Permissions Necessary to Install Network Printers

  • Thread starter Thread starter KZWAN
  • Start date Start date
K

KZWAN

We are presently testing various security settings and we ran
into an unexpected problem.

If you do the following:

1) Install Win2K Pro from scratch on a blank system
2) Install updates from MS
3) Use the security configuration and analysis mmc snap-in to
analyze and configure each of the folling templates using
separate databases

C:\WINNT\inf\def\defltwk.inf
C:\WINNT\security\templates\basicwk.inf
C:\WINNT\security\templates\ocfilesw.inf
C:\WINNT\security\templates\securews.inf

Then a normal user cannot install a network printer that
everybody has access to and receives the following message:

"You do not have sufficient access to your machine to connect
to the selected printer."

Prior to applying the security templates above, the user could
install the printer and if you make the user a local administrator,
the user can install the printer.

So, first we disabled "Prevent users from installing printer drivers"
in the Local Security Policy.
Didn't work.

Then we also gave the local user group modify permissions on the
C:\WINNT\system32\spool folder.
Didn't work.

Then we also gave the local user group modify permissions on
the C:\WINNT folder.
Didn't work.

Then we gave local user group full control of HKLM\Software
including classes
Didn't work.

We are at a loss as two where the lack of permissions lie.
 
On 7 Nov 2003 16:25:25 -0800, KZWAN wrote:

=>We are at a loss as two where the lack of permissions lie.

In the security templates, which override other levels of
permissions (for obvious reasons.) You could try editing
those - but make a backup first. :-)
 
Wolf Kirchmeir said:
On 7 Nov 2003 16:25:25 -0800, KZWAN wrote:

=>We are at a loss as two where the lack of permissions lie.

In the security templates, which override other levels of
permissions (for obvious reasons.) You could try editing
those - but make a backup first. :-)
Click to expand...

Of course the application of the security templates are the source of
the
problem. It's a matter of turning off (or on) those settings which
are necessary to allow members of the users group to install network
printers.

And since this is just a test environment reinstalling the OS is
nothing
more than putting the image back on the system.

Is a question of what settings have an effect on this. Its more than
what's obvious.
 
Login as an administrator, or use an account with administrator rights
Install the printer you want to use on the Citrix server and connect i
to the LPT1 port. When you finished the installation, delete th
printer. The drivers remain on de TS server. Now when you try t
connect to the printer you will succeed.

Good luck

Unregistered
 
Back
Top