Administrator can see other users' printers in a 2003 terminal server session

Posted on 2006-03-30
Last Modified: 2013-11-21

i have a windows 2003 terminal-server (with sp1)
i have 10 users ho have no administrator-rights and they all have there local printer when they connect to the terminal-server with rdp.
i have 1 user ho have administrator-rights, and that user can see all the printers of the other users.
The problem is that that user print sometimes on the wrong printer.

Is there a way to make that user not to see other users printers ?

Question by:parts_peripherals
    LVL 15

    Expert Comment

    This only happens if your users have Power User rights or higher.  If you want to resolve this, reduce their permissions, or convert all of your local printers into network printers, use login scripts to map printers based on group membership or username, and finally turn off connect session printers.  I ran into this same problem setting up users on Citrix - if certain programs require users have certain rights, you can set the progrma to run as a higher level, or switch to network printers.  In the end, thats the easiest method.


    Author Comment

    is there really no way to set the account of that administrator to not see other users printers, that woud bee the best sollution for me.

    LVL 1

    Expert Comment

    If a user has administrator rights then they are an Administrator and therefore can manage the machine.  I know if one of my users couldn't figure out which printer to use I sure wouldn't make them an administrator on a server.  That user has enough rights to blow up that machine and they can't even print correctly.  You might want to rethink the setup.

    LVL 15

    Accepted Solution

    >>is there really no way to set the account of that administrator to not see other users printers, that woud bee the best sollution for me.

    the only way is to turn off session printing domain wide.  but then you would need your printers as network printers to be able to print.  welcome to the lovely world of terminal services.  things aren't always as easy as an option that you can select or deselect.

    LVL 1

    Expert Comment


    Yes, there is a way. There a policy you need to change either locally on the terminal server by going to Start>Run and opening gpedit.msc or from a group policy in AD. Here's the details...

    Load and unload device drivers
    Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

    Determines which users can dynamically load and unload device drivers. This privilege is necessary for installing drivers for Plug and Play devices.

    Default: Administrators.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now