Policy preventing connection to Print Queue

[Guest]

I'm having difficulty with clients trying to add network printers. They
receive the message that "A policy is in effect on your computer which
prevents you from connecting to this print queue. Please contact your system
administrator."

Power Users and Local Administrators can add the printers, as can users if
the driver is already installed. Computers are running XP and NT. Printer
server is Windows 2000 SP4 cluster server. I've checked the policies in place
and the Domain Computer security option to prevent users from installing
printer drivers is disabled.

Any ideas? It's taking a long time to go round manually!

 

[Alan Morris]

If the domain is an NT4 domain, pickup SP2 for XP.

There is a policy on XP SP1 and greater that prevents true connections to
"untrusted"
(not in the same domain forest) servers. .

http://support.microsoft.com/default.aspx?scid=kb;en-us;319939
Description of the Point and Print Restrictions Policy Setting in Windows
Server 2003 and Windows XP


a.. By default, this policy setting is not configured. If you do not
configure this policy setting, users cannot download Point and Print drivers
from computers that are not in their Active Directory forest. The result of
not configuring the setting is the same as enabling the policy and setting
it to Users can only Point and Print to machines in their Forest.

 

[David A Toth]

I have a similar problem and let me explain further. The user and computer
are in ths same forest as the print server they are trying to access. If
they do not have local admin rights on the client machine, you get the error
about the policy prohibiting access. If you add them to local admins, let
the printers map and then remove the user from local admins, everything maps
and they can access the print queue.
Now as another caveat, the same user can move to a different machine with no
admin rights and they can access the print queue no problem. The printers
are mapped through a VB logon script. We have extended the schema to include
a map default print attribute and a printers user can see attribute which
are read by the script. The Point and Print policy is not configured on the
domain so I wouls assume that users should be able to access the print
queues. Any help is appreciated.

 

[David A Toth]

Just wanted to add this is a native Win 2k3 SP1 R2 domain with XP SP2
clients.