Network Printers

This may be the wrong place...but i have a question about security and
Networked Printers on the Server.

I have several printers shared/networked on the Win2k3 R2 server. I am
hoping that my users can install any of these printers on their own PCs.

Currently we have a mx of Win2k and WinXP computers. The users on the PCs
only have Power User Access on their own PCs (no admin rights).

When the go to add these networked printers to their PC they are told that
'access is denied'.

If an admin logs into the computer and adds all of the networked printers on
a PC, and then when a user logs into the computer and goes to setup a
networked printer everything seems fine.

I am hoping that there is a security role (other than admin) that I can give
the users.

Any thoughts?

The users should be able to add the network printers. Do you have any group
policy to restrict the users to add the printers? Or this links may help,

How to manage network printers using Group Policy
http://www.howtonetworking.com/print/printergp1.htm

--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com


"Corey Arndt" <(E-Mail Removed)> wrote in message
news:60EF74D2-CF81-4373-B0B2-(E-Mail Removed)...
> This may be the wrong place...but i have a question about security and
> Networked Printers on the Server.
>
> I have several printers shared/networked on the Win2k3 R2 server. I am
> hoping that my users can install any of these printers on their own PCs.
>
> Currently we have a mx of Win2k and WinXP computers. The users on the PCs
> only have Power User Access on their own PCs (no admin rights).
>
> When the go to add these networked printers to their PC they are told that
> 'access is denied'.
>
> If an admin logs into the computer and adds all of the networked printers
> on a PC, and then when a user logs into the computer and goes to setup a
> networked printer everything seems fine.
>
> I am hoping that there is a security role (other than admin) that I can
> give the users.
>
> Any thoughts?

I have some settings set but they...in theory...are set to remove any
restrictions (prevent adding/deleting was disabled). I have removed these
settings in case they are working oposite that they should.

Any other thoughts?

Thank You


"Robert L. (MS-MVP)" <(E-Mail Removed)> wrote in message
news:1BE07C9B-A6FF-410C-8478-(E-Mail Removed)...
> The users should be able to add the network printers. Do you have any
> group policy to restrict the users to add the printers? Or this links may
> help,
>
> How to manage network printers using Group Policy
> http://www.howtonetworking.com/print/printergp1.htm
>
> --
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on
> http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on
> http://www.HowToNetworking.com
>
>
> "Corey Arndt" <(E-Mail Removed)> wrote in message
> news:60EF74D2-CF81-4373-B0B2-(E-Mail Removed)...
>> This may be the wrong place...but i have a question about security and
>> Networked Printers on the Server.
>>
>> I have several printers shared/networked on the Win2k3 R2 server. I am
>> hoping that my users can install any of these printers on their own PCs.
>>
>> Currently we have a mx of Win2k and WinXP computers. The users on the PCs
>> only have Power User Access on their own PCs (no admin rights).
>>
>> When the go to add these networked printers to their PC they are told
>> that 'access is denied'.
>>
>> If an admin logs into the computer and adds all of the networked printers
>> on a PC, and then when a user logs into the computer and goes to setup a
>> networked printer everything seems fine.
>>
>> I am hoping that there is a security role (other than admin) that I can
>> give the users.
>>
>> Any thoughts?
>

You can change the Local Security Policies on the PCs to allow the Power
Users to add printers. It can either be done locally on the machines or
from the Domain using Group Policies.

But since it only has to be done once per machine anyway,...if there isn't a
lot of them just do it yourself and be done with it. Then you know they are
installed correctly and that a bunch of other garbage (common with "printing
software) does not get installed on the machine and you will also be able to
make sure it is done consistantly across the machines.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

"Corey Arndt" <(E-Mail Removed)> wrote in message
news:60EF74D2-CF81-4373-B0B2-(E-Mail Removed)...
> This may be the wrong place...but i have a question about security and
> Networked Printers on the Server.
>
> I have several printers shared/networked on the Win2k3 R2 server. I am
> hoping that my users can install any of these printers on their own PCs.
>
> Currently we have a mx of Win2k and WinXP computers. The users on the PCs
> only have Power User Access on their own PCs (no admin rights).
>
> When the go to add these networked printers to their PC they are told that
> 'access is denied'.
>
> If an admin logs into the computer and adds all of the networked printers
> on a PC, and then when a user logs into the computer and goes to setup a
> networked printer everything seems fine.
>
> I am hoping that there is a security role (other than admin) that I can
> give the users.
>
> Any thoughts?

Printers with IP#s are considered Local Printers and users by default aren't
allowed to install them because they are not allowed to install drivers.
They are considered "local" because the Network Cable is treated like and
extra long Printer Cable and the Network adapter in the Printer is treated
like an LPT port.

But they can install printers that are "shared" by other machines. The
shared printers are the ones considered to be "network printers"

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

"Robert L. (MS-MVP)" <(E-Mail Removed)> wrote in message
news:1BE07C9B-A6FF-410C-8478-(E-Mail Removed)...
> The users should be able to add the network printers. Do you have any
> group policy to restrict the users to add the printers? Or this links may
> help,
>
> How to manage network printers using Group Policy
> http://www.howtonetworking.com/print/printergp1.htm
>
> --
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on
> http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on
> http://www.HowToNetworking.com
>
>
> "Corey Arndt" <(E-Mail Removed)> wrote in message
> news:60EF74D2-CF81-4373-B0B2-(E-Mail Removed)...
>> This may be the wrong place...but i have a question about security and
>> Networked Printers on the Server.
>>
>> I have several printers shared/networked on the Win2k3 R2 server. I am
>> hoping that my users can install any of these printers on their own PCs.
>>
>> Currently we have a mx of Win2k and WinXP computers. The users on the PCs
>> only have Power User Access on their own PCs (no admin rights).
>>
>> When the go to add these networked printers to their PC they are told
>> that 'access is denied'.
>>
>> If an admin logs into the computer and adds all of the networked printers
>> on a PC, and then when a user logs into the computer and goes to setup a
>> networked printer everything seems fine.
>>
>> I am hoping that there is a security role (other than admin) that I can
>> give the users.
>>
>> Any thoughts?
>

I did find a setting on the local PC preventing users from adding printers.
I have changed the setting in Group Policies but it still will not change on
the local PC. Any thoughts?

The Setting is in the local security policy under 'local' 'security options'
and is called Devices: Prevent users from adding printers. This is enabled
and greyed out.

"Phillip Windell" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> You can change the Local Security Policies on the PCs to allow the Power
> Users to add printers. It can either be done locally on the machines or
> from the Domain using Group Policies.
>
> But since it only has to be done once per machine anyway,...if there isn't
> a lot of them just do it yourself and be done with it. Then you know they
> are installed correctly and that a bunch of other garbage (common with
> "printing software) does not get installed on the machine and you will
> also be able to make sure it is done consistantly across the machines.
>
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or
> Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
> "Corey Arndt" <(E-Mail Removed)> wrote in message
> news:60EF74D2-CF81-4373-B0B2-(E-Mail Removed)...
>> This may be the wrong place...but i have a question about security and
>> Networked Printers on the Server.
>>
>> I have several printers shared/networked on the Win2k3 R2 server. I am
>> hoping that my users can install any of these printers on their own PCs.
>>
>> Currently we have a mx of Win2k and WinXP computers. The users on the PCs
>> only have Power User Access on their own PCs (no admin rights).
>>
>> When the go to add these networked printers to their PC they are told
>> that 'access is denied'.
>>
>> If an admin logs into the computer and adds all of the networked printers
>> on a PC, and then when a user logs into the computer and goes to setup a
>> networked printer everything seems fine.
>>
>> I am hoping that there is a security role (other than admin) that I can
>> give the users.
>>
>> Any thoughts?
>
>

"Corey Arndt" <(E-Mail Removed)> wrote in message
news:1A308AEC-1676-43D6-A245-(E-Mail Removed)...
>I did find a setting on the local PC preventing users from adding printers.
>I have changed the setting in Group Policies but it still will not change
>on the local PC. Any thoughts?
>
> The Setting is in the local security policy under 'local' 'security
> options' and is called Devices: Prevent users from adding printers. This
> is enabled and greyed out.

You'll just have to look back over what you did and see if you did anything
wrong.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------