Permissions required to install local printer

J

jeez

I would like to delegate the installation and sharing of
local printers on my remote servers to the 'on site'
administrators.

I can't do this without giving them membership of the
Builtin Printer Operators group in AD.
Problem is that in that case an admin on site A can
install/delete/manage printers on site B.
I don't want that to be possible.

Any idea's ?
 
B

Bruce Sanderson

Are the "remote servers" also Domain Controllers?

If not, have you tried adding the appropriate Domain User accounts or Domain
(Resource) groups to the individual server's local group called "Print
Operators"?
 
G

Guest

They are DC's
that's why I can't use the Lox
-----Original Message-----
Are the "remote servers" also Domain Controllers?

If not, have you tried adding the appropriate Domain User accounts or Domain
(Resource) groups to the individual server's local group called "Print
Operators"?

--
Bruce Sanderson MVP

It's perfectly useless to know the right answer to the wrong question.





.
Click to expand...
 
J

jeez

They are DC's
that's why I can't use the local groups.

It looks like I need some extra (non documented)
permissions.

I applied policies :
- load and unload device drivers
- prevent users from installing printers (disabled)

I applied full control on the spool directory

Registry permissions needed ????
 
B

Bruce Sanderson

Well, you've got me stumped there. If I understand correctly, adding
printer ports requires special rights that I don't think can be delegated to
arbitrary groups or user accounts - they are inherant in the built-in
groups.

Is there any possibility of moving the printers onto another computer that
is a Domain member, instead of using a Domain Controller? Print serving is
usually a low load task, so you don't need a "big server" to do that . Any
reasonably recent desktop type computer would do. If the sites are small
(four or five computers), you could use a Windows 2000 or Windows XP
computer for print serving. The issue there is that the client OSs (2000
Pro and XP) will only accept a maximum of 10 network connetions, so this is
not a solution for larger sites.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Printer Permissions 1
How to set default printer permissions on all AD printers 3
Printers Creation and Management Delegation 1
Delegation of printers in W2K - AD 1
change permissions on multiple printers 1
Print Operators Group on member W2k3 servers 1
Manage printers 2
Manage Printer rights on print server without adding to PowerUsers or Administrators? 3

Top