I am investigating how to delegate management of print queues installed on our branch RODC.
I would like to allow print queue management without delegating the user admin rights on the box. I appreciate that some print management tasks will require admin rights but for now let's assume we only want to monitor the print queues.
There's no local Print Operators group as on a member server but I have come across the ntdsutil 'local roles' option and had a play with that. When I add the user to the Administrators group via local roles, true to form I can logon via RDP and manage print queues remotely - great.
However, when I just add the user to the Print Operators and Remote Desktop Users roles, I don't get any additional features (I can't log on via RDP and I can't see any printers via remote Print Management (i expect to see them, if not actually be able to interact with them).
I'm also surprised I can't logon via RDP once I've added the user to the Remote Desktop users group.
Am I missing something?
Cheers
Jon