Prevent users from installing print drivers & Fallback terminal services enabled... print drivers still being added.

[Guest Aaron Anderson]

Prevent users from installing print drivers & Fallback terminal services enabled... print drivers still being added.

 

I've got a pair of Terminal Servers. I have enabled the Fallback printer

driver option. I have enabled the option in group policy to prevent users

from installing printer drivers. I wanted to only have 2 or 3 print drivers

on each server. an HP 1020, LaserJet4, and my 2x Universal Driver.

 

Every now and then, a new printer driver shows up on the system and I get an

event as shown in the snippet.

 

I've logged into the systems from half a dozen different machines with

various printers installed. I've tried user accounts that are

administrators, and regular users. The drivers from the computers I have

tested are not copied to the TS, and the fallback driver does it's thing,

properly.

 

This is all at a clients office. They have one lady there who is slightly

crazy, and will lie about what she does and doesn't do on the network

equipment. I honestly believe that she's lying when she says she isn't

adding these drivers.

 

 

What can I do to track this down?

 

Type: WarningDate: 1/9/2008Time: 5:22:56

PMEvent: 20Source: PrintCategory: NoneUser:

\SYSTEMComputer: GWIKTS01Description:Printer Driver Ricoh Aficio

AP4500 PCL for Windows NT x86 Version-3 was added or updated. Files:-

UNIDRV.DLL, UNIDRVUI.DLL, RIAP4500.GPD, UNIDRV.HLP, RIAFRES.DLL, UNIRES.DLL,

RIAP450X.GPD, RIAF5MAC.GPD, TTFSUB.GPD, STDNAMES.GPD.

[Guest Vera Noest [MVP]]

Re: Prevent users from installing print drivers & Fallback terminal services enabled... print drivers still being added.

 

Re: Prevent users from installing print drivers & Fallback terminal services enabled... print drivers still being added.

 

How does she get past the GPO setting which prevents users from

installing printer drivers? Is she an Administrator? Does she

temporarily chnage the GPO?

Even if she is an Admin and you can't change that, can't you change

the security filtering of the GPO? Create a special Administrator

account, let's call it GPOadmin, which only *you* know the password

of, and use that to edit GPOs. Add this account to the security

filtering of the GPO, with full permissions. Then remove the

"Modify" rights from Administrators. When you want to edit the GPO,

you can start the GPeditor with the Runas command to run it under

the GPOadmin account.

 

You could try to enable auditing of file access and then configure

auditing for some of the files or folders mentioned in the Event.

That should give you a username when it happens again.

 

_________________________________________________________

Vera Noest

MCSE, CCEA, Microsoft MVP - Terminal Server

TS troubleshooting: http://ts.veranoest.net

___ please respond in newsgroup, NOT by private email ___

 

"Aaron Anderson" <aaron@nomail.com> wrote on 12 jan 2008 in

microsoft.public.windows.terminal_services:

> I've got a pair of Terminal Servers. I have enabled the

> Fallback printer

> driver option. I have enabled the option in group policy to

> prevent users from installing printer drivers. I wanted to only

> have 2 or 3 print drivers on each server. an HP 1020, LaserJet4,

> and my 2x Universal Driver.

>

> Every now and then, a new printer driver shows up on the system

> and I get an event as shown in the snippet.

>

> I've logged into the systems from half a dozen different

> machines with various printers installed. I've tried user

> accounts that are administrators, and regular users. The drivers

> from the computers I have tested are not copied to the TS, and

> the fallback driver does it's thing, properly.

>

> This is all at a clients office. They have one lady there who is

> slightly crazy, and will lie about what she does and doesn't do

> on the network equipment. I honestly believe that she's lying

> when she says she isn't adding these drivers.

>

>

> What can I do to track this down?

>

> Type: WarningDate: 1/9/2008Time:

> 5:22:56 PMEvent: 20Source: PrintCategory:

> NoneUser: \SYSTEMComputer: GWIKTS01Description:Printer

> Driver Ricoh Aficio AP4500 PCL for Windows NT x86 Version-3 was

> added or updated. Files:- UNIDRV.DLL, UNIDRVUI.DLL,

> RIAP4500.GPD, UNIDRV.HLP, RIAFRES.DLL, UNIRES.DLL, RIAP450X.GPD,

> RIAF5MAC.GPD, TTFSUB.GPD, STDNAMES.GPD.

[Guest Aaron Anderson]

Re: Prevent users from installing print drivers & Fallback terminal services enabled... print drivers still being added.

 

Re: Prevent users from installing print drivers & Fallback terminal services enabled... print drivers still being added.

 

I don't know how they're getting past it. I've logged in with a users

account that keeps adding her IBM laser printer from her computer. I keep

deleting it, and it keeps coming back. I've tried her account from several

locations and the the TS FallBack driver comes into play for everything.

(she's in a remote office and I don't have access to her printer)

 

Right now I don't believe that this lady is adding the drivers. They've

appeared when I know she is in meetings, etc. So that's out of the question.

So right now the GPO's I have in place apply to everyone, even

administrators.

 

I don't need to enable the auditing, becuase I have a specific account that

uses an IBM laser printer that always re-appears.

 

I am totally baffled.

 

 

 

 

"Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message

news:Xns9A24D97B195E8veranoesthemutforsse@207.46.248.16...

> How does she get past the GPO setting which prevents users from

> installing printer drivers? Is she an Administrator? Does she

> temporarily chnage the GPO?

> Even if she is an Admin and you can't change that, can't you change

> the security filtering of the GPO? Create a special Administrator

> account, let's call it GPOadmin, which only *you* know the password

> of, and use that to edit GPOs. Add this account to the security

> filtering of the GPO, with full permissions. Then remove the

> "Modify" rights from Administrators. When you want to edit the GPO,

> you can start the GPeditor with the Runas command to run it under

> the GPOadmin account.

>

> You could try to enable auditing of file access and then configure

> auditing for some of the files or folders mentioned in the Event.

> That should give you a username when it happens again.

>

> _________________________________________________________

> Vera Noest

> MCSE, CCEA, Microsoft MVP - Terminal Server

> TS troubleshooting: http://ts.veranoest.net

> ___ please respond in newsgroup, NOT by private email ___

>

> "Aaron Anderson" <aaron@nomail.com> wrote on 12 jan 2008 in

> microsoft.public.windows.terminal_services:

>

>> I've got a pair of Terminal Servers. I have enabled the

>> Fallback printer

>> driver option. I have enabled the option in group policy to

>> prevent users from installing printer drivers. I wanted to only

>> have 2 or 3 print drivers on each server. an HP 1020, LaserJet4,

>> and my 2x Universal Driver.

>>

>> Every now and then, a new printer driver shows up on the system

>> and I get an event as shown in the snippet.

>>

>> I've logged into the systems from half a dozen different

>> machines with various printers installed. I've tried user

>> accounts that are administrators, and regular users. The drivers

>> from the computers I have tested are not copied to the TS, and

>> the fallback driver does it's thing, properly.

>>

>> This is all at a clients office. They have one lady there who is

>> slightly crazy, and will lie about what she does and doesn't do

>> on the network equipment. I honestly believe that she's lying

>> when she says she isn't adding these drivers.

>>

>>

>> What can I do to track this down?

>>

>> Type: WarningDate: 1/9/2008Time:

>> 5:22:56 PMEvent: 20Source: PrintCategory:

>> NoneUser: \SYSTEMComputer: GWIKTS01Description:Printer

>> Driver Ricoh Aficio AP4500 PCL for Windows NT x86 Version-3 was

>> added or updated. Files:- UNIDRV.DLL, UNIDRVUI.DLL,

>> RIAP4500.GPD, UNIDRV.HLP, RIAFRES.DLL, UNIRES.DLL, RIAP450X.GPD,

>> RIAF5MAC.GPD, TTFSUB.GPD, STDNAMES.GPD.