none
"Access Denied" When Creating Local Printer Port On Remote PC (Print Management Console)

    问题

  • Hi,

    I'm having an issue where when attempting to create a local port, on a remote PC via the Print Management Console in Windows 7, I get an "Access Denied" error message.

    • All machines are domain joined.
    • Tried with W10 and Server 2008 R2, too - same issue.
    • Firewall (all three states) off.
    • AV solution completely removed.
    • Tried with highest domain admin account.
    • Tried with UAC turned off and on.
    • Ran as admin when launching console.
    • GP - Point and Print Restrictions - Disabled.
    • GP - Allow Print Spooler to accept client connections - Enabled.
    • Print and File Sharing - On.
    • Network Sharing - On.

    To clarify, it is simply creating the port element that fails.

    • Can create TCP/IP ports OK.
    • Can create Local Ports on the local machine OK - just not on remote machines.
    • Can install printer if an existing local port is used, so drivers install OK.
    • Using PowerShell, can use the Add Printer Port command to add the local port, no problems there.

    It just seems to be an issue where the console attempts to verify if the said port exists, that the issue occurs.  If a put in an invalid port name in, it will bring up the correct response of "the network name cannot be found".

    Cheers!


    2016年7月20日 13:24

全部回复

  • Hi,

    Your study and description are detailed, for access denied error, we usually consider permission, you mentioned that you have tried highest domain admin account, in general, this account should belong to Administrators group, so permission should be fine.

    On my computer, GP: Point and Print Restrictions is configured as Not Configured, both of in Computer configuration and User Configuration. You can try modify it to see the result.

    In addition, to my knowledge, we need to check the following setting on the computer that has the shared printer installed.

    Share Permissions

    1. On explorer, go to C:\windows\system32\spool

    2. Right click PRINTERS, select Properties

    3. Click the Sharing tab

    4. Click Advanced Sharing

    5. Check "Share this folder"

    6. Click Permissions

    7. Grant Everyone Full Control

    NTFS Permissions

    1. On explorer, go to C:\windows\system32\spool

    2. Right click PRINTERS, select Properties

    3. Click the Security tab

    4. Click Edit

    5. Click Add

    6. Click Advanced

    7. Click Find Now

    8. Choose "NETWORK"

    9. Click OK

    10. Grant NETWORK Full Control

     

    Of course I search online for you, there is a similar case is worth referring to, Air Jimi’s reply might be helpful to your condition.

    https://community.spiceworks.com/topic/102569-acces-denied-when-creating-local-port

    Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Sincere regard


    Please mark the reply as an answer if you find it is helpful.

    If you have feedback for TechNet Support, contact tnmff@microsoft.com

    2016年7月21日 3:06
    版主
  • Hi Teemo,

    Many thanks for your reply.

    I think I may have seen the same article as you've kindly listed - so I've already tried the NTFS and Share permissions, but the issue remains.

    I've also tried disabling SMB2 (via the registry) but again the issue remains.

    I've looked at Event Viewer but I can't really see anything in there to indicate the cause of the problem.  I've also installed SysMon (SysInternals) for additional logging, but I'm not quite sure where to look for the relevant event logs.

    I'll modify the group policies in relation to Point and Print Restrictions and report the results.

    Many thanks.
    2016年7月21日 10:53
  • Hi,

    Just tried the group policy settings as Not Configured for Point and Print Restrictions, still no joy.  I also enabled the guest account on both machines. :(

    I've checked through RSOP.msc and I really can't see anything that would prevent the port from being added.

    Any other suggestions would be greatly appreciated.

    2016年7月21日 11:57
  • Dear Shaheen,

    From my survey, there is one point needs to be noticed.

    Be sure to use printmanagement.msc when adding the ports, install the Remote Server Admin Tools for the Print Role on TS servers.

    If the port names writes to an existing filename you can see access denied error.

    In addition, I find out a case might be helpful to you, please refer to it for assistance.

    https://social.technet.microsoft.com/Forums/windows/en-US/3c833648-c60f-4e6e-8bfc-ec81aa7685ae/windows-7-add-printer-local-port-name-is-prtservershare-error-access-is-denied?forum=winserverprint

    Regards

     


    Please mark the reply as an answer if you find it is helpful.

    If you have feedback for TechNet Support, contact tnmff@microsoft.com

    2016年7月22日 7:15
    版主
  • Hi again.

    The issue remains I'm afraid.

    I've installed RSAT and the additional Printer features (on the W7 host machine).
    I am indeed using the Print Management Console.
    I've set the NTFS permissions for 'Users' on the System32\Spool folder and made sure the permissions copy down.
    I've also used RegShot to examine what changes when a local port is created.  Based on the results, it seems just a few settings are changed to some system folders and to 1 registry directory.  Administrators have access to the said folders and I even gave 'Everyone' permissions on the said regsitry directory.

    Alas, none of this has worked.

    I even got a colleague to try with his Domain Administrator account - no joy.

    I think what may help is if we can understand what excatly happens within Windows when a local port on a remote computer is created.
    Because if we can breakdown the steps, it may help to norrow down the root cause.

    Cheers.


    2016年7月22日 11:50
  • OK so as another test measure, I've just built a Server 2012 R2 and a W10 v-machine.

    I've placed them at the root default OU container which has minimal polices applied to it.  Made sure Remote Registry service is running, firewall was off, network and printer sharing enabled.

    Again, its the same issue.  I seem to be quickly running out of ideas. :(

    2016年7月22日 16:17
  • We have not heard from you in a couple of days. Please post back at your convenience if we can assist further.

    Please mark the reply as an answer if you find it is helpful.

    If you have feedback for TechNet Support, contact tnmff@microsoft.com

    2016年7月27日 9:20
    版主
  • We have not heard from you in a couple of days. Please post back at your convenience if we can assist further.

    Please mark the reply as an answer if you find it is helpful.

    If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Hi,

    I'm afraid the issue still remains.  I'm not sure what else to try now.

    2016年7月27日 9:48
  • Yes thank you!

    It worked!


    Jean Gaudreau

    2018年7月11日 17:48