Solved

Printer security settings across Terminal Services

Posted on 2007-11-25
7
514 Views
Last Modified: 2013-11-21
Hi all

I am having troubles getting printer security settings to save across terminai services.

What we have is 5 remote sites with 2 XP pro clientes at each connecting to Server 2003 via VPN.
There is 1 printer at each site, connected to one of the XP machines. When they connect to the server, the printer is automaticaaly recognised, and added to the printer list. The security settings however, are set for the Creator/Admins, so the other users cannot see the printer or connect to it.

As admin, I open the security settings and add Everyone to the security list, and the printer is now available.

When the machine with the printer logs off, these settings are not saved, so when they log back in, I have to reset them for everyone.

Is there a way to change the initial security settings so they always appear as I want them?

Thanks
0
Comment
Question by:robd2007
  • 4
  • 2
7 Comments
 
LVL 31

Expert Comment

by:Cláudio Rodrigues
Comment Utility
Why do you need to do this? What you see happening is the correct way (and designed that way). Not sure why you want to give rights to everyone for a printer that is autocreated every time a user logs in.
This happens for all users so they all see their printers when they logon. That is why I do not understand why you are trying to achieve something differently, going against what TS was designed for.

Claudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
0
 

Author Comment

by:robd2007
Comment Utility
As we have only one printer per site, we need for both RDP sessions to be able to see the printer to print to it, therefore not needing 2 printer sitting beside each other.

Maybe the way I am looking at is incorrect, but I am looking for a way to have autocreated printers available to all users. Changing the security settings makes the printers visible, so this was the path I have been looking at.



0
 

Expert Comment

by:tigs81
Comment Utility
Instead of using dynamic printing you could utilitise the vpn(which is not required with dynamic printing) you would need to share the printer locally on the remote computer and then on the terminal server(s) install the printer locally and point the local port to \\computername\printersharename.

power users are able to print to all dynamic printers ( i dont recommend setting all users as power users though)
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 31

Accepted Solution

by:
Cláudio Rodrigues earned 500 total points
Comment Utility
The correct way would be to share the printer at the local office from one computer and map that printer on all the other computers. So when anyone connects to the TS from any of the remote office machines their printers (local or the network shared one) will be mapped by the TS automatically.
I see and understand your issue but you are trying to address it the wrong way.

Claudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
0
 

Author Closing Comment

by:robd2007
Comment Utility
Citrix handles this much more easily.
Initial response from tsmvp is too close to having a shot at me for my liking, but you accept it to get answers for your issues :)
0
 
LVL 31

Expert Comment

by:Cláudio Rodrigues
Comment Utility
Hey Rob,

I did not mean to be hard on you. :-)
I just want people to learn TS the correct way. I think TS is by far the technology that is deployed the most the wrong way. It seems easy but it is not really if you do want to have something scalable and reliable.
I am sure you will remember my answer though. :-)

Cheers!

My two cents on the topic and some clarifications.
I have been dealing with server based computing for the past 13 years and also worked quite a lot with VDI (Virtual Desktop Infrastructure).
VDI moves a desktop OS (usually XP or Vista) to virtual hardware images (hosted under VMWare or similar) and users connect to them using the same Microsoft RDP client they normally use to connect to terminal servers or, if you are looking at Citrix Desktop Server, the Citrix ICA client.
There are good and bad, if not terrible, things with VDI.
The bad:
Scalability/Costs. If you get a decent server (and I am not talking about 16GB, Quad CPU boxes - I am talking about your plain, 1U hardware, dual, with 4GB), relatively inexpensive today, you can probably get, easily, 50-75 users on it if that box is a TS.
A very robust VMWare ESX box with 32GB and Quad CPUs will get you, if you are lucky, 30-50 Virtual Desktops. As this server costs probably 10 times more than your 1U pizza box, once you add all the costs, including XP/Vista licenses, VDI becomes extremely expensive per user. Add to that you still have virtual PCs to manage, patch, secure, etc, like real PCs. Ok, if you add something like Ardence to the picture things may be a little easier but...
The good:
Well certain apps simply do not work/like TS or must run in Session 0. Perfect case for VDI.

The best for me is really a mixed solution, in case certain apps require that. As of today companies like Provision Networks (and Citrix but not at the same level as Provision as of today) do provide solutions where users connect to applications and these are served, transparently to the user, from TSs OR VDI. As they run in Seamless Windows mode users do not even differentiate these from their own local apps. All this while hiding the underline OS. So a mix is the way to go if you require that.

Regarding thin clients: one thing to keep in mind is the OS running on them. Only Windows based thin clients (CE or XPe) have the 'official' Microsoft RDP client on them. The Linux ones use RDesktop, an open source, reverse engineered client and therefore, do NOT support 100% of the RDP features properly. One typical example is serial port redirection (some point of sales devices have serial ports to control things like the drawer). The Microsoft client normally works perfectly. The Linux ones do not work in many, many cases. I have seen many companies hit a roadblock with TS because the thin clients that had bought were Linux based and did not have serial port redirection working 100%.
For brands, I guess they are pretty much all the same, made in China. :-) Honestly most of them are made by a single company that simply OEMs different models to HP, Wyse, etc. So to me they are all pretty much the same (ok some do have a management software - neat, and something to be considered if managing hundreds of them).

Now finally, what is best, TS or VDI? Based on my experience (again, I do this full time for a living), in 98% of the cases TS wins hands down. Simply because it costs way less and you get way more users for the money (if you do not need more users you can simply use the money to buy more servers and have way more redundancy) and performance is great (assuming you know how to get the most out of TS - what most people do NOT know. They think it is a matter of using the Windows CD and clicking 'Next', 'Next', 'Next'. It is NOT).
VDI has its market and works great in very specific cases. Is it ready for the masses? No. Is it cheap? No.

To learn more about VDI, take a look at the presentations given by Ron Oglesby at BriForum (http://www.briforum.com) over the years. Great information and very honest answers and comparisons, especially related to performance/costs when compared to TS.

Cheers,

Claudio Rodrigues
Microsoft MVP
Windows Server - Terminal Services
0
 
LVL 31

Expert Comment

by:Cláudio Rodrigues
Comment Utility
That is what happens with copy and paste...

:-)

Claudio Rodrigues
CEO, TSFactory Inc.

Microsoft MVP
Windows Server - Terminal Services
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

##the calculator has been updated to version 1.6 please download the use the updated version## Hi there, After the previous post of the original version of the calculator here : http://www.experts-exchange.com/articles/OS/Microsoft_Operatin…
Case Summary: In this Article we introduce the new method to configure the default user profile using Automated profile copy with sysprep rather than the old ways such as the manual copy of a configured profile to default user profile Old meth…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now