More fun with permissions and permissions need to print via RDP

TheMSsForum.com: The Microsoft Software Forum

Using kb article # 244600 I've been doing a comparsion of
the folder permissions as they exist on our 2k sbs server
because they just seem too open. I think someone has changed
something. Is there anyway to tell who has changed security
on files?

The real issue is that I have changed a few settings because
someone had give "everyone" full access to the root of "C"
and that just doesn't quite seem right. Can some one correct
me on this?

Also, adjusting the security permissions on the following
folders, Documents and Settings, programs, %systemroot%,
%systemroot%\Addins, %SystemRoot%\Connection Wizard
according to that of the kb article, suddenly we are having
printing fun.

According to a previous post we updated everyones RDP client
to vs 5.2 because certain users at a remote location where
not able to transfer their local printers to the Terminal
Server sessions. After updating the RDP client they were
then able to print. Now after changing the permissions on
the above folders, users establishing an RDP session, their
printers transfer to the terminal server but they can print.
The print job redirect hits the remote PC but then just
disappears. If I assign the user administrator rights they
can suddenly print. Obviously I don't want to give everyone
administrator rights so I'm wondering what permissions are
needed to fix this issue?

Again assistance is so much appreciated.

thanks.
Top

Re: More fun with permissions and permissions need to print via RDP by Dave

Dave
Fri Sep 10 19:12:56 CDT 2004

Did this server originally run NT4? That Everyone/Full Control on the root
of server drives is a carryover from NT.

You want to be careful changing permissions, as you've seen. I took
Everyone off the ACL for a large data drive, which took at least a half hour
to apply. Needless to say, everyone was denied access for the second half
hour while I put Everyone back.

Not sure about your TS problem - does the Authenticated Users group have
read and execute on the system32\spool directory? It should be inheriting
that from system32. If that KB is the one I think it is (default
permissions for win2k DCs), just double check the permissions on system32
and make sure the spool directory is inheriting. Failing that, I think
you're going to have to revisit any other permissions you've changed that
could relate to printing.

"Martin Stepanek" <martin@image-technology.com> wrote in message
news:OfqINXqlEHA.2020@TK2MSFTNGP09.phx.gbl...
> Using kb article # 244600 I've been doing a comparsion of
> the folder permissions as they exist on our 2k sbs server
> because they just seem too open. I think someone has changed
> something. Is there anyway to tell who has changed security
> on files?
>
> The real issue is that I have changed a few settings because
> someone had give "everyone" full access to the root of "C"
> and that just doesn't quite seem right. Can some one correct
> me on this?
>
> Also, adjusting the security permissions on the following
> folders, Documents and Settings, programs, %systemroot%,
> %systemroot%\Addins, %SystemRoot%\Connection Wizard
> according to that of the kb article, suddenly we are having
> printing fun.
>
> According to a previous post we updated everyones RDP client
> to vs 5.2 because certain users at a remote location where
> not able to transfer their local printers to the Terminal
> Server sessions. After updating the RDP client they were
> then able to print. Now after changing the permissions on
> the above folders, users establishing an RDP session, their
> printers transfer to the terminal server but they can print.
> The print job redirect hits the remote PC but then just
> disappears. If I assign the user administrator rights they
> can suddenly print. Obviously I don't want to give everyone
> administrator rights so I'm wondering what permissions are
> needed to fix this issue?
>
> Again assistance is so much appreciated.
>
> thanks.


Top