Adding shared printer from 2012R2 Print Server: Access denied

network-printernetwork-shareprint-serverwindows 7windows-server-2012-r2

  • Windows Server 2012R2 (x64)
    • Set "in" domain1
    • Enabled Print and Document Services role with Print Server and LPD Service services
    • Accessible with user account domain2\user
    • Shared printer (LPT1/Generic/Text) as Generic_for_test set to "Everyone: All"

Properties of Generic_for_test

  • Security settings of \\server.domain1\print$ set to "Everyone: All"

Security Settings of Generic_for_test

  • Sharing settings of C:\Windows\System32\spool\drivers set to "Everyone: All"

Security settings of print$

  • Windows 7 Professional (x64)
    • Set "in" domain2
    • Logged in user account domain2\user
    • Connecting to the printer (via "Add Network printer" and pointing it to \\server.domain1\Generic_for_test results in this error:

Error Message

Connection to printer failed

A policy on this computer prevents a connection to this printer queue.

I already tried:

  • Group policies as advised on the internet

Computer configuration > Adminsitrative Templates > Printer >

  • Prevent installation of printers that use kernelmode drivers > Deactivated
  • Point-and-Print for packages – Allowed servers > Deactivated
  • Point-and-Print restrictions > Deactivated

User configuration > Administrative Templates > Control Panel > Printer >

  • Use only Point-and-Print for packages > Deactivated
  • Point-and-Print restrictions > Deactivated

What else can I do / try to fix this?

Best Answer

  1. Check the following GPO: Local Computer Policies\Administrative Templates\Printers\ Allow print spooler to accept client connections >> Enable

  2. If the option 1 doesn't work, You may need to Configure the Load and unload device drivers policy setting. To do this, follow these steps:

Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.

In the navigation pane, right-click your domain name, and then click Properties.

Click the Group Policy tab, click the GPO that you want to modify, and then click Edit.

In Group Policy Object Editor, locate and then click the Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment folder.

Locate and then double-click Load and unload device drivers.

Click to select the Define these policy settings check box, and then click Add User or Group to add the Power Users domain group.

In the Add User or Group dialog box, click Browse to locate the Power Users domain group. Under Enter the object names to select, type Power Users (You can enter Everyone if you want Everyone to install printer drivers), and then click Check Names to resolve the group name. Click OK three times.

Related Topic