Skip to content

Product

Device Harmony

Device Management

Endpoint Detection & Response

Pricing

Support

Use Cases

Deploy

Secure

Configure

Manage

Integrate

Features

Liftoff

Passport

Auto Apps

Managed OS

Migration

Compliance

Prism

Integrations

iOS & iPadOS

Resources

Resources Hub

Blog

Customer Stories

MacAdmins Community

Security Details

Partners

Resellers

Technology Partners

Become a Partner

Register a Deal

Partner Portal

Company

About Kandji

Careers

News & Press

Contact
Log in Get Started
Get Started
managing mac printing: what admins need to know
Blog Recent News Managing M...

Managing Mac Printing: What Admins Need to Know

Kandji Team Kandji Team
10 min read

Despite the rise of paperless and remote offices, managing printers is still a thing, something Mac admins must deal with every day.

If your organization has just one printer that everybody prints to, managing that printer probably isn’t a big issue. But if your printing situation is any more complicated than that—and particularly if you are tasked with managing multiple printers in multiple locations—you need to understand the basic infrastructure of printing from the Mac in order to effectively manage it. 

Here’s an overview of how AirPrint works, what to do when it isn’t enough, and pointers to some tools that can help you tackle printer-management chores that macOS and MDM alone can’t.

How AirPrint Simplifies Printer Management

That infrastructure has two components: The printer itself and the device that’s trying to print to it. You need to configure both.

Setting up the printer itself so it’s ready to receive print jobs over the network is relatively straightforward. The details will vary by printer model and your network setup, but the general idea—connect the printer to the network then configure its settings—is simple.

Setting up the printer on the device is only a bit less so. The classic workflow: You configure a print queue on the device, with the settings and drivers necessary to send jobs to that printer. That queue defines the name and network location of the printer for the device. Settings for the printer are stored in PostScript Printer Description (PPD) files, which describe its capabilities. Those PPD files are used by the Mac printing subsystem—CUPS, about which more in a moment—to support printer-specific features. When the user clicks Print, the driver prepares the print job and sends it to the printer. 

Historically, admins had to install specific drivers for each printer on each device in order for printing to proceed. That process was made much simpler by the introduction of AirPrint in 2010. AirPrint combines device discovery with printer management, solving several pieces of the printing puzzle at once. 

When an AirPrint-compatible printer is connected to a local network, users should be able to just select it from the list of available printers and then send print jobs to it. AirPrint enables the Mac to print without PPDs or drivers. Many current printers support the AirPrint protocol, which makes the configuration of both printers and devices mostly automatic. (Note that, while AirPrint is great for printing from iOS and iPadOS devices, we’re focusing on printing from Mac in this post.)

What that means in practice is that, if a user goes to a Print dialog and finds that no print queue has been configured, they can click Add Printer, Scanner, or Fax and find printers that make themselves visible on the local network via AirPrint. Selecting one of these printers will automatically create a new queue using a default PPD with reasonable settings. (Kandji has an AirPrint Library Item, which allows admins to preconfigure AirPrint-compatible printers and make them visible in a user’s printer list.)

When AirPrint Isn’t Enough

That’s the ideal and usual scenario. But there are times when things don’t play out that way.

Users Need Special Features

Some AirPrint-compatible printers have features that AirPrint doesn’t reliably support.

For example, you might have a big multifunction printer that can collate and staple pages or print on specialized papers. Or maybe you want to force users to print in black and white when the printer’s default is color. Depending on the printer, AirPrint might provide support for such features—but it might not. In that case, to take advantage of the printer’s full capabilities, you need to install and configure a driver for it.

In that case, you should be able to use your MDM solution to deploy a driver with a custom PPD settings file for that printer. In Kandji, for example, you do so by setting up a Custom Printer. You supply some details—display and CUPS names, location, description, and URI—to create a print queue on that device. You can also send a PPD file to change the default settings and a driver installer package if you want to use the full driver instead of AirPrint. Once the custom printer is defined and added to a Blueprint, Kandji will deliver that configuration to all devices in that Blueprint.

Printer Isn’t AirPrint-Compatible

In other cases, users might need to use a printer that isn’t AirPrint-compatible. It could be one of the few printers sold now that aren’t compatible with the technology. More likely, it’s a legacy device from the time when AirPrint wasn‘t so universal. It’s also possible that, for one reason or another, Airprint isn’t permitted in your environment.

In either case, users or admins will need to install and use the full printer drivers and may want to deliver a PPD file if the default settings need to be adjusted.

Users Can’t Install Printers

Another complication is when users don’t have the necessary permissions to install printers on their Mac endpoints. More specifically, users with standard accounts can’t add printers. 

Fortunately, there are workarounds. In particular, to allow all users—even standard ones—to add a printer, you can run this command on the device (either via remote access or by delivering a script to run locally): /usr/sbin/dseditgroup -o edit -n /Local/Default -a "everyone" -t group lpadmin

Other Printer Management Tools

While your MDM solution should be able to handle most printer-management chores for you, there are a couple of tools—one old, one new—that many admins rely on to deploy and manage printers.

CUPS and lpadmin

CUPS is the venerable Common UNIX Printing System that’s baked into macOS and allows Mac computers to connect and print to networked printers. It provides a Web-based interface for seeing the network-attached printers available to a given Mac computer and their configuration. 

Apple hasn’t actively updated CUPS in a while, but it’s still here and many veteran admins still swear by it as a troubleshooting and management tool. If you’re stuck on what information to use when deploying printers, the CUPS web interface can be a great resource. You can enable that interface by opening Terminal and running cupsctl WebInterface=yes.

Once enabled, you’ll be able to open a web browser and navigate to http://localhost:631/printers/. From there, you can browse the currently installed printers, gather information about their configuration, and even administer default settings. 

One of the handiest tools that comes with CUPS is the lpadmin utility, which allows admins to install and configure printers from the command line. It’s used less these days because of GUI solutions, but it can still be useful if you like to script things. For years, admins would create generic printer installation scripts based on lpadmin, and then customize them with printer-specific bits of information.

Print Servers and PaperCut

Another printer management strategy: Admins can set up and maintain dedicated print servers, which collect print jobs from users over the network, then manage the resulting queues. This model has largely been superseded by the direct model, in which print jobs go directly from the computer to the printer. But the server model still has its place, particularly in larger organizations or those that mix Apple with other platforms.

If you’re managing Apple devices and printers in such an environment, you may well be using—or should at least know about—the new breed of SaaS print services—which take printer management from the command line to the cloud. 

Take, for example, PaperCut and its Print Deploy tool. It can do almost anything an IT department would want in the way of printer management. You could have multiple printers in multiple locations, with users moving among them, and it would still enable those users to print to their nearest printer. 

It can also allow for “follow me” or “find me” printing: The user sends their print job to a print server, but the server will hold that job until the user scans their card or enters a code at the printer to release the job to be printed (this is especially useful when content security is a requirement). It also gives IT the tools to control printer spending: Users can be given printer credits (some number of pages per time period), and software like Print Deploy will keep track of who’s printed what.

There’s obviously much, much more to managing printers on Mac computers, but those details are usually very printer-specific. As long as you understand the general infrastructure of Mac printing, you should be able to figure out those specifics for yourself.

About Kandji

Kandji is the Apple device management and security platform that empowers secure and productive global work. With Kandji, Apple devices transform themselves into enterprise-ready endpoints, with all the right apps, settings, and security systems in place. Through advanced automation and thoughtful experiences, we’re bringing much-needed harmony to the way IT, InfoSec, and Apple device users work today and tomorrow.