cconk01 Posted December 19, 2006 Share Posted December 19, 2006 I am currently in charge of locking down a W2K3 terminal server, which to my knowledge i have done an exceptional job at (i love locking thing down). Anyways i have restricted access to any local drives, redirected my documents to a mapped drive with quotas, removed any unwanted apps and used ntfs permissions to lock them out even further. My problem:When a remote user connects they bring with them there printer and is displayed to all other terminal service users. I need it so they are unable to see any local printers on the server and remove any other users from being able to see other RDP users printers but their own. Any ideas, software or thought would be greatly appreciated. Thanks in advance,Peter Link to comment Share on other sites More sharing options...
cluberti Posted December 19, 2006 Share Posted December 19, 2006 I've seen this before where the user accounts were power users on the Terminal Server, or had Print Administrator rights assigned. Also seen this happen when the users' printers are initially installed locally via a logon script that is running under a generic service account, rather than the user (like in ScriptLogic, for example). Link to comment Share on other sites More sharing options...
cconk01 Posted December 19, 2006 Author Share Posted December 19, 2006 I dont want to enable them access to any other printer then there own. currently they can see all the printers, which is what i dont want....i think you misunderstood my question.... Link to comment Share on other sites More sharing options...
cluberti Posted December 20, 2006 Share Posted December 20, 2006 No, I understand completely - users on a TS can see printers in other sessions and probably print to them. And I told you why this can happen - make sure you aren't doing either of these things on the client machines or the Terminal Server itself, because this is a permissions issue entirely. Link to comment Share on other sites More sharing options...
cconk01 Posted December 21, 2006 Author Share Posted December 21, 2006 my apologies, i understand now. I checked and there are no batch files running to map printers, also all of the users are only domain users and another group i created called restricted, where i added the group restricted to each printer and denied them rights. This removed all the locally attached printers, but still when users log in to the server over TS users are able to see other printer sessions. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now