Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Terminal Server - Prevent Users from seeing other printers

Posted on 2004-08-24
3
Medium Priority
?
659 Views
Last Modified: 2008-03-06
This is a windows 2003 terminal server running quickbooks enterprise.

A couple of interesting points about quickbooks enterprise and its requirements on terminal server:  

According to their tech support users need to be in at least the Power Users group for the product to work correctly
Printer names can be no longer then 20 charecters for the printing to work from quickbooks

I have users accessing this from both inside and outside.  The inside users have appropriately named printers that quickbooks can print from without an issue.  For the outside users I've set up a script that renames their printer to one that meets the 20 charecter limit.  This has worked for the most part except for a small issue:

It seems that the users can browse everyone elses printers.  I've read an article that suggests power users can do this by default on a TS but I don't know where to modify this.  The question is two fold:

Does the power user group membership give the ability to see other users printers?
How can I modify this permission to assure users only see their own printers?

I'm somewhat TS and 2003 savvy but this one is eluding me hence the 500pts.  I welcome and appreciate all input and comments.
0
Comment
Question by:SamuraiCrow
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 9

Author Comment

by:SamuraiCrow
ID: 11900233
OK guys, after a day of staring down the barrel of this question I have come upon if not a true solution (being that the true problem is Quickbooks Enterprise REQUIRES users to be members of the Power Users group) at least it's a workaround.  Here's what I did:

Downloaded SubInACL from Microsoft:

http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en

Copied the EXE to the Terminal Server and set up the following batch file:

cd c:
cd\
cd c:\Kix\SubInACL
subinacl /printer * /revoke="power users"

Finally, I placed this batch file in the startup folder of the existing users and in the all users folder so that it automagically applies to new users logging on to the server for the first time.

In effect this script removes the Power Users from the ACL of any printer generated by clients logging in to the TermServ.  This in turn prevents the printers from being accessable to anyone but the user who generated them and administrators.  

With that I will close the question.  I hope this will save somebody out there some time someday.
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 12791690
PAQed with points refunded (500)

modulo
Community Support Moderator
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question