Why is group policy for setting default printer being run as SYSTEM when 'Run in logged-on user's security context' is selected?


I have taken over administration of a 2008 r2 domain where there were two group policies for creating network printer shares on domain user logon:

GPO1 to map network printers:

GPO > User Configuration > Policies > Windows Settings > Deployed Printers

GPO2 to set default based on security group:

GPO > User Configuration > Preferences > Control Panel Setting > Printers (This GP is set up to Replace on 3 printers based on what Security Group a user is a member of)

I noticed that when I add the security group to set my default printer (for testing) and log into my Windows 10 machine, I get the following error:

"The user '[Printer Share Name]' preference item in the '[GPO Name] {[GUID]}' Group Policy Object did not apply because it failed with error code '0x80070005 Access is denied.' This error was suppressed."

The GPO having the error was the second one, GPO2, which is supposed to set the default printer, and the error in eventvwr was showing the user SYSTEM. I immediately thought this was an easy fix and went into the GPO and selected the printers, went to the common tab to select "Run in logged-on user's security context." However, this option was already selected.

I have since re-created the GPO2 using a different name and even added the Everyone=Print permission to the printer itself to see if maybe there was an authentication issue, but still the same error comes up.

I ran:

gpresult /Scope user /v

and verified that the GPO is definitely getting applied. Since I re-created the GPO with a slightly different name and the error message appears with the updated name, I know this is not coming from the old GPO anyway.

I also tried removing the "Run in logged-on user's security context," and I still get the same error, which I would expect. What gets me is the system does not seem to care if this checkbox is ticked or not. It seems to be trying to add the printer/select the default as SYSTEM no matter whether this checkbox is ticked or not.

Does anyone have any ideas or thoughts?

asked on Server Fault Sep 13, 2018 by T0beus

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0