OK. Lets say an client support person manages the shares printers at a remote site. The remote server is a standard file and print server, Windows Server 2003 SP2 (32 bit)
The client support staff has little (if any) rights to the server. If your admin model is written like ours, you need to grant access for the manipulation of Prints, Printer Ports, Print Driver Installations; without giving Administrative access to the server.
Here are the proper steps to accomplish this, without inheriting a security risk to your infrastructure:
Step 1: Create an Active Directory Group for Remote Server Print Admins
Step 2: Add said group to the following local groups on the server where the printers will reside
The admins can now RDP to the server, and manage current printers, change existing attributes
Step 3: Open secpol.msc (If you don't know how to get here, STOP Administering Servers!!!) LOL)
Add the said AD group to "Local Policy\User Rights Assignment\Load and Unload Device Drivers"
See pic above
Save and your done!
