Manage printers at logon (@Priv = User) - KiXtart.org - official site

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Basic Scripting » Manage printers at logon (@Priv = User)

Page 1 of 1

1

Topic Options

#133545 - 2005-02-09 03:01 PM Manage printers at logon (@Priv = User)
googhum googhum Fresh Scripter Registered: 2004-12-20 Posts: 7	We run a Win2k server, and all clients are Domain User. When trying to add or delete an printer using addprinter (rundll32 printui.dll,PrintUIEntry) it fails. I don't want to make them power user or admin but want to manage there availeble printers. The add/delete runs at user logon. Is this possible? Code: runas: Requiers input through keyboard. Psexec: Requiers the user to add/run services. GPO "Allow del printer = disabled": Doesn't help either
Top

#133546 - 2005-02-09 04:02 PM Re: Manage printers at logon (@Priv = User)
Allen Allen KiX Supporter Registered: 2003-04-19 Posts: 4567 Loc: USA	Its been a while since I wrote the Addprinter() UDF but I do believe it requires having either admin or power user permissions to run locally. Other options would be to write an admin script using addprinter() and add the printer remotely, or to just set up your IP Printers on a Server, and then use the built in function AddPrinterConnection() .
Top

#133547 - 2005-02-09 04:27 PM Re: Manage printers at logon (@Priv = User)
googhum googhum Fresh Scripter Registered: 2004-12-20 Posts: 7	Found several sites explaining you should be at least powerUser for adding deleting printers (ie. http://support.microsoft.com/?kbid=149913). It is nessesery to create local printers (management) I'm trying to add the printers whith elevated privileges like this: Code: SHELL 'lsrunas /user: /password: /domain: /command:c:\test\temp.bat /runpath:c:\test' temp.bat : Code: $ = WriteLine(2, 'rundll32 printui.dll,PrintUIEntry /n "' + $CurPrinters[$x,0] + '" /dl @CRLF') Downsite is the commandwindow popping up, and not being able to inform the user of the progress of the logonscript. Will look in to the admin script option if this fails.
Top

#133548 - 2005-02-12 01:08 AM Re: Manage printers at logon (@Priv = User)
Sealeopard Sealeopard KiX Master Registered: 2001-04-25 Posts: 11165 Loc: Boston, MA, USA	Unless manually restricted, the "Domain Users" group, by default, has the right to add/delete network printers. _________________________ There are two types of vessels, submarines and targets.
Top

#133549 - 2005-02-12 01:37 AM Re: Manage printers at logon (@Priv = User)
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Usually it is not the printer per se, but rather the driver installation that needs additional rights. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#133550 - 2005-02-12 05:54 PM Re: Manage printers at logon (@Priv = User)
Sealeopard Sealeopard KiX Master Registered: 2001-04-25 Posts: 11165 Loc: Boston, MA, USA	...which by default allows the installation of printer drivers, unless specifically restricted via registry settings, LPO or GPO. Code: Secure Print Driver Installation To restrict print driver installation to Administrators and Print Operators, use Registry Editor to create or assign the following Registry key value: Hive: HKEY_LOCAL_MACHINE\SYSTEM Key: \CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers Name: AddPrinterDrivers Type: REG_SZ Value: 1 _________________________ There are two types of vessels, submarines and targets.
Top

#133551 - 2005-02-12 08:36 PM Re: Manage printers at logon (@Priv = User)
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Quote: ...which by default allows the installation of printer drivers I question that. From my personal experience, I have never modified the "default" yet non-admins on my network have not been able to install printer drivers. If I logon as admin and install the driver, the non-admins can then use the printers after they install them, since printers are per-user. I certainly would not want my users to install drivers on my Citrix farm. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#133552 - 2005-02-13 12:06 AM Re: Manage printers at logon (@Priv = User)
Sealeopard Sealeopard KiX Master Registered: 2001-04-25 Posts: 11165 Loc: Boston, MA, USA	See A Description of the Privilege That a User Must Have to Install or Modify a Local Printer for the local printer rights. Unfortunately, I haven't been able to find anything with regards to network printer installs. However it is my impression that the Windows network printer API can indeed move the appropriate printer drivers onto the local computer without the user having admin or power user rights. _________________________ There are two types of vessels, submarines and targets.
Top

#133553 - 2005-02-13 01:15 AM Re: Manage printers at logon (@Priv = User)
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11631 Loc: CA	I could be wrong, but if I recall from doing desktop support a long time ago, a user on a Windows 2000 desktop can add a network printer just fine, but a user on an XP desktop must have a minimum of Power User rights to do the same, or maybe it's vice-versa Googhum, are your users on 2000 or XP desktops.
Top

#133554 - 2005-02-13 01:33 AM Re: Manage printers at logon (@Priv = User)
Sealeopard Sealeopard KiX Master Registered: 2001-04-25 Posts: 11165 Loc: Boston, MA, USA	Quote: rundll32 printui.dll,PrintUIEntry will definitley require admin or power suer privs as this installs a local printer instead of connecting a shared network printer. In general, networked printers should be accessed via print servers and not via locally installed printers. _________________________ There are two types of vessels, submarines and targets.
Top

#133555 - 2005-02-13 01:39 AM Re: Manage printers at logon (@Priv = User)
Sealeopard Sealeopard KiX Master Registered: 2001-04-25 Posts: 11165 Loc: Boston, MA, USA	Finally found the article. See http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/581.mspx , which deals with the "Prevent users from installing printer drivers" security policy. Quote: For a computer to print to a network printer, the driver for that network printer must be installed on the local computer. This security setting determines who is allowed to install a printer driver as part of adding a network printer. If this setting is enabled, only Administrators and Power Users can install a printer driver as part of adding a network printer. If this setting is disabled, any user can install a printer driver as part of adding a network printer. This setting can be used to prevent unprivileged users from downloading and installing an untrusted printer driver. If an administrator has configured a trusted path for downloading drivers, this setting has no impact. When trusted paths are used, the print subsystem attempts to use the trusted path to download the driver. If the trusted path download succeeds, the driver is installed on behalf of any user. If the trusted path download fails, the driver is not installed and the network printer cannot be added. _________________________ There are two types of vessels, submarines and targets.
Top

Page 1 of 1

1

Previous Topic

Previous Topic View All Topics

View All Topics

Index Next Topic

Next Topic

Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart

Hop to:

Shout Box

Who's Online

1 registered (Allen) and 363 anonymous users online.

Newest Members

Sir_Barrington, batdk82, StuTheCoder, M_Moore, BeeEm
17886 Registered Users

Generated in 0.107 seconds in which 0.071 seconds were spent on a total of 12 queries. Zlib compression enabled.

click tracking