[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 7457
  • Last Modified:

Allowing non-Admin User to Clear and Restart Print Spooler on Windows 2003


I have a Windows 2003 AD Domain.

The print queue on one of our printers occasionally gets jammed with a print job. When this happens I must not only delete the job, but I need to restart the print spooler service to clear it out. I want to give this ability to the user in the form of a script.

I have tried using:

sc \\printserver stop spooler

from the user's computer, but I get the following error:

[SC] OpenSCManager FAILED 5:

Access is denied.

I have added the user to the "Print Operators" security group, but I am still getting the error message. I do not want to add the user to the Local Admins for the print server.
1 Solution
Assign the user/group the right to "Manage printer" on the printer's security tab.
axygenAuthor Commented:
I still get Access is denied when using the sc command.
How about creating a scheduled task to run the script? You can run a scheduled task manually and also set the admin credentials to do it without the user being able to discover the admin credentials.
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

axygenAuthor Commented:
@Olski -  How would I go about setting this up? Do I set it up on their computer, or on the printserver?
Farhan KaziSystems EngineerCommented:
Greetings Axygen,

Why not giving Everyone or Print Operator full access over Print Spooler service...

SubInACL /Service Spooler /Grant=Everyone=F
SubInACL /Service Spooler /Grant=Everyone=TOP

(TOP means they can sTart, stOp and Pause the service)

Get SubInACL from the Win2000

More Info:

** Letting a User Start and Stop Services Without Granting the User Administrator Privileges

** Another way to grant the right to manage Windows 2000 services

** Server Operator Cannot Stop/Start Spooler Service

Hope this helps!
You would need to do it on the user's computer. Put the script file (batch file?) on the user's computer (in a folder called script on C: to make it easy to find).

Go to control panel, Scheduled Taks.
Double click Add Sceduled Task
When it opens click next and then browse and browse to the script file and click open.
Enter a name for the task like restart print spooler and select One Time Only and click next
Click next again and enter the credentials for an admin account that has the rights to perform the spooler restart.
Click next and tick the box for "Open Advanced properties.....
In the advanced properties untick the "Enabled (Scheduled task runs at specified  time)"
Click Ok.

Now in Scheduled tasks right click the restart print spooler task and click run. This will then run the script under the credentials you entered.

Sometimes scheduled tasks can be funny and you have to re-enter the credentials in the Advanced properties, so try this if it doesn't work first time.
axygenAuthor Commented:
@Olski - thanks, I'll try that after hours.

@farhankazi - thanks for the links, the last one seems to be what I'm looking for. Will try that if @Olski's method doesn't work.
axygenAuthor Commented:
@Olski - it worked thanks!

In case anyone's wondering here's my batch script...

sc \\printserver stop spooler
ping -n 5 www.google.com
sc \\printserver start spooler

To test it out I actually set used, ping -n 30 www.google.com, and just monitored the print spooler service on printserver. I saw that it turned off and after about 30 pings (however long that takes) it started up again.
No worries, glad it sorted your problem.
how do you know if a schedule task did run successfully or not? is there a log file somewhere? thanks.

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now