Link to home
Start Free TrialLog in
Avatar of kwoznica732
kwoznica732

asked on

Logon Script Requires Local Admin

I am trying to run a logon script that maps LPT1 to the user logging onto the server 2008 R2 server. The command in the logon script field of the active directory user object is

net use lpt1 \\clientcomputer\printer /persistent:yes

The only way the logon script succeeds is if the user logging into the server is a local administrator.

Disabling the UAC does not work.

How can I allow the user to not be an administrator and still have the lpt1 created?
Is there a registry setting I need to modify permissions on?
Avatar of kwoznica732
kwoznica732

ASKER

This doesn't seem to work with LPT1. Maybe with normal printers it works but our application requires LPT1.
Group policy printer deployment isn't possible either because a UNC path isn't possible.

Why does net use lpt1 \\clientsystem\printer require administrator permissions?
Avatar of Ron Malmstead
Do they have permissions on the client machine/printer share?
Have you tried making them Printer Operators?
Take a look at an article that I wrote explaining this.
It illustrates how to deploy a shared printer, but you can select Local Printer instead and get the results.
Hope it helps
This also eliminates the need for scripts and will overcome the UAC issue.

https://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/A_11321-Deploying-Printers-using-Group-Policy-Preferences.html
ASKER CERTIFIED SOLUTION
Avatar of RobSampson
RobSampson
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Net use Lpt1 is limited to admin users, and has been for many years.  There is a workaround using Devcon that used to work with 2000 and XP, and I suspect may still:
http://support.microsoft.com/kb/313644#appliesto
*SNAP*

:-)
You need to run it as a STARTUP script one time which will the use the system account and work.
Yes, right on the money with your solution RobSampson.

I can confirm this is also true for Server 2008 R2 now. I actually went into the device manager and uninstalled it. Logged onto the server via RDP as a non admin and was able to add the lpt1 port via the logon script and print to the client system successfully.