Logon Script Requires Local Admin

I am trying to run a logon script that maps LPT1 to the user logging onto the server 2008 R2 server. The command in the logon script field of the active directory user object is

net use lpt1 \\clientcomputer\printer /persistent:yes

The only way the logon script succeeds is if the user logging into the server is a local administrator.

Disabling the UAC does not work.

How can I allow the user to not be an administrator and still have the lpt1 created?
Is there a registry setting I need to modify permissions on?
kwoznica732Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kwoznica732Author Commented:
This doesn't seem to work with LPT1. Maybe with normal printers it works but our application requires LPT1.
Group policy printer deployment isn't possible either because a UNC path isn't possible.

Why does net use lpt1 \\clientsystem\printer require administrator permissions?
0
Ron MalmsteadInformation Services ManagerCommented:
0
Ron MalmsteadInformation Services ManagerCommented:
Do they have permissions on the client machine/printer share?
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Jim P.Commented:
Have you tried making them Printer Operators?
0
yo_beeDirector of Information TechnologyCommented:
Take a look at an article that I wrote explaining this.
It illustrates how to deploy a shared printer, but you can select Local Printer instead and get the results.
Hope it helps
This also eliminates the need for scripts and will overcome the UAC issue.

http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/A_11321-Deploying-Printers-using-Group-Policy-Preferences.html
0
RobSampsonCommented:
The only blocker that I know of (stemming from an old Windows XP issue) with non-admins not being able to map LPT1, is that the LPT1 port needed to be "disabled" from the "Device Manager" on the computer.  Once the port was disabled, the net use worked for non-admins.

Regards,

Rob.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Rob WilliamsCommented:
Net use Lpt1 is limited to admin users, and has been for many years.  There is a workaround using Devcon that used to work with 2000 and XP, and I suspect may still:
http://support.microsoft.com/kb/313644#appliesto
0
RobSampsonCommented:
*SNAP*

:-)
0
Davis McCarnOwnerCommented:
You need to run it as a STARTUP script one time which will the use the system account and work.
0
kwoznica732Author Commented:
Yes, right on the money with your solution RobSampson.

I can confirm this is also true for Server 2008 R2 now. I actually went into the device manager and uninstalled it. Logged onto the server via RDP as a non admin and was able to add the lpt1 port via the logon script and print to the client system successfully.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.