Solved

Printer security settings across Terminal Services

Posted on 2007-11-25
7
515 Views
Last Modified: 2013-11-21
Hi all

I am having troubles getting printer security settings to save across terminai services.

What we have is 5 remote sites with 2 XP pro clientes at each connecting to Server 2003 via VPN.
There is 1 printer at each site, connected to one of the XP machines. When they connect to the server, the printer is automaticaaly recognised, and added to the printer list. The security settings however, are set for the Creator/Admins, so the other users cannot see the printer or connect to it.

As admin, I open the security settings and add Everyone to the security list, and the printer is now available.

When the machine with the printer logs off, these settings are not saved, so when they log back in, I have to reset them for everyone.

Is there a way to change the initial security settings so they always appear as I want them?

Thanks
0
Comment
Question by:robd2007
  • 4
  • 2
7 Comments
 
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 20347492
Why do you need to do this? What you see happening is the correct way (and designed that way). Not sure why you want to give rights to everyone for a printer that is autocreated every time a user logs in.
This happens for all users so they all see their printers when they logon. That is why I do not understand why you are trying to achieve something differently, going against what TS was designed for.

Claudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
0
 

Author Comment

by:robd2007
ID: 20347527
As we have only one printer per site, we need for both RDP sessions to be able to see the printer to print to it, therefore not needing 2 printer sitting beside each other.

Maybe the way I am looking at is incorrect, but I am looking for a way to have autocreated printers available to all users. Changing the security settings makes the printers visible, so this was the path I have been looking at.



0
 

Expert Comment

by:tigs81
ID: 20347548
Instead of using dynamic printing you could utilitise the vpn(which is not required with dynamic printing) you would need to share the printer locally on the remote computer and then on the terminal server(s) install the printer locally and point the local port to \\computername\printersharename.

power users are able to print to all dynamic printers ( i dont recommend setting all users as power users though)
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 31

Accepted Solution

by:
Cláudio Rodrigues earned 500 total points
ID: 20349679
The correct way would be to share the printer at the local office from one computer and map that printer on all the other computers. So when anyone connects to the TS from any of the remote office machines their printers (local or the network shared one) will be mapped by the TS automatically.
I see and understand your issue but you are trying to address it the wrong way.

Claudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
0
 

Author Closing Comment

by:robd2007
ID: 31410893
Citrix handles this much more easily.
Initial response from tsmvp is too close to having a shot at me for my liking, but you accept it to get answers for your issues :)
0
 
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 20379863
Hey Rob,

I did not mean to be hard on you. :-)
I just want people to learn TS the correct way. I think TS is by far the technology that is deployed the most the wrong way. It seems easy but it is not really if you do want to have something scalable and reliable.
I am sure you will remember my answer though. :-)

Cheers!

My two cents on the topic and some clarifications.
I have been dealing with server based computing for the past 13 years and also worked quite a lot with VDI (Virtual Desktop Infrastructure).
VDI moves a desktop OS (usually XP or Vista) to virtual hardware images (hosted under VMWare or similar) and users connect to them using the same Microsoft RDP client they normally use to connect to terminal servers or, if you are looking at Citrix Desktop Server, the Citrix ICA client.
There are good and bad, if not terrible, things with VDI.
The bad:
Scalability/Costs. If you get a decent server (and I am not talking about 16GB, Quad CPU boxes - I am talking about your plain, 1U hardware, dual, with 4GB), relatively inexpensive today, you can probably get, easily, 50-75 users on it if that box is a TS.
A very robust VMWare ESX box with 32GB and Quad CPUs will get you, if you are lucky, 30-50 Virtual Desktops. As this server costs probably 10 times more than your 1U pizza box, once you add all the costs, including XP/Vista licenses, VDI becomes extremely expensive per user. Add to that you still have virtual PCs to manage, patch, secure, etc, like real PCs. Ok, if you add something like Ardence to the picture things may be a little easier but...
The good:
Well certain apps simply do not work/like TS or must run in Session 0. Perfect case for VDI.

The best for me is really a mixed solution, in case certain apps require that. As of today companies like Provision Networks (and Citrix but not at the same level as Provision as of today) do provide solutions where users connect to applications and these are served, transparently to the user, from TSs OR VDI. As they run in Seamless Windows mode users do not even differentiate these from their own local apps. All this while hiding the underline OS. So a mix is the way to go if you require that.

Regarding thin clients: one thing to keep in mind is the OS running on them. Only Windows based thin clients (CE or XPe) have the 'official' Microsoft RDP client on them. The Linux ones use RDesktop, an open source, reverse engineered client and therefore, do NOT support 100% of the RDP features properly. One typical example is serial port redirection (some point of sales devices have serial ports to control things like the drawer). The Microsoft client normally works perfectly. The Linux ones do not work in many, many cases. I have seen many companies hit a roadblock with TS because the thin clients that had bought were Linux based and did not have serial port redirection working 100%.
For brands, I guess they are pretty much all the same, made in China. :-) Honestly most of them are made by a single company that simply OEMs different models to HP, Wyse, etc. So to me they are all pretty much the same (ok some do have a management software - neat, and something to be considered if managing hundreds of them).

Now finally, what is best, TS or VDI? Based on my experience (again, I do this full time for a living), in 98% of the cases TS wins hands down. Simply because it costs way less and you get way more users for the money (if you do not need more users you can simply use the money to buy more servers and have way more redundancy) and performance is great (assuming you know how to get the most out of TS - what most people do NOT know. They think it is a matter of using the Windows CD and clicking 'Next', 'Next', 'Next'. It is NOT).
VDI has its market and works great in very specific cases. Is it ready for the masses? No. Is it cheap? No.

To learn more about VDI, take a look at the presentations given by Ron Oglesby at BriForum (http://www.briforum.com) over the years. Great information and very honest answers and comparisons, especially related to performance/costs when compared to TS.

Cheers,

Claudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
0
 
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 20379864
That is what happens with copy and paste...

:-)

Claudio Rodrigues
CEO, TSFactory Inc.

Microsoft MVP
Windows Server - Terminal Services
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
Concerto provides fully managed cloud services and the expertise to provide an easy and reliable route to the cloud. Our best-in-class solutions help you address the toughest IT challenges, find new efficiencies and deliver the best application expe…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now