• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 630
  • Last Modified:

adding printer without admin right in XP

Hi,
My question is about enabling a normal user to add a local printer. In a corporate environment, we have laptop users that may use different printers outside the company, and we don't want to give them the admin password or the power user password(while enabling the load/unload devices option in the local sec. policy).
The "run as" option is also not suitable for this situation, i think.
Thanks
0
tmogulkoc
Asked:
tmogulkoc
  • 5
  • 3
  • 2
  • +2
2 Solutions
 
Milkybar-kidCommented:
Open user accounts in the control panel and assign the user as an Administrator on the local machine. (Not the domain)
0
 
tmogulkocAuthor Commented:
Whether local or domain, we don't want any user to be admin on their computers.
0
 
AbacusOnsiteCommented:
If you don't want to give them full admin rights, there is another way:  Make them a member of the Power Users group and have the Load/Unload Device Drivers privilege, which is a Group Policy setting.

To set this privilege, click Computer Configuration, click Windows Settings, click Security Settings, click Local Policies, and then click User Rights Assignment. By default, only administrators have this privilege. Power Users can obtain the same level of privilege to install or modify a local printer as they had under Microsoft Windows 2000 if the administrator explicitly grants this privilege to them.

Of course, giving them admin rights would be simpler.  Good luck.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
tmogulkocAuthor Commented:
Thanks but as i said in my question, also we don't want them to be power users (while giving them Load/unload device drivers privilege), we don't want them to install or run any external software.
0
 
AbacusOnsiteCommented:
Oh, yeah... I guess you did say that.  Sorry.

Hate to be the bearer of bad tidings, but in my experience (both corporate IT and contract work), what you are describing cannot be done.

See these two knowledge-base articles from Microsoft:

http://support.microsoft.com/default.aspx?scid=kb;en-us;297780
http://support.microsoft.com/default.aspx?scid=kb;en-us;326473

"For security reasons, Windows XP cannot permit a user who is not an administrator to install a device on the computer....."
0
 
tmogulkocAuthor Commented:
Yes,
But there should be an option (such as customizing the administrative group policy template) to do that. Because all the settings can be reached through registry.
0
 
LongbowCommented:
Install a printer using rundll32.exe :
http://www.dx21.com/SCRIPTING/RUNDLL32/ViewItem.ASP?OID=145

You van use psexec to execute this command with admin rights :
Pstools Suite found at http://www.sysinternals.com
0
 
tmogulkocAuthor Commented:
Great, i know about using the option to add printer using rundll32.exe  but i want the user himsel add the printer. Thanks
0
 
WillHudsonCommented:
Hmmmm... sounds like the easiest way to be able to do this is to make him an administrator on the PC, let him add the printer and then take him out of the administrator group
0
 
LongbowCommented:
No no.
Psexec run like the RunAs command.
The user doubli-click a shortcut and psexec executes your Rundll command with the account you want.
You need to choose the Rundll32 you want to run.

'Beginning of VbScript
'Save in a .vbs file
'Add the paths where needed:
Set WshShell = WScript.CreateObject("WScript.Shell")
Command = "psexec -u Domain\Admin -p password " & CHR(34) & "rundll32.exe" & CHR(34) & "syntax"
msgbox Command
WshShell.Run Command, 1, false
'End of VbScript

The VB Script can be encoded.
Or create a user for the occasion.
http://www.microsoft.com/downloads/details.aspx?FamilyId=E7877F67-C447-4873-B1B0-21F0626A6329&displaylang=en
0
 
tmogulkocAuthor Commented:
Psexec seems to be an alternative, but if possible i would like to learn where in the registry this is set and to which folders write access is necessary.
0
 
LongbowCommented:
You can use Sysdiff. It is in the Resource Kit.
Addendum :
http://www.microsoft.com/windows2000/techinfo/reskit/tools/hotfixes/sysdiff-o.asp
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now