Background
By configuring policy, Citrix Presentation Server 4.0 allows use of legacy printer names (e.g. Client\clientname#\HP Laserjet 4) which was used by the previous version of Presentation Server for Auto-creation. In addition, auto-created printers created by legacy client printers can be shared between sessions and users may prefer the method of the previous version of Presentation Server.
Administrators need to be aware when applying legacy client printers rules because Citrix Presentation Server 4.0 applies additional security for auto-created printers.
Symptoms
Administrators cannot manage other sessions’ auto-created printers (e.g. changing properties and so on) which are created by the legacy client printers rule in Citrix Presentation Server 4.0.
In the previous version of Presentation Server, administrators can manage other sessions’ auto-created printers. This is because auto-created printers in the previous version of Presentation Server are basically managed by Windows authentication.
Reproduction Steps
1. In the Presentation Server Console, select the Policies node in the left pane and choose the relevant policy and right-click Properties. Choose Printings > Client Printers and choose the Legacy client printers option.
2. Launch a published application using a user authorization account from a client device.
3. Ensure that the printers on the client device are created as auto-created printers based on the Legacy client printers rules.
4. On the server local console, choose Control Panel and open Printer folder.
Note: In this step suppose that a user logs on to the server with an administrative account.
5. Choose auto-created printers in Printer folder and right-click to open its Properties.
6. Then a dialog popup appears stating that the user cannot access the printer and the user cannot change the printer properties. Subsequently another dialog appears stating that the user doesn't have an appropriate access right.
Cause
New auto-created printer architecture introduced in Citrix Presentation Server 4.0 includes enhanced securities to prevent the access to or handling of auto-created printers from an unintended user (or script). Auto-created printer securities are set in each session when establishing an ICA session. Therefore, a user could not manage auto-created printer properties though using an administrative account for the server.
In addition, this security context is applied even when a user applies Legacy client printers rules. A user cannot make any change to an auto-created printers’ configuration with an administrative account of the server as with the previous version of Presentation Server. This is by design.
