Script out how to Give local user full permissions to a printer
Situation:
AD domain
I have 1000's of points of sale running windows 2003 under the context of a non-privileged "local" (non-AD) user account, let's call it USER1. Employees using these points of sale have a need to do printer administrative things like delete print jobs. They cannot do this with just their USER1 account.
The local user account is the same across all systems, USER1.
The local printer name is the same across all systems, LABEL.
They cannot be added to the Administrators or Power Users group. I have verified they can do the necessary things if I manually remote to the system and edit the permissions of the LABEL printer to add the USER1 with Full Control. Manually doing this across all systems is not an option. I cannot find a powershell or other way to do this.
I need a remote way to set the necessary permissions for the local user account to be able to manage this printer.
Ideas?
AD domain
I have 1000's of points of sale running windows 2003 under the context of a non-privileged "local" (non-AD) user account, let's call it USER1. Employees using these points of sale have a need to do printer administrative things like delete print jobs. They cannot do this with just their USER1 account.
The local user account is the same across all systems, USER1.
The local printer name is the same across all systems, LABEL.
They cannot be added to the Administrators or Power Users group. I have verified they can do the necessary things if I manually remote to the system and edit the permissions of the LABEL printer to add the USER1 with Full Control. Manually doing this across all systems is not an option. I cannot find a powershell or other way to do this.
I need a remote way to set the necessary permissions for the local user account to be able to manage this printer.
Ideas?
ASKER
RDP would me the manual way of doing this. I am not doing it manually for 1000's of systems. It must be scripted. I too have read that Russian guy's blog. I can't figure his stuff out yet.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
1- Add the Local user User1 to the Local Print Operators group
2- Go into the Print Properties for the LABEL printer
Then to the Security tab
3- Add the local Print Operators group to have Manage Documents permissions to the LABEL printer.
(Since you mentioned both, just deleting documents and also full permissions, I opted for the lesser of the two evils in the example because users can initiate lots of trouble calls if they have manage printer permissions)
I used to have some VBscripts for setting printer permissions remotely. I'll see if I can find them.
While I am hunting for those, check out the link below which sounds like what you want to do via Powershell.
http://www.vistax64.com/powershell/206996-set-security-printer-powershell.html