Allow Print Operators to Add Printers to Domain Controllers
I need to arrange for a limited number of our desktop engineers to be able to add printers to our 2K3 SP2 DCs.
I've tried a few things with no success.
1. Created separate AD group and placed new group as member of Print Operators
2. Amended the permissions on HKLM\SYSTEM\CurrentControl
3. Changed domain delegate control so that new AD group has full control over print objects
And whenever those users try to add a printer they're still immediately told on double clicking "Add Printer" that they don't have sufficient rights to add printers to <dc name>.
Any ideas where to look from here?
I've tried a few things with no success.
1. Created separate AD group and placed new group as member of Print Operators
2. Amended the permissions on HKLM\SYSTEM\CurrentControl
3. Changed domain delegate control so that new AD group has full control over print objects
And whenever those users try to add a printer they're still immediately told on double clicking "Add Printer" that they don't have sufficient rights to add printers to <dc name>.
Any ideas where to look from here?
Hey,
If your users are creating a printer on a server they should have the correct permissions on that server itself, being a member of the print operators locally. It might be that something strange happenend there.
Do you see anything in event viewer when they are trying to add printers?
If your users are creating a printer on a server they should have the correct permissions on that server itself, being a member of the print operators locally. It might be that something strange happenend there.
Do you see anything in event viewer when they are trying to add printers?
ASKER
Bear in mind these are DCs so there are no local user groups. I'm guessing that whatever is wrong it's going to have to be resolved through domain rights.
The event logs also rather unhelpfully show nothing.
The event logs also rather unhelpfully show nothing.
hmm... Even if you have a domain, you still have local groups you need to access..
If you look at a server, you will see there is an administrators group. Because the server joins the domain, the domain admins will automatically be added to the local administrators group on that server. This is just a long shot btw, but my guess is you shoul;d be looking at the server itself. Halfway the installation it only asks you to add the printer to the domain.
If you look at a server, you will see there is an administrators group. Because the server joins the domain, the domain admins will automatically be added to the local administrators group on that server. This is just a long shot btw, but my guess is you shoul;d be looking at the server itself. Halfway the installation it only asks you to add the printer to the domain.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Still not playing.