Hey Folks,
I have build a new RemoteDesktop Environment for our Company. I used Windows Server 2019 RDS and Windows Server 2016 Print Servers. All Printers have a AD-Security Group for allowing Printjob's and the default Group "Everyone" removed. Some of
our Old (HP) Printers (with MS drivers) where mapped but Printing was not Possible. The Job Spawned in the Queue and dissappeard but no paper was printed. I figuerd out, that printing works if Group "Evereyone" was allowed to print. But we use AD-Groups
to manage the mapping. So what to do. I found out, that the Group "Services" need to be allowed to Print to make them running. I wrot a small Script to add this Group to all Printers (Run as Adminisrtator)
$ServiceACL = "(A;;SWRC;;;SU)"
ForEach ($Printer In $(Get-Printer -Full | Where-Object {$_.Shared})) {
If ($Printer.PermissionSDDL.Contains($ServiceACL)) {
Write-Host -ForegroundColor Green $Printer.Name
} Else {
Write-Host -ForegroundColor Yellow $Printer.Name
Set-Printer -Name $Printer.Name -PermissionSDDL $($Printer .PermissionSDDL + $ServiceACL)
}
}
Now everything works fine, but i wonder why i need to grant Printservice acces to Printer on a PrintServer...
Cheers!
Clemens
