Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Printer security settings across Terminal Services

Posted on 2007-11-25
Medium Priority
Last Modified: 2013-11-21
Hi all

I am having troubles getting printer security settings to save across terminai services.

What we have is 5 remote sites with 2 XP pro clientes at each connecting to Server 2003 via VPN.
There is 1 printer at each site, connected to one of the XP machines. When they connect to the server, the printer is automaticaaly recognised, and added to the printer list. The security settings however, are set for the Creator/Admins, so the other users cannot see the printer or connect to it.

As admin, I open the security settings and add Everyone to the security list, and the printer is now available.

When the machine with the printer logs off, these settings are not saved, so when they log back in, I have to reset them for everyone.

Is there a way to change the initial security settings so they always appear as I want them?

Question by:robd2007
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 20347492
Why do you need to do this? What you see happening is the correct way (and designed that way). Not sure why you want to give rights to everyone for a printer that is autocreated every time a user logs in.
This happens for all users so they all see their printers when they logon. That is why I do not understand why you are trying to achieve something differently, going against what TS was designed for.

Claudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services

Author Comment

ID: 20347527
As we have only one printer per site, we need for both RDP sessions to be able to see the printer to print to it, therefore not needing 2 printer sitting beside each other.

Maybe the way I am looking at is incorrect, but I am looking for a way to have autocreated printers available to all users. Changing the security settings makes the printers visible, so this was the path I have been looking at.


Expert Comment

ID: 20347548
Instead of using dynamic printing you could utilitise the vpn(which is not required with dynamic printing) you would need to share the printer locally on the remote computer and then on the terminal server(s) install the printer locally and point the local port to \\computername\printersharename.

power users are able to print to all dynamic printers ( i dont recommend setting all users as power users though)
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

LVL 31

Accepted Solution

Cláudio Rodrigues earned 1500 total points
ID: 20349679
The correct way would be to share the printer at the local office from one computer and map that printer on all the other computers. So when anyone connects to the TS from any of the remote office machines their printers (local or the network shared one) will be mapped by the TS automatically.
I see and understand your issue but you are trying to address it the wrong way.

Claudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services

Author Closing Comment

ID: 31410893
Citrix handles this much more easily.
Initial response from tsmvp is too close to having a shot at me for my liking, but you accept it to get answers for your issues :)
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 20379863
Hey Rob,

I did not mean to be hard on you. :-)
I just want people to learn TS the correct way. I think TS is by far the technology that is deployed the most the wrong way. It seems easy but it is not really if you do want to have something scalable and reliable.
I am sure you will remember my answer though. :-)


My two cents on the topic and some clarifications.
I have been dealing with server based computing for the past 13 years and also worked quite a lot with VDI (Virtual Desktop Infrastructure).
VDI moves a desktop OS (usually XP or Vista) to virtual hardware images (hosted under VMWare or similar) and users connect to them using the same Microsoft RDP client they normally use to connect to terminal servers or, if you are looking at Citrix Desktop Server, the Citrix ICA client.
There are good and bad, if not terrible, things with VDI.
The bad:
Scalability/Costs. If you get a decent server (and I am not talking about 16GB, Quad CPU boxes - I am talking about your plain, 1U hardware, dual, with 4GB), relatively inexpensive today, you can probably get, easily, 50-75 users on it if that box is a TS.
A very robust VMWare ESX box with 32GB and Quad CPUs will get you, if you are lucky, 30-50 Virtual Desktops. As this server costs probably 10 times more than your 1U pizza box, once you add all the costs, including XP/Vista licenses, VDI becomes extremely expensive per user. Add to that you still have virtual PCs to manage, patch, secure, etc, like real PCs. Ok, if you add something like Ardence to the picture things may be a little easier but...
The good:
Well certain apps simply do not work/like TS or must run in Session 0. Perfect case for VDI.

The best for me is really a mixed solution, in case certain apps require that. As of today companies like Provision Networks (and Citrix but not at the same level as Provision as of today) do provide solutions where users connect to applications and these are served, transparently to the user, from TSs OR VDI. As they run in Seamless Windows mode users do not even differentiate these from their own local apps. All this while hiding the underline OS. So a mix is the way to go if you require that.

Regarding thin clients: one thing to keep in mind is the OS running on them. Only Windows based thin clients (CE or XPe) have the 'official' Microsoft RDP client on them. The Linux ones use RDesktop, an open source, reverse engineered client and therefore, do NOT support 100% of the RDP features properly. One typical example is serial port redirection (some point of sales devices have serial ports to control things like the drawer). The Microsoft client normally works perfectly. The Linux ones do not work in many, many cases. I have seen many companies hit a roadblock with TS because the thin clients that had bought were Linux based and did not have serial port redirection working 100%.
For brands, I guess they are pretty much all the same, made in China. :-) Honestly most of them are made by a single company that simply OEMs different models to HP, Wyse, etc. So to me they are all pretty much the same (ok some do have a management software - neat, and something to be considered if managing hundreds of them).

Now finally, what is best, TS or VDI? Based on my experience (again, I do this full time for a living), in 98% of the cases TS wins hands down. Simply because it costs way less and you get way more users for the money (if you do not need more users you can simply use the money to buy more servers and have way more redundancy) and performance is great (assuming you know how to get the most out of TS - what most people do NOT know. They think it is a matter of using the Windows CD and clicking 'Next', 'Next', 'Next'. It is NOT).
VDI has its market and works great in very specific cases. Is it ready for the masses? No. Is it cheap? No.

To learn more about VDI, take a look at the presentations given by Ron Oglesby at BriForum (http://www.briforum.com) over the years. Great information and very honest answers and comparisons, especially related to performance/costs when compared to TS.


Claudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 20379864
That is what happens with copy and paste...


Claudio Rodrigues
CEO, TSFactory Inc.

Microsoft MVP
Windows Server - Terminal Services

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Screencast - Getting to Know the Pipeline

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question