• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 618
  • Last Modified:

Remote Desktop Printers

Hi All,

I need some help on this one. My company is wanting to provide people with remote servers for security etc, but we want to make it so that several clients dial into one machine.
Now this isnt a problem, the only problem is that I want to make it so that when user 1 dials in, all they can see is their own Remote printer.

Again, when user 2 dials in, all they can see is their own remote printer because at the moment when both users are dialed in they can see each others printers.

Does anyone know a script or any way around this?


  • 2
1 Solution
Have you tried removing the unwanted printer from thier profile manually?

Q: My users can see all redirected printers. How can I make them
see only their own printers?

A: If your users can see each others redirected printers, they are
most likely members of the Administrator or Power Users user group.
Type "whoami /groups" in a Terminal Server session to see the group
membership list of a user.

If that's the case, there is no way to prevent them from seeing all
printers (and they will be able to do far more serious damage than
merely printing to the wrong printer!). Hence Make them normal users.
This is a known issue in windows 2003 and has been dealt with in windows 2008

From http://blogs.msdn.com/ts/archive/2007/05/03/introducing-terminal-services-easy-print-part-2.aspx

Change #2: Scope of redirected printers

In Windows Server 2003, administrators could see all redirected printers of every user. Also, if a user had multiple sessions open, redirected printers of all sessions would be visible to each individual session. In Longhorn Server, this is no longer the case. The visibility of redirected printers is limited to the session where they are installed.

The behavior is very similar to the behavior of redirected drives. Printers now have the Session SID set in the list of ACLs. Properties of this change include the following.

This ACL limits the printers from appearing in another session, even that of the same user. For example, say user1 has logged on to two different TS sessions (session 1 and session 2) on the same server. Redirected printers of session 1 will not be visible in session 2 and vice-versa.
There are no exceptions to the above rule. By default, anyone under the "Administrators" local group also will not be able to access the printer.
The users can change access to the printers by editing the permissions in the printer properties to be made accessible to other users.
This is a significant change from Windows Server 2003. Previously, redirected printers were visible to all sessions belonging to the same user as well as to all administrators on the server. Due to this new behavior, there has been a perceivable performance improvement in the enumeration of printers and in the logon time of new sessions.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now