Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 883
  • Last Modified:

How to use GPO to allow power users to add printer at AD 03 domain?

We want to allow some power user can add printer from the printer server.
How can we do this by Domain policy?
Environment:
2003 AD, 2000 and XP client.
Thanks.
0
dickchan
Asked:
dickchan
  • 3
3 Solutions
 
samiam41Commented:
Create a domain group called "Local.Print" or whatever and add the members to it that you want to be able to add printers.  Then, follow this link on using the GP to add your AD group to the power users group.

http://msmvps.com/blogs/martinzugec/archive/2005/09/23/67597.aspx
0
 
samiam41Commented:
You also could use a login script to map the printers for the users.  You would need an option like "ifmember" that would install the printers based on their AD group membership.
0
 
bluntTonyCommented:
I agree with samiam41 in that you will need to create a domain group, then use Group Policy to add this group to the Power Users local group, but I think that by default, Power Users cannot install printer drivers - they can manage printers but not install them.
In order to allow Power Users to install printers, you also need to grant your group the following right in the GPO linked to the OU holding the machine accounts:
Computer Configuration | Windows Settings | Security Settings | Local Policies | User Rights Assignments | Load and Unload Device Drivers
Check this link out for the requirements for installing printers on XP: http://support.microsoft.com/default.aspx?scid=kb;en-us;297780
Hope this helps...
0
 
samiam41Commented:
: )  Good call BluntTony.  I was just thinking whether or not that group could install printers.  Grrr....  I couldn't google it fast enough.  
0
 
snowdog01Commented:
If the desired goal is to allow a user to attach to a network "shared" printer via a print server, then the user simply needs access to the share, i.e. \\servername\printersharename.  Normal domain user permissions are all that is needed on the workstation end.  Just browse to the share and the installation will occur seamlessly.  
Where printer installation gets tricky with permissions is when the user clicks "add printer" from the desktop.  
Plug and play printers that are directly attached to the workstation generally do not need any additional permissions to install either.
HTH,
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now