kwoznica732
asked on
Logon Script Requires Local Admin
I am trying to run a logon script that maps LPT1 to the user logging onto the server 2008 R2 server. The command in the logon script field of the active directory user object is
net use lpt1 \\clientcomputer\printer /persistent:yes
The only way the logon script succeeds is if the user logging into the server is a local administrator.
Disabling the UAC does not work.
How can I allow the user to not be an administrator and still have the lpt1 created?
Is there a registry setting I need to modify permissions on?
net use lpt1 \\clientcomputer\printer /persistent:yes
The only way the logon script succeeds is if the user logging into the server is a local administrator.
Disabling the UAC does not work.
How can I allow the user to not be an administrator and still have the lpt1 created?
Is there a registry setting I need to modify permissions on?
Do they have permissions on the client machine/printer share?
Have you tried making them Printer Operators?
Take a look at an article that I wrote explaining this.
It illustrates how to deploy a shared printer, but you can select Local Printer instead and get the results.
Hope it helps
This also eliminates the need for scripts and will overcome the UAC issue.
https://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/A_11321-Deploying-Printers-using-Group-Policy-Preferences.html
It illustrates how to deploy a shared printer, but you can select Local Printer instead and get the results.
Hope it helps
This also eliminates the need for scripts and will overcome the UAC issue.
https://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/A_11321-Deploying-Printers-using-Group-Policy-Preferences.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Net use Lpt1 is limited to admin users, and has been for many years. There is a workaround using Devcon that used to work with 2000 and XP, and I suspect may still:
http://support.microsoft.com/kb/313644#appliesto
http://support.microsoft.com/kb/313644#appliesto
*SNAP*
:-)
:-)
You need to run it as a STARTUP script one time which will the use the system account and work.
ASKER
Yes, right on the money with your solution RobSampson.
I can confirm this is also true for Server 2008 R2 now. I actually went into the device manager and uninstalled it. Logged onto the server via RDP as a non admin and was able to add the lpt1 port via the logon script and print to the client system successfully.
I can confirm this is also true for Server 2008 R2 now. I actually went into the device manager and uninstalled it. Logged onto the server via RDP as a non admin and was able to add the lpt1 port via the logon script and print to the client system successfully.
ASKER
Group policy printer deployment isn't possible either because a UNC path isn't possible.
Why does net use lpt1 \\clientsystem\printer require administrator permissions?