Solved

adding printer without admin right in XP

Posted on 2004-10-14
12
626 Views
Last Modified: 2008-02-01
Hi,
My question is about enabling a normal user to add a local printer. In a corporate environment, we have laptop users that may use different printers outside the company, and we don't want to give them the admin password or the power user password(while enabling the load/unload devices option in the local sec. policy).
The "run as" option is also not suitable for this situation, i think.
Thanks
0
Comment
Question by:tmogulkoc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +2
12 Comments
 
LVL 1

Expert Comment

by:Milkybar-kid
ID: 12305878
Open user accounts in the control panel and assign the user as an Administrator on the local machine. (Not the domain)
0
 

Author Comment

by:tmogulkoc
ID: 12305893
Whether local or domain, we don't want any user to be admin on their computers.
0
 
LVL 2

Expert Comment

by:AbacusOnsite
ID: 12305908
If you don't want to give them full admin rights, there is another way:  Make them a member of the Power Users group and have the Load/Unload Device Drivers privilege, which is a Group Policy setting.

To set this privilege, click Computer Configuration, click Windows Settings, click Security Settings, click Local Policies, and then click User Rights Assignment. By default, only administrators have this privilege. Power Users can obtain the same level of privilege to install or modify a local printer as they had under Microsoft Windows 2000 if the administrator explicitly grants this privilege to them.

Of course, giving them admin rights would be simpler.  Good luck.
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 

Author Comment

by:tmogulkoc
ID: 12305978
Thanks but as i said in my question, also we don't want them to be power users (while giving them Load/unload device drivers privilege), we don't want them to install or run any external software.
0
 
LVL 2

Expert Comment

by:AbacusOnsite
ID: 12306070
Oh, yeah... I guess you did say that.  Sorry.

Hate to be the bearer of bad tidings, but in my experience (both corporate IT and contract work), what you are describing cannot be done.

See these two knowledge-base articles from Microsoft:

http://support.microsoft.com/default.aspx?scid=kb;en-us;297780
http://support.microsoft.com/default.aspx?scid=kb;en-us;326473

"For security reasons, Windows XP cannot permit a user who is not an administrator to install a device on the computer....."
0
 

Author Comment

by:tmogulkoc
ID: 12306683
Yes,
But there should be an option (such as customizing the administrative group policy template) to do that. Because all the settings can be reached through registry.
0
 
LVL 10

Expert Comment

by:Longbow
ID: 12306876
Install a printer using rundll32.exe :
http://www.dx21.com/SCRIPTING/RUNDLL32/ViewItem.ASP?OID=145

You van use psexec to execute this command with admin rights :
Pstools Suite found at http://www.sysinternals.com
0
 

Author Comment

by:tmogulkoc
ID: 12307915
Great, i know about using the option to add printer using rundll32.exe  but i want the user himsel add the printer. Thanks
0
 
LVL 13

Expert Comment

by:WillHudson
ID: 12308354
Hmmmm... sounds like the easiest way to be able to do this is to make him an administrator on the PC, let him add the printer and then take him out of the administrator group
0
 
LVL 10

Accepted Solution

by:
Longbow earned 500 total points
ID: 12308662
No no.
Psexec run like the RunAs command.
The user doubli-click a shortcut and psexec executes your Rundll command with the account you want.
You need to choose the Rundll32 you want to run.

'Beginning of VbScript
'Save in a .vbs file
'Add the paths where needed:
Set WshShell = WScript.CreateObject("WScript.Shell")
Command = "psexec -u Domain\Admin -p password " & CHR(34) & "rundll32.exe" & CHR(34) & "syntax"
msgbox Command
WshShell.Run Command, 1, false
'End of VbScript

The VB Script can be encoded.
Or create a user for the occasion.
http://www.microsoft.com/downloads/details.aspx?FamilyId=E7877F67-C447-4873-B1B0-21F0626A6329&displaylang=en
0
 

Author Comment

by:tmogulkoc
ID: 12316487
Psexec seems to be an alternative, but if possible i would like to learn where in the registry this is set and to which folders write access is necessary.
0
 
LVL 10

Assisted Solution

by:Longbow
Longbow earned 500 total points
ID: 12316810
You can use Sysdiff. It is in the Resource Kit.
Addendum :
http://www.microsoft.com/windows2000/techinfo/reskit/tools/hotfixes/sysdiff-o.asp
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Looking to disable remote computers 6 82
Check network connectivity in DOS 11 125
Lock down IT Intern accounts 4 125
XP as a dual boot with Windows 10 10 109
There are 2 things you must have in order to connect to the internet behind a router, The "Gateway IP" of the router, which is usually something like 192.168.xxx.1, I've seen routers with default values of: 192.168.0.1, 192.168.1.1, 192.168.11.1, …
We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question