I am assuming you are hitting the issue where you get the message that there
is a Policy that prevents connecting to the server.

If you are getting some other error please advise.


http://support.microsoft.com/default.aspx?scid=kb;en-us;319939
Description of the Point and Print Restrictions Policy Setting in Windows
Server 2003 and Windows XP


a.. By default, this policy setting is not configured. If you do not
configure this policy setting, users cannot download Point and Print drivers
from computers that are not in their Active Directory forest. The result of
not configuring the setting is the same as enabling the policy and setting
it to Users can only Point and Print to machines in their Forest.


--
Alan Morris
Windows Printing Team
Search the Microsoft Knowledge Base here:
http://support.microsoft.com/default.aspx?scid=fh;[ln];kbhowto

This posting is provided "AS IS" with no warranties, and confers no rights.

"The_Donn" > wrote in message
...
> To all,
>
> Your mission if you are willing to accept it, is to find a way to
circumvent the need for administrator rights on the local machine to add a
network printer.
>
> We currently are on a winnt4 domain with mixed os'es. Only the Xp
machines have a problem with the user needing local admin rights to add the
printer. This is not acceptable because we do not want give users local
admin rights.
>
> The network printers are of an eclectic variety ranging from hp laserjets
to xerox doc centers. They all connect to a windows 2000 print server. All
drivers are loaded.
>
> Any ideas are greatly appreciated. It would eliminate a necessary evil of
having to reinstall all users printers personally when our xp rollout is
completed.
>
> Thanks
>

Xref: kermit microsoft.public.windowsxp.print_fax:53938




--
Alan Morris
Windows Printing Team
Search the Microsoft Knowledge Base here:
http://support.microsoft.com/default.aspx?scid=fh;[ln];kbhowto

This posting is provided "AS IS" with no warranties, and confers no rights.

"The_Donn" > wrote in message
...
> Thank you for your response.
>
> Yes, that is the problem. I have gone into the local gpo mmc and added
power users to the 'load and unload device drivers' right. I then in turn
added our 'domain users' group to the local 'power users' group. I logged
in as a regular domain user and was able to add a network printer with the
'add printer wizard'. I am going to test if it works for typing unc paths
of the printers.
>
> Also, I tried to view the 'resultant gpo rights' as the regular user and
it listed 'load and unload device drivers' as undetermined/not configured.
I don't care if it's listed, just as long as it works, but it was strange.
>
> Any other insight on how this whole process works or if there is a better
way to resolve my issue I would appreciate the info.
>
> Good day
> The_Donn

This policy was added in SP1 for XP. The problem is the code that is used
to determine if the server is a trusted machine does not work when the
Domain Controller is NT4. The new functions that work on NT4 DCs have been
added to XP SP2.

The policy blocks copying the driver from the server, but when the driver
exists on the client or the client can install the driver from the local
driver.cab file, then the connection can be made (as you found out by
elevating the users to power users).

Your solution opens some security holes but will be very simple to rollback
later after you apply SP2

Other solutions:
Run XP without SP1 (just pick up all the security updates), then you do not
have to elevate privilege.

Install the drivers you need with a WMI script (can be performed
remotely)prndrvr.vbs. Since the driver is preinstalled, the connection is
made without having to download from the server.

--
Alan Morris
Windows Printing Team
Search the Microsoft Knowledge Base here:
http://support.microsoft.com/default.aspx?scid=fh;[ln];kbhowto

This posting is provided "AS IS" with no warranties, and confers no rights.

"The_Donn" > wrote in message
...
> Thank you for your response.
>
> Yes, that is the problem. I have gone into the local gpo mmc and added
power users to the 'load and unload device drivers' right. I then in turn
added our 'domain users' group to the local 'power users' group. I logged
in as a regular domain user and was able to add a network printer with the
'add printer wizard'. I am going to test if it works for typing unc paths
of the printers.
>
> Also, I tried to view the 'resultant gpo rights' as the regular user and
it listed 'load and unload device drivers' as undetermined/not configured.
I don't care if it's listed, just as long as it works, but it was strange.
>
> Any other insight on how this whole process works or if there is a better
way to resolve my issue I would appreciate the info.
>
> Good day
> The_Donn