?
Solved

Add local printer disabled for some users

Posted on 2003-03-11
16
Medium Priority
?
1,316 Views
Last Modified: 2012-05-04
Hi folks,

last 24 hours struggling around a stupid problem wit adding local printers on W2K Pro ws.

There is AD on W2K Server and users who log on W2K Pro workstations. Users are just standart DOMAIN USERS.

I need them to be able to add a LOCAL printer apart from network printer as there are some appz which can only print on LPT1: etc.

However all new users I add to AD can not add local printer by running Add a New Printer Wizard or even by using "rundll32 printui.dll,PrintUIEntry /if /b "AMD" /f "%windir%\inf\ntprint.inf" /r "lpt1:" /m "HP Laserjet 4000 Series PCL" /q".

The worst thing is that there are some computers where some older useres can add local printers and those users are also just DOMAIN USERS. :o(

I NEED TO KNOW WHY does it happen and WHERE CAN I ENABLE THE FEATURE to be allowed to add a local printer either on AD {by policy?} or on local machine. I am not allowed to give them administrator rights on either workstation or server and there is no way to add those users to local administrators by creating local profile either.

PLEASE HELP!

Petr
0
Comment
Question by:Pedro Keson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
  • +3
16 Comments
 
LVL 26

Expert Comment

by:Vahik
ID: 8117880
right click the printer click properties / security permissions  then give appropriate permissions.


 then easiest way to install a printer that i know of is
double click my network places /click on the server then printer then it would ask if before u can use the printer
 it must be set up on ur computer    U click yes and the would automaticly download the driver especially win2000 workstations.

  Good Luck
0
 

Author Comment

by:Pedro Keson
ID: 8118231
Dear Vahik,

I am afraid, you didnt get my point well. I have difficulties with adding LOCAL printers, not NETWORK Printers.

You can see that it is disabled, when you click on add a new printer and you get the screen with LOCAL/NETWOK selection, while the LOCAL is greyed out.

I believe it must be related to user rights, but there must also be some way how to do it as I said I have users, who CAN add those local printers on some workstations and on some not.

Any idea?

Petr
0
 
LVL 21

Expert Comment

by:jvuz
ID: 8118320
The local administrator can add local printers to your computer. Make an local administrator account.
0
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

 
LVL 26

Expert Comment

by:Vahik
ID: 8118364
then in that case ivuz is right sorry  I Misunderstood the question.
0
 
LVL 26

Expert Comment

by:Vahik
ID: 8118375
but in order to install u have to log on to the local workstation not the domain then install the printer
0
 

Author Comment

by:Pedro Keson
ID: 8118410
Dear friends,

thanks for all your nice tries. The problem is further away. I know that when I log on as an admin, I can do all those things, but I NEED THEM to be executed everytime users logs on, and it happens accross the whole country every day many times on hunderts of computers.

The only thing I am asking for is to find out, how can I enable the bloddy radio button - ADD A LOCAL PRINTER. Either through policy, login script, command or whatever WITHOUT GOING PHYSICALLY TO EACH COMPUTER and changing there something or running some local scripts as admin.

Also adding all those users to a admin group is not a way I can go as I wrote, I AM NOT ALLOWED to do s (not by system but by company policy).

TA

Petr
0
 
LVL 26

Expert Comment

by:Vahik
ID: 8118450
listen before u run ur foul mouth u dont understand what u asking  u want to set up a local printer not a domain printer. there is no magic button to install this the only way u could install a local printer is log on localy then add it.       I hope u find ur script.
0
 

Author Comment

by:Pedro Keson
ID: 8118602
Dear Vahik,
I guess it is you who is starting loosing nerves here. If you look carefully on my question, you will se, that what I am asking you is this:

HOW TO ENABLE DOMAIN USER TO ADD A LOCAL PRINTER.

Is that not clear enough? If you thing that I am idiot, you do not have to answer.

What I experienced is this. SOME USERS CAN DO THAT (yes, domain users logged to the domain) and some not. Even those who can do it on one computer can not do it on another.  Also, when I am Domain admin user, I can do that on my computer as well, so IT HAS SOMETHING TO DO WITH RIGHTS.

I believe, that if it can be done ONCE, it must be possible to do it ANYTIME and that is all I am trying to figure out.

Please do not respond with invectives, just on topic answers.

Thanks
0
 
LVL 12

Accepted Solution

by:
trywaredk earned 400 total points
ID: 8319405
I Don't know, but try this LOCAL policy:

1. Download regmon from http://www.sysinternals.com/ntw2k/source/regmon.shtml

2. Start / Run / GPEDIT.MSC
3. Choose Computer Configuration
4. Choose Windows Settings
5. Choose Local Policies
6. Choose User Rights Assignment
7. Choose Load an unload device drivers

8. Start Regmon

9. Add Domain Users to Load an unload device drivers

10. Stop Regmon

11. In Regmon find out what's added to registry
12. Start / Run / Regedit
13. Goto found key (number 11)
14. Choose Registry / Export file PRINTERRIGHTS.REG

Add the following to your logonscript:
--------------------------------------------
%systemroot%\system32\regedit.exe -s PRINTERRIGHTS.REG
--------------------------------------------



BTW - "I AM NOT ALLOWED to do s (not by system but by company policy)."

KEEP THAT DECISION - PLEASE READ THIS CAREFULLY:

You must NEVER NEVER add a Domain User Group to the Local Admin Group on each workstation.

And You must NEVER add the same Domain User to the Local Admin Group on more than his/hers own workstation

If You add a Domain User Group to the Local Admin Group, every member of this Domain User Group gets unlimited REMOTE access power of every workstation on Your network.

The unlimited REMOTE access involves:
1. Explorer: \\ComputerName\C$
2. Registry
3. Computer Management (Control Panel)


IF YOU WANT TO KNOW MORE ABOUT THIS ISSUE:
http://www.experts-exchange.com/Security/Win_Security/Q_20506528.html
http://www.tryware.dk/English/W2kLocalGroupPolicy/TotalAdminPower.html
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/evaluate/featfunc/07w2kadc.asp
http://support.microsoft.com/?kbid=182734



IF YOU WANT TO TEST IT:
You have to grant a Domain User Group to the Local Admin Group on BOTH test-workstations, AND logout and logon again.

Important: You have to make a new logon after creating the credentials, because they are given in W2k in the second where You press ENTER to password when logging on.

Please reply, when You have removed the Domain User Group from the Local Admin Group again!


Many Regards

Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open


0
 

Expert Comment

by:james_buddell
ID: 8482209
Hi,

Doesn't add too much in the way of a solution, but may help explain...

http://support.microsoft.com/default.aspx?scid=kb;en-us;297780

Cheers,
James
0
 
LVL 5

Expert Comment

by:cempasha
ID: 8598244
This question is still open and getting old. If any of the comment(s) above helped you please accept it as an answer or split the points who ever helped you in this question. Your attention in finalising this question is very much appreciated. Thanks in advance,

****** PLEASE DO NOT ACCEPT THIS AS AN ANSWER ********

- If you would like to close this question and have your points refunded, please post a question in community support area on http://www.experts-exchange.com/Community_Support/ giving the address of this question. Thank you      

Pasha

Cleanup Volunteer


0
 
LVL 21

Expert Comment

by:jvuz
ID: 9088620
keson, is your problem solved?
0
 

Author Comment

by:Pedro Keson
ID: 9092929
Guys,

although I was not planning to give anyone points as there actually is NO sollution, I decided to give them to trywaredk  as he wes actually trying to help ulike some who just scream.

Thanks for your patience, I lost my account details and this thread link untill jvuz wrote me :o)

Thanks again!
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 9133066
0
 

Author Comment

by:Pedro Keson
ID: 9135938
Trywaredk,

not possible. There is 4500 users in the network and they are not "allowed" to be anything else except power users.

The only think which worries me much is a fact, that "some" users have those rights and some not (5:95) without an obvious reason. I am creating most users by copying the other ones and even then it is not a rule that someone has the right ands someone not. Computers are almost identical - clonned :o(

Anyway I do it other way, I created some fixed local printers with different fixed drivers and I do map netwok resources to those local printers (connected on LPTs). Not 100% nice, buit works.

Thanks
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 9165650
:o) Thank you for the points
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
We are witnesses that everyone is saying that our children shouldn't "play" with a technology because it is dangerous. This article is going to prove that they are wrong.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question