Restart Print spooler without admin rights

Started by Matthew Udovich, March 31, 2011, 08:08:28 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Matthew Udovich

Morning all, for whatever reason when one of our three remote offices VPN gets reset or disconnected their printers go offline and I need to restart the print spooler on the terminal server. I am trying to find a way to have a batch file or other shortcut on their desktop that will allow them to do this without my intervention and without giving them all admin rights. Is this possible??

As always, thanks for the help.


Jeff Zylstra

Check into the SysInternals Suite of utilities.  If my memory serves me correctly, there is a utility in there that will store a password so that you can do a "run as" function and restart the spooler with the required permissions.
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

Matthew Udovich

I'm looking at PSEXEC right now, but it looks like I need to store the username and password in the batch file  :'( and then the end users can see it  :o

Mark

You could try setting a scheduled task (run once should be good enough) and then have users right-click and "run" when needed.
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Jeff Zylstra

Quote from: Matthew Udovich on March 31, 2011, 09:19:10 AM
I'm looking at PSEXEC right now, but it looks like I need to store the username and password in the batch file  :'( and then the end users can see it  :o

Is there a way to create a single purpose user group that would give rights to start the spooler service?  I know, far fetched, but I thought I would mention it.
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

Mark

Quote from: Jeff Zylstra on March 31, 2011, 09:28:29 AM

Is there a way to create a single purpose user group that would give rights to start the spooler service?  I know, far fetched, but I thought I would mention it.

Built-in print operators group might have permissions to do this...
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Matthew Udovich

I've added the remote users to the print operators group on both the domain to no avail :-(


The scheduled task is a great idea, anyone no if I an call a scheduled task from a batch file? I think I'll need a shortcut on the desktop or these fine people will just grab a stone and a chisel to get their hard copies.

Mark

Quote from: Matthew Udovich on March 31, 2011, 09:40:56 AM
The scheduled task is a great idea, anyone no if I an call a scheduled task from a batch file? I think I'll need a shortcut on the desktop or these fine people will just grab a stone and a chisel to get their hard copies.
'
Go to command line and: schtasks /?
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Matthew Udovich

Well the schtasks command in a batch file works great for me when logged in as admin, but unfortunately the regular users get an Unable to start the task scheduler error :'(

Mark

Quote from: Matthew Udovich on March 31, 2011, 10:46:25 AM
Well the schtasks command in a batch file works great for me when logged in as admin, but unfortunately the regular users get an Unable to start the task scheduler error :'(

Ok, lets try and take a different approach.  when this disconnect happens, is there anything in a windows event log?
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Matthew Udovich

Quote from: Mark on March 31, 2011, 10:48:44 AM
Ok, lets try and take a different approach.  when this disconnect happens, is there anything in a windows event log?

I've never really been able to pinpoint the timing of the disconnect as it happens mostly on weekends or overnight and we 'discover' it only by the printers not working. I've scoured the event logs and nothing sticks out to me.

I did find a solution to the permissions issue on the print spooler, http://helgeklein.com/ has a handy little freeware tool that allowed me to set permissions on the spooler service, so now my original batch file can be run by any of the remote users on the server.

Someday I'm sure I figure out why only the one office has this problem.

Thanks to everyone for helping me with this!!

Mark

Quote from: Matthew Udovich on March 31, 2011, 11:08:03 AM
Quote from: Mark on March 31, 2011, 10:48:44 AM
Ok, lets try and take a different approach.  when this disconnect happens, is there anything in a windows event log?

I've never really been able to pinpoint the timing of the disconnect as it happens mostly on weekends or overnight and we 'discover' it only by the printers not working. I've scoured the event logs and nothing sticks out to me.

I did find a solution to the permissions issue on the print spooler, http://helgeklein.com/ has a handy little freeware tool that allowed me to set permissions on the spooler service, so now my original batch file can be run by any of the remote users on the server.

Someday I'm sure I figure out why only the one office has this problem.

Thanks to everyone for helping me with this!!

Sweet!  My next suggestion was going to take advantage of event triggers (C:\>eventriggers /?) based off of an event in event logs to run the script automagically (and as a privileged user).

But, now you have a solution -- nice find!
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Matthew Udovich

With that tool, it makes me wonder if i missed something obvious and should have been able to set permissions on that service natively in windows :-(

Mark

Quote from: Matthew Udovich on March 31, 2011, 11:14:06 AM
With that tool, it makes me wonder if i missed something obvious and should have been able to set permissions on that service natively in windows :-(

I was looking for that earlier.  I think it might be a group policy.  When people have printer spooler issues on their workstations here, (usually related to fax@ and long pdf file names) they call me and I run a script that uses psexec to fix.

I will share for the heck of it:

REM RMspool.bat
REM Usage: C:\>rmspool [computername]

@echo off
@echo Killing Fax@vantage processes
taskkill /S %1 /F /IM @vantage.exe /T
taskkill /S %1 /F /IM BiMAppNT.exe /T

@echo Stopping spooler
psexec \\%1 -n 5 -w C:\windows\system32\spool\printers net stop spooler

@echo Deleting print jobs
psexec \\%1 -n 5 -w C:\windows\system32\spool\printers cmd /c del *.shd *.spl

@echo starting spooler
psexec \\%1 -n 5 -w C:\windows\system32\spool\printers net start spooler

@echo All tasks completed.  View output above before closing.
@pause


We are on 5.x of fax@ and this happens fairly often when people forget to save the PDF instead of printing right from the web page.
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security