Super. Thanks for the update
Deploy Printers GPP nots works in Windows Server
I have a problem with my network printers server and GPO, I tried to deploy printers in users in my company but impossible.
I saw many topics talking about PrintNightmare vulnerabilities and Microsoft patch it but still impossible to do something.
I tried many solutions like :
1.Via Group Policy (Computer Configuration > Preferences > Windows Settings > Registry), I added the registry entry “RestrictDriverInstallationToAdministrators” to “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint” and set to 0 (DWORD).
- Enabled the following in a GPO:
Computer Configuration > Policies > Administrative Templates > Printer > Package Point and print - Approved servers > [Enter FQDN(s) of print server(s).]
Computer Configuration > Policies > Administrative Templates > Printer > Point and Print Restrictions > [Enable and enter FQDN(s) of print server(s). I personally set security prompts for “Do not show warning or elevation prompt”.]
User Configuration > Policies > Adminstrative Templates > Control Panel > Printers > Package Point and print - Approved servers > [Enter FQDN(s) of print server(s).]
User Configuration > Policies > Administrative Templates > Control Panel > Printers > Point and Print Restrictions > [Enable and enter FQDN(s) of print server(s). I personally set security prompts for “Show warning only”.]
- You may also want to confirm that you have “Computer Configuration > Policies > Administrative Templates > System > Driver Installation > Allow non-administrators to install drivers for these device setup classes” set up with {4658ee7e-f050-11d1-b6bd-00c04fa372a7} and {4d36e979-e325-11ce-bfc1-08002be10318}, which are both printer-related. But if your deployed printers were working before that update went out, then you may have already had this set!
Or regedit update, but nothing works, always have a prompt elevation to deploy a printer to a non-admin domain user
There is a solution or I need to move to each user and install manually ?
Thank you !
Best Regards,
6 additional answers
Sort by: Most helpful
-
Alan Morris 1,156 Reputation points
2022-03-28T14:40:43.237+00:00 Hi,
The default requirement now to install the software from the server is administrative access.
There is a registry setting to allow non admin users the ability to install print drivers. It's discussed in several posts in this QA channel
The Windows Point and Print policies really do not matter much anymore other than the print server names.
-
Jérémy MUNOZ 36 Reputation points
2022-03-28T15:02:11.39+00:00 Hello @Alan Morris ,
Thanks for your answer !
I tried via GPO to allow non admin to install printer (Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options. Find the policy Devices: Prevent users from installing printer drivers.) but it not works, I want to deploy printer with user and not computer.
The policy works only with Computer policy or both ?
I saw many topics and try many solutions but without sucess...
Thanks again !
-
Alan Morris 1,156 Reputation points
2022-03-28T15:48:08.747+00:00 there is not a group policy for the registry setting.
You will need to add this to all the client systems but you can add this to a policy
[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint]
"RestrictDriverInstallationToAdministrators"=dword:00000000You can learn more about the new admin defaults in this MS article https://support.microsoft.com/en-gb/topic/kb5005652-manage-new-point-and-print-default-driver-installation-behavior-cve-2021-34481-873642bf-2634-49c5-a23b-6d8e9a302872
Thanks
-
Alan Morris 1,156 Reputation points
2022-03-28T15:52:08.843+00:00 If the clients do not need to connect to shared printers outside of your organization, I highly recommend setting up the print server names in the Computer / Admin Templates / Printers / Point and Print restrictions policy.