0

Hy all,

OK, i have a problem related with RDP user, printers and runas. My main language is not English but I will try explain the best i can.

We have a windows server 2003 installed with specific software, we have 4 different user that access that software via RDP and print with redirect printer to his office, so far so good.

Now the developer told me that i need to run the application as administrator so i create a batch file to runas the application as administrator (the RDP login is still the same user). My main problem now is that the application show all printers in the network, including other active remote printers and set one printer as default. Without runas it only showed me the user redirected ones.

I have tried to add to the batch file rundll32 printui.dll,PrintUIEntry /y /n "printername" but the name include the session and thats always random... depend which user logins first.

I know administrators and power user can always see all printers, is there a way to remove that option for a specific administrator account, that way i could create a "fake" admin account just to run the application as RUNAS.

Btw that server is in a Domain but the users are local server, not domain users.

Thanks for the help in advance.

yagmoth555
  • 16,758
  • 4
  • 29
  • 50
Ricardo Valente
  • 3
  • 1
  • Please keep noted that Windows 2003 is EOL since July 14, 2015 and you are REALLY running into security issues when you still us that. You should start using the solution to a newer OS. https://www.microsoft.com/en-us/cloud-platform/windows-server-2003 – BastianW Nov 15 '16 at 13:16
  • Thanks for the Tip BastianW, i already got plans to change the windows server 2003. I will check that link for sure. Unfortenly for now i need to get this done first because the new application module will be in production in a couple of days. – Ricardo Valente Nov 15 '16 at 14:56

1 Answers1

0

Please create a local user on the server with local admin privilege, you seem to have used a domain admin account to create your run-as. As such it's a normal behavior that an domain admin can list all printers that are listed in Active Directory.

Solution B is to run a process monitor and watch where the application need admin right, and delegate the correct access after.

yagmoth555
  • 16,758
  • 4
  • 29
  • 50
  • Thanks for the quick answer Yagmoth. I already created a local admin to RUNAS but the problem is the same. I can stil see all other RDP redirected printers if other user are logged. But u are right, with the local admin i stop see all network printers... only RDP redirect printer problem now. – Ricardo Valente Nov 15 '16 at 14:51
  • @RicardoValente to see other user redirected printers is normal now, as hes admin. I would check with the software vendor, why the software need admin right, sometime you can change some file to bypass that necessity. – yagmoth555 Nov 15 '16 at 15:11