Frank Posted October 6, 2005 Share Posted October 6, 2005 We are starting to roll out Windows XP machines slowly to replace the Windows 2K machines. In the past we used a "NET USE LPT1 \\SERVERNAME\PRINTERSHARENAME" for one of our programs to be able to print properly. On the first new machine this command needs to run on it kept asking me for a username and password (which it never did before) and when I typed in the users username and password it would give me a "Error 3, Access is denied" message. If I typed in a Local or a Domain Admin's information it worked fine. I am pretty sure this is due to some new security restriction in Windows XP SP2 where the user has to be in the admin group in order to use this command. Is there any way to change this? Is there a security risk in changing this? Link to comment Share on other sites More sharing options...
John Veteran Posted October 6, 2005 Veteran Share Posted October 6, 2005 Can you browse the network and connect to the printer that way? It sounds like the permissions on the shared printer need to be checked. Link to comment Share on other sites More sharing options...
+John Teacake MVC Posted October 6, 2005 MVC Share Posted October 6, 2005 Couldnt you look up the NET USE Command EXE probably in the System type folders and set it to Run as Admin each time. If you know what I mean like when you try install something it asks you to log in as adminstrator. Link to comment Share on other sites More sharing options...
lardiop Veteran Posted October 6, 2005 Veteran Share Posted October 6, 2005 We are starting to roll out Windows XP machines slowly to replace the Windows 2K machines. In the past we used a "NET USE LPT1 \\SERVERNAME\PRINTERSHARENAME" for one of our programs to be able to print properly.On the first new machine this command needs to run on it kept asking me for a username and password (which it never did before) and when I typed in the users username and password it would give me a "Error 3, Access is denied" message. If I typed in a Local or a Domain Admin's information it worked fine. I am pretty sure this is due to some new security restriction in Windows XP SP2 where the user has to be in the admin group in order to use this command. Is there any way to change this? Is there a security risk in changing this? 586633394[/snapback] Use runas.exe to kick the batch files. That little .exe has saved me so much time at my job (Y) http://www.microsoft.com/resources/documen...n-us/runas.mspx Link to comment Share on other sites More sharing options...
Frank Posted October 6, 2005 Author Share Posted October 6, 2005 Can you browse the network and connect to the printer that way? It sounds like the permissions on the shared printer need to be checked. 586633466[/snapback] The user can print to this printer without any issues out of normal Windows Programs. The program that needs the network printer mapped to a LPT port is about 20 years old... so you can imagine the headaches I have to deal with on this program. Use runas.exe to kick the batch files. That little .exe has saved me so much time at my job (Y)http://www.microsoft.com/resources/documen...n-us/runas.mspx 586633482[/snapback] Wouldn't you need to specify a password with this as well? We don't want the user to be able to log on with Local Administrator rights. Couldnt you look up the NET USE Command EXE probably in the System type folders and set it to Run as Admin each time. If you know what I mean like when you try install something it asks you to log in as adminstrator. 586633492[/snapback] This may work out.. ill test and and let ya know. Link to comment Share on other sites More sharing options...
lardiop Veteran Posted October 6, 2005 Veteran Share Posted October 6, 2005 Wouldn't you need to specify a password with this as well? We don't want the user to be able to log on with Local Administrator rights. 586633521[/snapback] The idea of runas.exe is to keep users restricted in their security level while running certain instances of programs or system changes as the administrator. So just write your net use batch script and use runas.exe to run only that as the admin. We use it to deploy new software using batch files, windows scripts and a little programming language called AutoIt. Keeps the users restricted while we catch them on domain login, run our stuff as admin, then just let the users continue on uninterrupted. Link to comment Share on other sites More sharing options...
Frank Posted October 6, 2005 Author Share Posted October 6, 2005 The idea of runas.exe is to keep users restricted in their security level while running certain instances of programs or system changes as the administrator. So just write your net use batch script and use runas.exe to run only that as the admin.We use it to deploy new software using batch files, windows scripts and a little programming language called AutoIt. Keeps the users restricted while we catch them on domain login, run our stuff as admin, then just let the users continue on uninterrupted. 586633561[/snapback] This sounds like a very good tool but wouldn't it also pose a security risk? If I don't need to type in a password to run something as a local admin couldn't the user figure this out and install software he/she shouldn't be? Link to comment Share on other sites More sharing options...
Fresh Posted October 6, 2005 Share Posted October 6, 2005 cmd line devcon.exe disable *pnp0401 http://support.microsoft.com/default.aspx?...b;EN-US;Q311272 This will fix you right up...we had the same issue at work. Link to comment Share on other sites More sharing options...
Pliskin Posted October 6, 2005 Share Posted October 6, 2005 This is a new security restriction. NET USE LPT1 does not work for restricted users. Use VBScript or Kixtart to accomplish this. As far as I know, this cannot be changed. Link to comment Share on other sites More sharing options...
Fresh Posted October 7, 2005 Share Posted October 7, 2005 This can be done....trust me it works. Here is a better link. http://support.microsoft.com/kb/313644 Link to comment Share on other sites More sharing options...
Frank Posted November 22, 2005 Author Share Posted November 22, 2005 I started to build the new machines for the users today so I revisited this issue. Since the users are only using Network printers I decided the easiest way to accomplish what I needed was to disable the LPT1 port in the Bios. After I disabled the port I booted into Windows and it remapped the port with no errors. Thanks to everyone who helped! Link to comment Share on other sites More sharing options...
Recommended Posts