Terminal Server Printer Management: How to Restrict Printer Views to Authorized Users


How can a user be configured on a terminal server to only view and access permitted printers in the ‘Devices and Printers’ list or a specific folder path, rather than seeing all printers attached to the server? Additionally, if the ‘print’ permission for ‘Everyone’ is removed in the printer’s security settings, it prevents printing but still allows the selection of the restricted printer, resulting in an ‘Access Denied’ error. How can this be addressed?


In a terminal server environment, controlling printer access is crucial for maintaining security and ensuring that users only interact with devices they are authorized to use. Here’s how you can configure a user to view and access only permitted printers, and address the issue of restricted printers still being visible.

To limit printer visibility, you can use Group Policy settings. By creating a Group Policy Object (GPO) linked to the Organizational Unit (OU) containing the terminal servers, you can define which printers are available to which users.

Step 2: Printer Permissions

Adjust the printer permissions by removing the ‘Everyone’ group and adding specific user groups or accounts that should have access. This ensures only authorized users can print.

Step 3: Active Directory Groups

Create Active Directory groups for users based on their printer access needs. Assign these groups the necessary permissions on the printers they should access.

Step 4: Session Printers

Use the ‘Session Printers’ policy to define which printers are mapped to a user’s session. This policy can be found under User Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Printer Redirection.

Step 5: Addressing ‘Access Denied’ Errors

To prevent users from seeing printers they cannot use, ensure that the ‘List in the directory’ permission is unchecked for those printers. This way, even if a user tries to add a printer manually, they won’t find the restricted printers listed.

Step 6: Printer Location Tracking

Enable ‘Printer Location Tracking’ in your Group Policy settings. This allows you to specify printers based on the client’s location, further refining access control.


By carefully configuring Group Policy settings and managing Active Directory groups and permissions, you can create a secure and efficient printing environment on your terminal server. This approach not only restricts access to authorized printers but also enhances the user experience by preventing confusion and errors related to unauthorized printer selection. Remember to test your configurations in a controlled environment before rolling them out to all users to ensure a smooth transition.

Leave a Reply

Your email address will not be published. Required fields are marked *

Privacy Terms Contacts About Us