Available in PaperCut NG and PaperCut MF.

Secure print jobs at the printer while they're waiting to be printed

The Spool File Encryption feature keeps spool files (print jobs) secure at the printer while they are waiting to be printed. This feature works in conjunction with printers set up for Secure print release, and works in Windows environments.

Requirements

NOTE

Print Provider versions prior to 105.0.0 do not support encryption, so enabling Spool File Encryption on the server will not affect the actual print jobs.

Summary of setup steps

  1. Enable Spool File Encryption on PaperCut servers

  2. Configure printers/devices to wait for user authentication before releasing jobs

  3. Prevent print jobs from being released on printers in error

  4. (Optional) Configure the directory for Spool File Encryption

Enable Spool File Encryption on PaperCut servers

NOTE

You can enable Print ArchivingPaperCut's Print Archiving stores an historic record of all printed content. This allows approved administrators to browse and review the content of past print jobs within their environment. or Spool File Encryption, but not at the same time. That’s because Print Archiving requires access to unencrypted spool files.

  1. Log in to the PaperCut Admin web interface.

  2. Click Options, then under the General tab select Enable Spool File Encryption.

  3. If you have multiple primary and site servers, repeat steps 1 and 2 for each.

Configure printers/devices to wait for user authentication before releasing jobs

Configure printers and devices to hold a print job until the user authenticates at the device.

  1. Follow the procedure in Configure Secure Print Release.

  2. Repeat the procedure for each printer you want to set up for encryption.

Prevent print jobs from being released on printers in error

To block spool files (print jobs) from being released when a printer or device is in error, follow the appropriate procedure below for your environment.

NOTE

You can’t block jobs from a Fast ReleaseFast Release is a print release (Secure/Find-Me Printing) solution that uses off-the-shelf card readers available from multiple manufacturers. A Fast Release terminal is connected to the network (not the printer) allowing it to be used with any printer. A USB card reader is connected to the the Fast Release terminal and users use their proximity card to authenticate. PaperCut releases the users held print jobs to the printer assosiated with the Fast Release terminal. terminal. Make sure to check the link for a list of devices that supports blocking jobs for printers in error.

(Optional) Configure the directory for Spool File Encryption

You can configure the directory used for Spool File Encryption.

  1. Navigate to <PaperCut MF directory>\providers\print\win

  2. Open the Print Provider configuration file print-provider.conf and locate the EncryptedSpoolDir configuration key.

    By default it is set to to:

    <PaperCut MF directory>\providers\print\win\spool\encrypted

  3. Set the key to your target location, for example:

    Windows path: EncryptedSpoolDir=D:\print\encryptedspools

    UNC path: EncryptedSpoolDir=\\print-server\encryptedspools

Notes on downgrading a Print Provider version > or = 105.0.0 to a prior version

There are some rare occasions where you might want to downgrade the version of Print Provider. For example, you want to upgrade PaperCut NG/MF to use new functionality, but you want to keep your current version of Print Provider for stability.

Before you downgrade, if you have already enabled Spool File Encryption, you must release or cancel all current encrypted print jobs. If you don’t, the: