I have a Windows 2008 R2 server with Terminal server role installed. I'm seeing a problem with an ordinary user who is member of local printer operators group on the server.

If the user opens a cmd window using ‘run as administrator’ they can run printmanager.msc without needing to enter their password again. In printmanager they can change the ownership of redirected (easy print) printers without problems.

If, from the same cmd window, they use subinacl to try and change the onwership of the queue to themselves they get access denied:

>subinacl.exe /printer "_#MyPrinter (2 redirected)" /setowner="MyDom\MyUsr"
Elapsed Time: 00 00:00:00
Done:        1, Modified        0, Failed        1, Syntax errors        0
Last Done  : _#MyPrinter (2 redirected)
Last Failed: _#MyPrinter (2 redirected) - OpenPrinter Error : 5 Access denied

so, same context, same action but one works and one doesn't. Any ideas for this odd behaviour?

I'm using subinacl x86 on an x64 server as I can't find anything more up to date. I've tried with icacls and others but couldn't get them to do anything with printers.