Allow user to install local printer without print operators member

Hello people,

I was wondering, is it possible to allow a user, which is not a member of
the built-in print operators group, to install local printer drivers on a
Windows Server 2003 Domain Controller?

I've tried Aaron Margosis' tip (using TweakUI, see:
http://blogs.msdn.com/aaron_margosis/archive/2005/04/18/409105.aspx) but this
didn't work for me...

If anyone knows a way to do this, please let me know!

thanks in advance,

regards
Ferdy

 

Select Start/All Programs/Administrative Tools/Domain Security Policy
Then select Local Policies/User Right Assignment/Load and Unload device
drivers

Add the user or group and that should work. You can also do this on XP
boxes where the users are a member of the USERS Group and need to install
local drivers. The only difference in the server and client is Domain Sec.
Policy vs. Local Domain Policy.

Hope that helps!
John

 

Hi John,

thank you for your reply!

Sadly though, specifying this policy for the user didn't solve the problem...
The user still doesn't get the option to choose "install local printer"
(it's still greyed out...)

 

You don't want anyone but domain admins installing any kind of system
software including drivers on DCs. That would allow them to completely
do any and everything they wanted to do regardless of anything else, you
might as well make them Enterprise admins because if they want it you
certainly won't be stopping them from getting it.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm