Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to use GPO to allow power users to add printer at AD 03 domain?

Posted on 2009-04-05
5
Medium Priority
?
879 Views
Last Modified: 2013-02-21
We want to allow some power user can add printer from the printer server.
How can we do this by Domain policy?
Environment:
2003 AD, 2000 and XP client.
Thanks.
0
Comment
Question by:dickchan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 9

Assisted Solution

by:samiam41
samiam41 earned 200 total points
ID: 24071737
Create a domain group called "Local.Print" or whatever and add the members to it that you want to be able to add printers.  Then, follow this link on using the GP to add your AD group to the power users group.

http://msmvps.com/blogs/martinzugec/archive/2005/09/23/67597.aspx
0
 
LVL 9

Expert Comment

by:samiam41
ID: 24071741
You also could use a login script to map the printers for the users.  You would need an option like "ifmember" that would install the printers based on their AD group membership.
0
 
LVL 27

Accepted Solution

by:
bluntTony earned 1600 total points
ID: 24071781
I agree with samiam41 in that you will need to create a domain group, then use Group Policy to add this group to the Power Users local group, but I think that by default, Power Users cannot install printer drivers - they can manage printers but not install them.
In order to allow Power Users to install printers, you also need to grant your group the following right in the GPO linked to the OU holding the machine accounts:
Computer Configuration | Windows Settings | Security Settings | Local Policies | User Rights Assignments | Load and Unload Device Drivers
Check this link out for the requirements for installing printers on XP: http://support.microsoft.com/default.aspx?scid=kb;en-us;297780
Hope this helps...
0
 
LVL 9

Expert Comment

by:samiam41
ID: 24071797
: )  Good call BluntTony.  I was just thinking whether or not that group could install printers.  Grrr....  I couldn't google it fast enough.  
0
 
LVL 4

Assisted Solution

by:snowdog01
snowdog01 earned 200 total points
ID: 24077097
If the desired goal is to allow a user to attach to a network "shared" printer via a print server, then the user simply needs access to the share, i.e. \\servername\printersharename.  Normal domain user permissions are all that is needed on the workstation end.  Just browse to the share and the installation will occur seamlessly.  
Where printer installation gets tricky with permissions is when the user clicks "add printer" from the desktop.  
Plug and play printers that are directly attached to the workstation generally do not need any additional permissions to install either.
HTH,
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question