Policys for printers and errors in event viewer!

[Mike D]

Hello, I am currently setting up a new network and have
just installed and shared a new HP network printer
(Laserjet 4300 TN) onto the printserver using the jet
direct software supplied.

When I added it to my PC (I'm an administrator) it added
and works fine. When I added it to a users computer it
failed with the error 'A policy is in effect on your
computer which prevents you from connecting to this print
queue. Please contact you system administrator'.

I found KB-319939 and this seemed to be similar, I enabled
the policy.

I then got the user to reboot and try again but got the
same error when adding the printer. The user is in the
Printer Operators group!

I have since tried createing a new user, I logged in and
added the printer and it worked?? but it still doesn't
work for old users!!

I have not got some more details from event viewer, the
folling messages keep comming up!

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1053
Date: 23/03/2004
Time: 8:27:10 AM
User: NT AUTHORITY\SYSTEM
Computer: STEVES
Description:
Windows cannot determine the user or computer name. (The
specified domain either does not exist or could not be
contacted. ). Group Policy processing aborted.

and

Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 15
Date: 23/03/2004
Time: 1:47:12 AM
User: N/A
Computer: STEVES
Description:
Automatic certificate enrollment for local system failed
to contact the active directory (0x8007054b). The
specified domain either does not exist or could not be
contacted.
Enrollment will not be performed.

I have added these users to the administrators group for
now to get them working but it's taking ages for the
rights to replicate (4 hours now!) can I speed this up
anyway? I've had them log of and on a few times!

Help, thanks in advance.

M

 

[Alan Morris\(MSFT\)]

This policy is in affect on XP SP1 clients (and Server 2003 ). The Print
Operators Group pertains to domain printer queue administration. The policy
impacts installing a printer driver.

If you have an NT4 based domain, this policy will not work properly until
clients are XP with SP2.

If the driver is preinstalled on the client, then the user can connect. If
the driver exists in the client's driver.cab then the spooler will install
this driver rather than copy the driver from the server.

You can add the users to the Power Users group, and add the Load and unload
driver privilege to this group rather than give the users admin rights.

No clue on domain replication, I'm just a printer guy.
--
Alan Morris
Windows Printing Team
Search the Microsoft Knowledge Base here:
http://support.microsoft.com/default.aspx?scid=fh;[ln];kbhowto

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Mike D]

Hello, yes I'm running SBS server and XP clients, I didn't
know SP2 was out for XP, do you know where I can get it?
Will this fix the problem?

I went to my DC and into Group Policy Editor and found the
load and unload device driver section. The groups in it
are Print Operators and Administrators, it doesn't let me
add any others. All these uses are in the administrators
and the print operators groups but still doesn't work!

Whats the best way to pre-install the driver onto the
client?

Thanks for your help.

Mike

-----Original Message-----
This policy is in affect on XP SP1 clients (and Server 2003 ). The Print
Operators Group pertains to domain printer queue administration. The policy
impacts installing a printer driver.

If you have an NT4 based domain, this policy will not work properly until
clients are XP with SP2.

If the driver is preinstalled on the client, then the user can connect. If
the driver exists in the client's driver.cab then the spooler will install
this driver rather than copy the driver from the server.

You can add the users to the Power Users group, and add the Load and unload
driver privilege to this group rather than give the users admin rights.

No clue on domain replication, I'm just a printer guy.
--
Alan Morris
Windows Printing Team
Search the Microsoft Knowledge Base here:
http://support.microsoft.com/default.aspx?scid=fh; [ln];kbhowto

This posting is provided "AS IS" with no warranties, and confers no rights.

Hello, I am currently setting up a new network and have
just installed and shared a new HP network printer
(Laserjet 4300 TN) onto the printserver using the jet
direct software supplied.

When I added it to my PC (I'm an administrator) it added
and works fine. When I added it to a users computer it
failed with the error 'A policy is in effect on your
computer which prevents you from connecting to this print
queue. Please contact you system administrator'.

I found KB-319939 and this seemed to be similar, I enabled
the policy.

I then got the user to reboot and try again but got the
same error when adding the printer. The user is in the
Printer Operators group!

I have since tried createing a new user, I logged in and
added the printer and it worked?? but it still doesn't
work for old users!!

I have not got some more details from event viewer, the
folling messages keep comming up!

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1053
Date: 23/03/2004
Time: 8:27:10 AM
User: NT AUTHORITY\SYSTEM
Computer: STEVES
Description:
Windows cannot determine the user or computer name. (The
specified domain either does not exist or could not be
contacted. ). Group Policy processing aborted.

and

Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 15
Date: 23/03/2004
Time: 1:47:12 AM
User: N/A
Computer: STEVES
Description:
Automatic certificate enrollment for local system failed
to contact the active directory (0x8007054b). The
specified domain either does not exist or could not be
contacted.
Enrollment will not be performed.

I have added these users to the administrators group for
now to get them working but it's taking ages for the
rights to replicate (4 hours now!) can I speed this up
anyway? I've had them log of and on a few times!

Help, thanks in advance.

M

.

 

[Alan Morris\(MSFT\)]

XP SP2 is current only available through the Beta program.

The Load unload driver privilege needs to be set on the clients (the DC is
the client that this applies to in your case). I do not know how to do this
in Group Policy.

When the user logs on to the client are they administrators on the client?

If the driver is signed use prndrvr.vbs (in system32). Since you control
the domain you can setup delegation so you don't have to copy the driver
locally to the clients.

prndrvr -a -m "driver" -v 3 -e "Windows NT x86" -i c:\temp\drv\drv.inf -h
c:\temp\drv -s clientname

If you run with XP clients without SP1, then this policy does not exist.

Have you disabled the Point and Print restriction policy?

--
Alan Morris
Windows Printing Team
Search the Microsoft Knowledge Base here:
http://support.microsoft.com/default.aspx?scid=fh;[ln];kbhowto

This posting is provided "AS IS" with no warranties, and confers no rights.

Hello, yes I'm running SBS server and XP clients, I didn't
know SP2 was out for XP, do you know where I can get it?
Will this fix the problem?

I went to my DC and into Group Policy Editor and found the
load and unload device driver section. The groups in it
are Print Operators and Administrators, it doesn't let me
add any others. All these uses are in the administrators
and the print operators groups but still doesn't work!

Whats the best way to pre-install the driver onto the
client?

Thanks for your help.

Mike

-----Original Message-----
This policy is in affect on XP SP1 clients (and Server 2003 ). The Print
Operators Group pertains to domain printer queue administration. The policy
impacts installing a printer driver.

If you have an NT4 based domain, this policy will not work properly until
clients are XP with SP2.

If the driver is preinstalled on the client, then the user can connect. If
the driver exists in the client's driver.cab then the spooler will install
this driver rather than copy the driver from the server.

You can add the users to the Power Users group, and add the Load and unload
driver privilege to this group rather than give the users admin rights.

No clue on domain replication, I'm just a printer guy.
--
Alan Morris
Windows Printing Team
Search the Microsoft Knowledge Base here:
http://support.microsoft.com/default.aspx?scid=fh; [ln];kbhowto

This posting is provided "AS IS" with no warranties, and confers no rights.

Hello, I am currently setting up a new network and have
just installed and shared a new HP network printer
(Laserjet 4300 TN) onto the printserver using the jet
direct software supplied.

When I added it to my PC (I'm an administrator) it added
and works fine. When I added it to a users computer it
failed with the error 'A policy is in effect on your
computer which prevents you from connecting to this print
queue. Please contact you system administrator'.

I found KB-319939 and this seemed to be similar, I enabled
the policy.

I then got the user to reboot and try again but got the
same error when adding the printer. The user is in the
Printer Operators group!

I have since tried createing a new user, I logged in and
added the printer and it worked?? but it still doesn't
work for old users!!

I have not got some more details from event viewer, the
folling messages keep comming up!

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1053
Date: 23/03/2004
Time: 8:27:10 AM
User: NT AUTHORITY\SYSTEM
Computer: STEVES
Description:
Windows cannot determine the user or computer name. (The
specified domain either does not exist or could not be
contacted. ). Group Policy processing aborted.

and

Event Type: Error
Event Source: AutoEnrollment
Event Category: None
Event ID: 15
Date: 23/03/2004
Time: 1:47:12 AM
User: N/A
Computer: STEVES
Description:
Automatic certificate enrollment for local system failed
to contact the active directory (0x8007054b). The
specified domain either does not exist or could not be
contacted.
Enrollment will not be performed.

I have added these users to the administrators group for
now to get them working but it's taking ages for the
rights to replicate (4 hours now!) can I speed this up
anyway? I've had them log of and on a few times!

Help, thanks in advance.

M

.