Remote Desktop Clients Cannot Access Their Local Printers unless they are in Domain\Admin Group

Posted on 2005-05-06
Last Modified: 2007-12-19
I have a Windows 2003 Terminal Server (who is the primary domain controller for itself) and clients running Remote Desktop.  When they login their local printer is created, however unless their user profile is a member of Domain Admin, they cannot access their local printer.

I tried to compare various security policies to another working Windows 2003 Server, but have not been able to figure out what's going on.

Thank you in advance for your help
Question by:wcoykendall
    LVL 10

    Expert Comment

    Is the other Windows 2003 serer that is working a domain controller?  The domain controller will usually have tighter security unless you have changed the default settings.

    Author Comment

    There is no other Windows 2003 server.

    Author Comment

    The other server is at a different company
    LVL 33

    Accepted Solution

    You might want to run the Group Policy Management tool to anyalize the group policies being applied to the machine and users...

    Here is the download for this tool:

    Additional information that might proove useful:

    Providing Client Access to Local Printers
    Terminal Services provides printer redirection, which routes printing jobs from a terminal server to a printer attached to a client computer or to a network printer that is available to the client computer.
    You can disable printer redirection by using Terminal Services Group Policies or on a per-connection basis by using the Terminal Services Configuration feature.
    There are two ways to provide client access to local printers:
    •      Automatic printer redirection. This works through Remote Desktop Connection.
    •      Manual printer redirection. Use this option for 16-bit clients, Windows-based terminals, and local printers that require older drivers.
    Please note that in Terminal Services:
    •      Bidirectional printing is not supported.
    •      Redirected printers are available for use with applications running on the server. Redirected printers appear in the Printers folder in Control Panel.
    •      Clients see only their own redirected printers in the Printers dialog box.
    Automatic Printer Redirection
    When you use Remote Desktop Connection to a Terminal Server, printer redirection is automatic as long as the local printer uses a driver that is installed on the server.
    When a client connects to Terminal Services, local printers attached to line printer port (LPT), communications port (COM), and universal serial bus (USB) ports that are installed on the client computer are automatically detected and a local queue is created on the server. The client computer printer settings for the default printer and some properties (such as printing on both sides of the page) are used by the server.
    When a client disconnects or ends the session, the printer queue is deleted and any incomplete or pending print jobs are lost. Information about the client's local printers and settings are saved on the client computer. During subsequent logon sessions, the printer queue is created using the information stored on the client computer.
    If a printer driver is not found on the server, an event is logged and the client printer is not created. To make the printer available, the driver must be manually installed on the server.
    Note: Print administrators can see all redirected printers, both on the server and those redirected from their session while normal users can see normal printers on the server and only their own redirected printers.
    Please note that in Windows 2000 Service Pack 2 and Windows Server 2003, a fix was added for cases where redirected printing was not working automatically. Issues had one of the following symptoms:

    •      The Terminal Services client enumerated its local printers and sent information (such as the printer and print driver name) to the server. However if a corresponding driver on the server did not exist, the installation failed.
    •      If you used an Original Equipment Manufacturer (OEM) driver with a name that did not exactly match the name in the Ntprint.inf file, Windows did not install the driver.
    This issue was resolved in Windows 2000 Service Pack 2 and Windows Server 2003, but the resolution also requires some registry value changes. For more information, see Knowledge Base article Q275495, “Printer Redirection or Upgrade May Not Work Because of Signed Ntprint.inf File.”
    Manual Printer Redirection
    You can redirect printers attached to LPT and COM ports on the client's local computer manually for use with Terminal Services clients.
    Note: Terminal Services does not support manual redirection of printers connected through USB ports.
    To redirect a client printer manually, contact your administrator and provide the name of your computer (or IP address for a Windows-based Terminal). The client must be connected to the terminal server during manual redirection.
    The administrator uses the Add Printers option in Control Panel Printers to add a printer manually. The administrator uses the client computer name to select the printer port from the list of available ports in the Add Printer wizard. Ports for all clients currently connected to the server appear in the Port list. Terminal Services client ports are listed as follows:
    Port      Description
    TS      computername:Portx (where Port is the type of port and x is the port number)

    When a client disconnects or ends a session, the printer queue is deleted, and any incomplete or pending print jobs are lost. Information about client local printers and settings are saved on the client computer. During subsequent logon sessions, the printer queue is created using the information stored on the client computer.
    When automatic redirection for 32-bit client printers fails, an event is logged. Typically, the logged event contains information about why the redirection failed and if applicable which server-side driver is missing. When a client disconnects or logs off the printer queue is deleted and incomplete or pending print jobs are lost. After the initial manual redirection, printers are automatically redirected during subsequent logon sessions.
    Related Links
    For more information about deployment of Terminal Services, refer to Chapter 16, “Deploying Terminal Services”, in the Windows 2000 Server Deployment Planning Guide at
    For the latest information about Windows 2000 Server, see the Windows 2000 Server Web site at
    For the latest information about Windows Server 2003, see the Windows Server 2003 Web site at

    LVL 74

    Expert Comment

    by:Jeffrey Kane - TechSoEasy
    Make sure that your C:\WINDOWS\system32\spool\drivers folder is shared as Print$ with security permissions set for EVERYONE to be able to Read & Execute.


    Author Comment

    I removed Active Directory from the TS and now everything works fine.

    Expert Comment

    Any other option beside taking off AD? I am having the same issue currently...

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Join & Write a Comment

    Learn about cloud computing and its benefits for small business owners.
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now