A user who is logged on to a Windows Server 2003-based Terminal Server cannot configure a printer as the default printer


Symptoms


When a user logs on to a Microsoft Windows Server 2003-based Terminal Server, that user cannot configure a printer as the default printer. Also, the user experiences the following symptoms:
  • If the user right-clicks a printer, and then clicks Set as Default Printer, nothing happens. The user does not receive an error message, and the printer is not set as the default printer.
  • If the user clicks Yes under Do you want to use this printer as the default printer when the user installs a new printer, the user receives the following error message:
    Default printer cannot be set

Cause


This problem may occur if the following registry subkey is missing from the affected user's profile:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
This problem may occur if either of the following conditions is true:
  • The NTUser.dat file is damaged for the affected user.
  • The user does not have sufficient permissions to access the NTUser.dat file

Resolution


To resolve this problem, remove the affected user's profile, and then re-create the affected user's profile.

Workaround


To work around this problem, use one of the following methods, as appropriate for your situation.

Method 1: Use a logon script to create the registry subkey

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows


Configure a logon script to create the following registry subkey:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
To do this, follow these steps.

Step 1: Create a .reg file to create the Windows registry subkey

  1. Start a text editor such as Notepad, and then type or paste registry information that resembles the following into a new text file:
    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    "Device"=""
  2. Save the text file as a .reg file. For example, save the file as WindowsKey.reg.
  3. Copy the WindowsKey.reg file to a shared network location. For example, save the file to the Netlogon share on a domain controller.

    NoteIf you copy the WindowsKey.reg file to the Netlogon share of a domain controller, you must copy this file to the Netlogon share of the domain controller that holds the PDC Emulator operations master role.

Step 2: Create a script to update the Windows registry

  1. Start a text editor such as Notepad, and then type or paste script information that resembles the following into a new text file:
    @echo off 
    regedit /s \\example.com\NETLOGON\WindowsKey.reg
    NoteIn this script, the location of the registry file is the Netlogon share of a domain controller. However, you can modify this location, as appropriate for your situation.
  2. Save the file as a .cmd file. For example, save the file as UpdateWindowsKey.cmd.
  3. Copy the UpdateWindowsKey.cmd file to the same shared network location to which you copied the WindowsKey.reg file. For example, copy the UpdateWindowsKey.cmd file to the Netlogon share of a domain controller.

Step 3: Create a Group Policy object to run the script at startup

  1. Log on to a domain controller, and then start the Active Directory Users and Computers tool. To do this, click Start, click Run, type dsa.msc, and then click OK.
  2. Right-click the container in which you want to configure the Group Policy object, and then click Properties. For example, right-click an organizational unit container.
  3. Click the Group Policy tab, and then click New.
  4. Type a descriptive name for the policy, and then press ENTER.
  5. Click Properties, and then click the Security tab.
  6. To prevent this policy from being applied to certain users or to certain groups, add the particular user or the particular group, and then click to clear the following check boxes in the Allow column:
    • Read
    • Apply Group Policy
  7. After you modify the permissions, click OK.
  8. Click Edit to start the Group Policy Object Editor tool.
  9. Expand Computer Configuration, expand Windows Settings, and then click Scripts (Startup/Shutdown).
  10. In the details pane, double-click Startup.
  11. Click Add, and then type the UNC path of the .cmd file in the Script Name box. For example, type \\ domainControllerName\NETLOGON\UpdateWindowsKey.cmd.
  12. Click OK two times, and then exit the Group Policy Object Editor tool.
  13. Click Close to exit the ObjectNameProperties dialog box.
When a user applies Group Policy, the .cmd file updates the user's profile to create the Windows registry subkey. Therefore, you must make sure that the policy is only applied to the users for whom you want to modify the profile.

Method 2: Add the Domain Users group to the Default User folder on the Terminal Server

Add the Domain Users group to the Default User folder on the Terminal Server, and then grant this group the following permissions:
  • Read & Execute
  • Read
To do this, follow these steps:
  1. On the Terminal Server, start Windows Explorer, and then locate the Default User folder.
  2. Right-click Default User, and then click Properties.
  3. Click the Security tab.
  4. Add the Domain Users group to the Group or user names list.
  5. Click the Domain Users group, and then click to select both of the following check boxes in the Allow column:
    • Read & Execute
    • Read
  6. Click OK.
  7. Log off the affected user from the Terminal Server, and then have the user log on to the Terminal Server.
Note If the steps in the "Method 2: Add the Domain Users group to the Default User folder on the Terminal Server" section do not work, you may have to delete the affected user's profile. Then, the user must log on to the Terminal Server again to create a new profile. You may also be able to work around this problem by following these steps:
  1. Rename the NTUser.dat file, or remove the NTUser.dat file from the Default User folder on the Terminal Server.
  2. Copy the NTUser.dat file from the Default User folder on a Terminal Server with which you do not experience this problem to the Terminal Server with which you experience this problem. Make sure that you use a default NTUser.dat file from a Terminal Server on which the users have the same roles and on which the users use the same operating system.

More Information


For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

843259 A limited user can no longer print to a shared printer from a terminal server session after you restart the Spooler service in Windows 2000

833746 You cannot print from a Terminal Server session that is hosted by Windows Server 2003

831754 You receive an error message when you try to print to a shared network printer in a terminal server session

319939 Description of the Point and Print Restrictions policy setting in Windows Server 2003 and Windows XP