Administrator can see other users' printers in a 2003 terminal server session


i have a windows 2003 terminal-server (with sp1)
i have 10 users ho have no administrator-rights and they all have there local printer when they connect to the terminal-server with rdp.
i have 1 user ho have administrator-rights, and that user can see all the printers of the other users.
The problem is that that user print sometimes on the wrong printer.

Is there a way to make that user not to see other users printers ?

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nprignanoTechnical ArchitectCommented:
This only happens if your users have Power User rights or higher.  If you want to resolve this, reduce their permissions, or convert all of your local printers into network printers, use login scripts to map printers based on group membership or username, and finally turn off connect session printers.  I ran into this same problem setting up users on Citrix - if certain programs require users have certain rights, you can set the progrma to run as a higher level, or switch to network printers.  In the end, thats the easiest method.

parts_peripheralsAuthor Commented:
is there really no way to set the account of that administrator to not see other users printers, that woud bee the best sollution for me.

If a user has administrator rights then they are an Administrator and therefore can manage the machine.  I know if one of my users couldn't figure out which printer to use I sure wouldn't make them an administrator on a server.  That user has enough rights to blow up that machine and they can't even print correctly.  You might want to rethink the setup.

nprignanoTechnical ArchitectCommented:
>>is there really no way to set the account of that administrator to not see other users printers, that woud bee the best sollution for me.

the only way is to turn off session printing domain wide.  but then you would need your printers as network printers to be able to print.  welcome to the lovely world of terminal services.  things aren't always as easy as an option that you can select or deselect.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial

Yes, there is a way. There a policy you need to change either locally on the terminal server by going to Start>Run and opening gpedit.msc or from a group policy in AD. Here's the details...

Load and unload device drivers
Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

Determines which users can dynamically load and unload device drivers. This privilege is necessary for installing drivers for Plug and Play devices.

Default: Administrators.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.