Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3132
  • Last Modified:

Remote Desktop Clients Cannot Access Their Local Printers unless they are in Domain\Admin Group

I have a Windows 2003 Terminal Server (who is the primary domain controller for itself) and clients running Remote Desktop.  When they login their local printer is created, however unless their user profile is a member of Domain Admin, they cannot access their local printer.

I tried to compare various security policies to another working Windows 2003 Server, but have not been able to figure out what's going on.

Thank you in advance for your help
1 Solution
Is the other Windows 2003 serer that is working a domain controller?  The domain controller will usually have tighter security unless you have changed the default settings.
wcoykendallAuthor Commented:
There is no other Windows 2003 server.
wcoykendallAuthor Commented:
The other server is at a different company
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

You might want to run the Group Policy Management tool to anyalize the group policies being applied to the machine and users...

Here is the download for this tool:


Additional information that might proove useful:

Providing Client Access to Local Printers
Terminal Services provides printer redirection, which routes printing jobs from a terminal server to a printer attached to a client computer or to a network printer that is available to the client computer.
You can disable printer redirection by using Terminal Services Group Policies or on a per-connection basis by using the Terminal Services Configuration feature.
There are two ways to provide client access to local printers:
•      Automatic printer redirection. This works through Remote Desktop Connection.
•      Manual printer redirection. Use this option for 16-bit clients, Windows-based terminals, and local printers that require older drivers.
Please note that in Terminal Services:
•      Bidirectional printing is not supported.
•      Redirected printers are available for use with applications running on the server. Redirected printers appear in the Printers folder in Control Panel.
•      Clients see only their own redirected printers in the Printers dialog box.
Automatic Printer Redirection
When you use Remote Desktop Connection to a Terminal Server, printer redirection is automatic as long as the local printer uses a driver that is installed on the server.
When a client connects to Terminal Services, local printers attached to line printer port (LPT), communications port (COM), and universal serial bus (USB) ports that are installed on the client computer are automatically detected and a local queue is created on the server. The client computer printer settings for the default printer and some properties (such as printing on both sides of the page) are used by the server.
When a client disconnects or ends the session, the printer queue is deleted and any incomplete or pending print jobs are lost. Information about the client's local printers and settings are saved on the client computer. During subsequent logon sessions, the printer queue is created using the information stored on the client computer.
If a printer driver is not found on the server, an event is logged and the client printer is not created. To make the printer available, the driver must be manually installed on the server.
Note: Print administrators can see all redirected printers, both on the server and those redirected from their session while normal users can see normal printers on the server and only their own redirected printers.
Please note that in Windows 2000 Service Pack 2 and Windows Server 2003, a fix was added for cases where redirected printing was not working automatically. Issues had one of the following symptoms:

•      The Terminal Services client enumerated its local printers and sent information (such as the printer and print driver name) to the server. However if a corresponding driver on the server did not exist, the installation failed.
•      If you used an Original Equipment Manufacturer (OEM) driver with a name that did not exactly match the name in the Ntprint.inf file, Windows did not install the driver.
This issue was resolved in Windows 2000 Service Pack 2 and Windows Server 2003, but the resolution also requires some registry value changes. For more information, see Knowledge Base article Q275495, “Printer Redirection or Upgrade May Not Work Because of Signed Ntprint.inf File.”
Manual Printer Redirection
You can redirect printers attached to LPT and COM ports on the client's local computer manually for use with Terminal Services clients.
Note: Terminal Services does not support manual redirection of printers connected through USB ports.
To redirect a client printer manually, contact your administrator and provide the name of your computer (or IP address for a Windows-based Terminal). The client must be connected to the terminal server during manual redirection.
The administrator uses the Add Printers option in Control Panel Printers to add a printer manually. The administrator uses the client computer name to select the printer port from the list of available ports in the Add Printer wizard. Ports for all clients currently connected to the server appear in the Port list. Terminal Services client ports are listed as follows:
Port      Description
TS      computername:Portx (where Port is the type of port and x is the port number)

When a client disconnects or ends a session, the printer queue is deleted, and any incomplete or pending print jobs are lost. Information about client local printers and settings are saved on the client computer. During subsequent logon sessions, the printer queue is created using the information stored on the client computer.
When automatic redirection for 32-bit client printers fails, an event is logged. Typically, the logged event contains information about why the redirection failed and if applicable which server-side driver is missing. When a client disconnects or logs off the printer queue is deleted and incomplete or pending print jobs are lost. After the initial manual redirection, printers are automatically redirected during subsequent logon sessions.
Related Links
For more information about deployment of Terminal Services, refer to Chapter 16, “Deploying Terminal Services”, in the Windows 2000 Server Deployment Planning Guide at http://www.microsoft.com/windows2000/techinfo/reskit/dpg/default.asp.
For the latest information about Windows 2000 Server, see the Windows 2000 Server Web site at http://www.microsoft.com/windows2000/server.
For the latest information about Windows Server 2003, see the Windows Server 2003 Web site at http://www.microsoft.com/windowsserver2003/default.mspx.

Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Make sure that your C:\WINDOWS\system32\spool\drivers folder is shared as Print$ with security permissions set for EVERYONE to be able to Read & Execute.

wcoykendallAuthor Commented:
I removed Active Directory from the TS and now everything works fine.
Any other option beside taking off AD? I am having the same issue currently...

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now