none
Local Printer Greyed Out

    Question

  • I recently built a Windows Server 2003 and found that I could NOT add a Local Printer after adding it to domain. Checked other servers in my domain. Seems to be an issue on all my Server 2003 boxes in the domain but Server 2008 R2 are still capable of adding the local printers. I don't understand why this may be occuring even though I logged in with administrator via remote desktop first but later tried using local console.

    Environment:
    -Mix of server (2003, 2003R2, 2008R2) in LAN & DMZ
    -Windows Server 2003 Domain Functional Level
    -I have 4 DC's that are 2008R2 and 1 DC that is 2003
    Sunday, March 21, 2010 4:07 PM

Answers

  • It turned out the issue was a simple. The "Load and Unload Device Drivers" had ALL_Staff listed but administrator was not part of that group. So, it was explicitly denied that role thru this GPO. I had to add the admin groups to this policy and "Modify Firmware Environment Values" then did a gpupdate (logged off\logged on), it worked fine.
    • Marked as answer by Habib Bilfaqi Monday, March 22, 2010 5:09 PM
    Monday, March 22, 2010 5:09 PM

All replies

  • There is a policy that specifically blocks Printer Addition but you will get an Access Denied error when you click Add Printer Wizard.

    I'll assume you verified the print spooler service is running.


    Alan Morris Windows Printing Team; Search the Microsoft Knowledge Base here: http://support.microsoft.com/search/Default.aspx?adv=1
    Sunday, March 21, 2010 10:22 PM
  • Yes, I looked in these places listed below of the Local Security Policy to see what really is applied.

     

    Security Settings --> User Rights Assignment --> Load & Unalod Drivers = All Staff

    Security Settings --> Security Options --> Devices: Prevent Users from Installing Printer Drivers = Disabled. 

    Monday, March 22, 2010 12:20 AM
  • It turned out the issue was a simple. The "Load and Unload Device Drivers" had ALL_Staff listed but administrator was not part of that group. So, it was explicitly denied that role thru this GPO. I had to add the admin groups to this policy and "Modify Firmware Environment Values" then did a gpupdate (logged off\logged on), it worked fine.
    • Marked as answer by Habib Bilfaqi Monday, March 22, 2010 5:09 PM
    Monday, March 22, 2010 5:09 PM