XenApp Terminal Server - Remove Printer in User session removes Printer from all logged on users!

Dear Comunity

I have a strange behavior on my XenApp 7.5 Terminal Server farm.

Some background information:

Citrix XenApp 7.5 on Windows 2012 R2 (all avaliable Windows patches installed)
Running on VMware vSphere 5.5.0
Print Server running on Windows 2012 R2
Printer in use :
Printer.png
Now the following thing is happening. A user on the XenApp server is adding a printer and later the user is removing the printer, the printer is not only removed in the session of the user, the printer gets removed from all users logged on the same terminal server. User has no admin rights.

Printers are not redirected from the client workstations. The printer drivers are installed directly on the terminal server.

Did someone experienced the same issue with Windows 2012 R2?

Best regards
DangerExpertsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Spike99On-Site IT TechnicianCommented:
Session printers are printers redirected from the user's client PC & are available only in their own session.  If a person removed a session printer, then the printer is only removed from their session.

If the printers are not redirected and are installed directly on the Citrix server, unless the printer's security was edited to prevent everyone from seeing it, everyone will see that printer.  Then, if it gets removed, it will be removed for everyone.

So, the question is: how was this user able to install & then remove a printer on the server without Admin rights?  Look at the groups that user belongs to and make sure none of those groups have admin rights or print operator rights on the server.
0
DangerExpertsAuthor Commented:
Hi Spike99

Thanks for your answer.

I checked the user permissions and they are not added to Administrators, Print Operators or Power Users.

About your question, how they installed the printer driver. I installed all Printer Drivers on the Terminal Server with my administrator account. This way, the drivers are available if a user attach the printer. User cannot add printers from the Print Server if I did not install previously the printer driver with my administrator account. I checked that to be sure.

About your question: how was this user able to install & then remove a printer on the server without Admin rights? Actually they cannot install or uninstall the printer driver. Users can only attach or detach printers. But if a user detach a printer, the printer is detached on all logged in users.

Many thanks and best regards
0
Spike99On-Site IT TechnicianCommented:
the ability to add/remove printers can be delegated to non-admin users.  On the Citrix server, open up the Devices and Printers window, single click on any printer to highlight it. Then, click on the "Server Properties,"  check to see if that user or any group he's a member of a group that has elevated rights for the printers.

By default, the EVERYONE group is allowed "print" & "view server" rights.  If his account has "manage server" rights, that might explain why he was able to add & remove a printer that all users could see.

Here's a TechNet article on print server rights:
http://technet.microsoft.com/en-us/library/jj190062.aspx
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

DangerExpertsAuthor Commented:
Hi Alicia

Thanks for your comment. Let me check this. Many thanks!
0
DangerExpertsAuthor Commented:
I found a Microsoft patch for my issue: http://support.microsoft.com/kb/2967077/en
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DangerExpertsAuthor Commented:
this patch solved my windows issue
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Printers and Scanners

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.