net use lpt1 to network printers

aromes

Beta member
Messages
3
All my user's machine's are part of a domain (Active Directory), they log onto their machine's using their active directory user account and have a central print server which has all network printer's added to it.
Up to recently, ALL users were able to run the command "net use lpt1 \\servername\printername" with no problem. Now, progressively more and more users are not able to run that command anymore (fails with error "Access denied") while others are still able to. What could the problem be? Thanks for leading be to the right track.
 

tech3211

Solid State Member
Messages
12
try running this command first. net use lpt1 /delete. Have any users changed their password?
 

aromes

Beta member
Messages
3
Cboucher: That is what I suspect. Problem is that the network ppl keep insisting that this could not be related to them. Probably they just do not know at what to look at. Could this be a policy enhanced directly on the Active Directory user profile? If that is a possibility, it may sound like it because some users are still able to. Others are not.


Tech3211: They do change passwords once in a while. In such case, they log out completely from the network completely and log back in. As for the net use lpt1 /d, thanks for this reminder. Indeed, that was tried.


PS: Gents, I know of this official note stating that only Admin users should be able to net use to a network printer: http://support.microsoft.com/default.aspx?scid=kb;en-us;313644&Product=winxp
(So eventhough they are not Local Admins, probably --- somewhere --those who are still able to net use the network printers are somehow Admins. And those who are not able to were perhaps removed from that Admin group - Thanks for correcting me if I am wrong).

Again, Many thanks foryour generous help.
 

jmacavali

Fully Optimized
Messages
4,867
You are correct that only Local Admins can add printers. There could be 2 ways that the users are local admins.

1. In active directory there is a group called something like "Local Admins" (is a user created group so name may vary) and then people are added to/taken out of that group. (this is how i have my network setup). This group is then added to the Local Admin Group on the local machine (either manually or via group policy during login).

2. Each user is manually added to the local computer they are using as a Local Admin.

You can check if this is causing issues by going to right-clicking on My Computer>Manage>Local Users/Groups>Groups>Administrators. See who is in there.


However, I'm curious why the printers aren't just pushed out via a login script from Active Directory? That way they don't have to worry about it. The script could push out to Computers or to Users. Seeing as how I'm the network admin, I have a script that runs that pushes out every printer on my network (we used centralized printing so it's like 8) that way no matter what computer I login to, I can print to any printer. That just seems like a more sensible solution to me....unless I'm missing an obvious reason for you to not use that on your network?
 
Top