What rights do I need to give to my users to copy file directly to printer device over SMB2 ?

Posted on 2011-10-25
Last Modified: 2012-05-12
Our primary Domain Controller is a SBS 2011, which also acts as a printserver.
When connecting with clients as Vista/Win7/Win2008(R2), SMB2 is used when  printing directly to the printer device by copying a file to the device, eg:
C:\Temp> copy printfile.txt  \\servername\printername 

Open in new window


C:\Temp> type printfile.txt >> \\servername\printername 

Open in new window

When issueing this with my user (Domain administrator rights), I have no problem.
When issueing this as a regular user i get an Access denied error.

When I disable the SMB2 protocol, this works fine.

But that is not what I want. I want to keep SMB2 for backup and filecopy speed.

For testing purposes I set up another Windows 2008 R2 server as a print server, and on that server it works fine !

The printers are configured exactly the same on both printservers, everyone has print and manage rights. So I guess it must be a another security issue, not ?
Or is it because my SBS 2011 is a domain controller ?

What rigths do I need to give to my users to be able to print by copying a file directly to the device on the printserver ?

Tnx in advance, been struggling with this for 2 days now :-(
Question by:Xtenso
    LVL 13

    Accepted Solution

    This is probably due to it being a domain controller - standard users have very few permissions on DC's, and I would suggest that you want to keep it that way;
    The best option would be to use a different server as your print / file server - the other option would be to give users restricted print operator rights, but I wouldn't recomment this (see this article: )

    Author Closing Comment

    That was indeed what was needed.

    I added our users (they are almost all power users) to the Print Operators group, and following the suggested document I removed the right for Print operators to "log on locally" and "shutdown the server".

    This was a short and simple thread, but it resolved my issue !

    Thanks !
    LVL 1

    Expert Comment

    Just to add to the already great solution:

    eventhough I gave all domain users access to full control to all printers, (just like print operators do) my users could not print from DOS.

    Adding them to the print operator group fixed it - just like Xtenso said.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now