Dan Dhillon
asked on
Built in AD groups and user unable to manage printers server 2012 when assigning permissions.
Hi,
Trying to add user to built in print operaters group in AD when added unable to manage documents or manage printers permissions keeps asking for admin password using server 2012 std. Would like certain users to be able to manage printers and print. Any idea what I could be doing wrong please?
Thanks in advance.
Trying to add user to built in print operaters group in AD when added unable to manage documents or manage printers permissions keeps asking for admin password using server 2012 std. Would like certain users to be able to manage printers and print. Any idea what I could be doing wrong please?
Thanks in advance.
ASKER
Hi Henrik,
I've tried that I created a printer management group and assigned print operaters to the group. Still no luck.
Thanks for your reply.
I've tried that I created a printer management group and assigned print operaters to the group. Still no luck.
Thanks for your reply.
Did you give that group rights to the printer(s) you want them to manage?
ASKER
Hi Hypercat,
Sorry accidentally clicked on approved solutions, yes I tried that. Any chance you can give me some step by step guide or instructions please.
Thank you in advance.
Sorry accidentally clicked on approved solutions, yes I tried that. Any chance you can give me some step by step guide or instructions please.
Thank you in advance.
Step-by-step for adding the group to the printer security settings? Or for the whole process?
ASKER
Hi Hypercat,
Whole process if you can please if you don't mind i just want to make sure i've not missed anything out.
Pulling my hair out or maybe over thinking and missed something out.
Thank you again for your help in advance
Whole process if you can please if you don't mind i just want to make sure i've not missed anything out.
Pulling my hair out or maybe over thinking and missed something out.
Thank you again for your help in advance
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Hypercat,
Thank you!
What if they don't have a print server can i not use the built in security group print operators.
Thanks
Thank you!
What if they don't have a print server can i not use the built in security group print operators.
Thanks
The built-in security group "Print Operators" is for managing printers that are installed on domain controllers. If you're talking about printers that are locally installed on workstations and want to give each user rights to manage his/her own printer, then you can just skip the creation of a group and simply add either the local Users group or the user's domain account to the security settings on the printer.
ASKER
If i installed the printers onto the DC and add the users to a local group and make the local group a member of the print operators SG that should work right?
I will try this and up date you.
Thank you
I will try this and up date you.
Thank you
I didn't realize that the printers were installed on a DC (this makes the DC a print server, by the way). There's no such thing as a local group on a DC. By default, creating a group on a DC makes it a global domain security group. The only difference is that the Print Operators is a built-in group and has extra special privileges, one of which is that they can log into a domain controller. You DON'T want to do that! Create a group in the same OU that you use for your user accounts in Active Directory, add the users to that group and add that group to the security on the printers.
PS - In case you were wondering, this will not allow the users in the group to log on to the domain controller, nor do they have to in order to manage the printers. They do need to have the printer(s) installed on their workstation and then they can manage them from there.
You need to either use the local groups on the member server used as print server, or assign permissions for AD groups to the resources on the member server used as print server.