Re: redirected printer security changes won't stick

After doing some more searching around, it seems that the security names
assigned to redirected printers are created from scratch when the printer is
autocreated within the session. So any change made to the list is lost
because the list gets re-created the next time you log on, and there is no
way to modify what names are assigned to the printer's security list.

What I was trying to do was have the user create a share name for the
auto-created printer so that they could then issue a "net use lpt1
<sharename>" command. They need to run a DOS program on the terminal server
which prints to LPT1. Instead of printing on a printer where the terminal
server is located, we want it to print on the user's local computer via the
shared redirected printer mapped to LPT1.

The problem is that a non-administrator is unable to create the share name
for the printer that gets created when they log into the terminal server. I
suppose on solution is to give the user administrator permissions
temporarily so that the share can get created. Or, perhaps I can share the
auto-created printer for them if we are both logged into the same terminal
server at the same time.

Or is there any way to print to LPT1 on a terminal server and have the
output sent out the LPT1 port of the client's computer, without having to
map LPT1 to a shared printer on the terminal server? The "Local resources"
tab of the remote desktop connection program has a check box for serial
ports, but not for parallel ports.

"David Lummis" <david8@xxxxxxxxx> wrote in message
I'm having some problems with redirected printer security on a Windows
Server 2003 SP1 terminal server.

I'm trying to find out how to change the groups and user names (in the
security tab) that are assigned to a redirected printer when someone logs
onto the Terminal Server. I can change the list while logged on as the
administrator, but the changes seem to get lost once I log out. I have
tried waiting a few minutes before and after making the changes.

Currently the list consists of the following items: Account unknown
(S-1-5-32-547), Administrators, CREATOR OWNER, and the currently logged in
user. At the very least I'd like to add the Printer Operators group.

Is there a default list of security names it assigns to every redirected
printer each time someone logs in, and if so where can I go to change
them? Or does anyone have any idea as to why I can't get the changes to
stick when I modify the list via the printer properties security tab?