer be serviced. The installed base of printers includes smaller models that can’t be retrofitted to support CAC/PIV authentication and would be scrapped. This causes some agencies to procrastinate CAC/PIV deployments in order to avoid waste.
  3. Vendor locking is a double-edged sword. Federal agencies are motivated to employ CAC/PIV print solutions, but they prefer vendor-agnostic procurement practices. Most CAC/PIV solutions are tied to one printer manufacturer’s hardware, which means committing to a solution that “locks” the agency into one vendor. This gets in the way of a multi-vendor approach that benefits from competitive offerings. On one hand, agencies want the flexibility of upgrading and switching to better solutions when they are available. On the other hand, they are married to existing hardware and service commitments until those expire.
  4. Complex back-end Infrastructure. Federal agencies have spent the last 10+ years consolidating their network and server infrastructure. Most CAC/PIV solutions require an extensive server implementation. One agency we surveyed said they would need 2,000+ pull-print servers to facilitate secure print authentication using their PIV cards. The sheer cost, software training, and incremental support staff needed for this kind of investment has slowed adoption.

Based on this research, PrinterLogic has developed a cost-effective CAC/PIV secure pull-printing system that works with ANY network printer, requires no print servers, and gives complete visibility into print activity on the network. Read about it in our new blog, The PrinterLogic CAC/PIV Advantage, call our Federal Sales Desk at 435-216-1939 for more information, or to schedule a WebEx product demonstration and a 30-day free trial.

Print Auditing

IT departments are experts at tracking and auditing everything. IT departments audit failed logins, successful logins, access to files, file transfers, IP packets, DNS queries, open ports, closed ports, physical assets, software assets, up times, downtime, the list goes on and on. In fact, if you even take a look back 10 years ago, the Forbes top 2000 companies spent nearly $350 million annually on just log management software. But with all that money spent on tracing, tracking, and auditing software, nearly 90% of all companies are not tracking one of their biggest expenses—printing! Spending on printing accounts for between 5-15% of a company’s revenue. That is a hard statistic to believe, and it gets worst! 90% of all organizations are not tracking their printing in any way. Why is that? The answer is not very complicated.

Before we can get into the specifics as to why companies are not tracking their printing, we need to first look at the different type of print architectures that are supported. Traditionally, print jobs are either rendered and spooled locally on the workstation, or they are spooled and rendered on a print server. No matter which architecture is supported, tracking and auditing become very cumbersome if possible at all. Let’s look at each of these architectures and how print auditing and tracking can be handled. Print server technology has been around for decades, yet print servers don’t natively offer any type of print job tracking. “Why Microsoft, why?!” It is possible to turn on print logging via Windows Event Viewer. However, this type of logging is not very functional or insightful. All you get is a record that a print job was sent through the server’s spooler and what printer it went to. Knowing who sent the print job, how big it was, was it color or black and white, are all details that are lost in the Windows Event Viewer. This doesn’t really help an organization understand the costs of printing and it doesn’t give any insightful information that can be used to make informed decisions about printing. Imagine using Windows Event viewer to answer the CTO when he asks, “How is it that we are spending 5-15% on printing each year?”

For environments that print directly to their printers and not through a print server, this becomes even harder information to gather. You would have to rely on gathering and digging through the event viewers in each and every workstation in the environment to get the same information.

There are a few bolt-on products that try to show how much printing is really going on, but these solutions have their own struggles as well. A lot of time these products are developed by the print manufacture and are “vendor” specific. Meaning they only grab the metrics for that specific brand of printers, or even worst they may only report on specific models from that vendor. This could leave an organization locked to a specific vendor, making them feel as though they must trade off gaining insight to printing for the loss of being competitive when bidding for a new fleet of printers. The second struggle with these solutions is that the data they gather isn’t insightful. They may account for how many print jobs were sent to a printer, but to really understand the cost of printing you need more than just print volumes. You need to know who is printing what, where the printing is going, which departments are printing more than others, how much each print jobs cost, how much it costs to support a specific printer or model, how much printing is directed to locally attach and/or USB printer, and did anyone print HR documents to non-HR printers?

But all is not lost! You can actually get all this information today, and more, no matter the type of print environment you support. If you want to answer the question, “Where are we spending that 5-15% of our revenue?” you can. PrinterLogic’s print job auditing and reporting tracks who printed what, where it was printed to, how much of it was color, and how much was black and white. In addition, you can gain useful insights into printing trends by the user, department, location, and even automatic cost analysis. Sounds too good to be true…well what if I told you it also requires no additional setup! All of these insights are gained automatically right out of the box. You do not need to predefine groups, users, or printers within the reporting software, nor do you need to ask your users to type in department codes or user codes. Rather PrinterLogic will sync automatically with your Active Directory and generate these insights for you right out of the box.

Not only can you answer the question of where your 5–15% of revenue is going, you can qualify if the print initiatives that you are rolling out are reducing costs. PrinterLogic can generate weekly, monthly, quarterly, or annually scheduled reports that quantify how much money you saved by defaulting your users to black and white, or by switching out those old printers with a new fleet of MFPs. Or you can get after Mrs. Jones for printing 1000 copies of her Sunday flyer.