Printer Deployment using MEM/SCCM - Detection method Logic - I need help

Matt Dillon 1,211 Reputation points

I am struggling with the logic needed to get Network Printers installed via SCCM with the latest patching requiring Admin Credentials.

After reading this: ( I came up with a plan to run three Deployments in one:

  1. Run as Admin - Add reg key from article to allow non-admin printer installs using a powershell script with the detection method checking for the entry.
  2. Run as User - Run a PowerShell script - Add-Printer -ConnectionName "\SERVER\Printer" with the detection method being Get-Printer -Name "\SERVER\Printer"
  3. Run as Admin - Remove the reg key added in Step 1.

Step 3 is where it has been tricky. It is essentially undoing the first step. This results in the Application thinking it is installed before it is even run. I thought maybe add a reg entry or a file and while that works, it is messy. If the printer is uninstalled, that file or reg entry remains and will not rerun the script. I was looking for a universal registry entry or file that gets created when the printer is added, but that has proven difficult. Since the printer needs to be installed as a User, the get-printer command will not result in showing the printer is installed.

I tried the following script for detection, but it will not run:

`# Look For Registry Values that show East Copy Room Printer Installed
New-PSDrive -Name HK_USERS -PSProvider Registry -Root HKEY_USERS | Out-Null
$RegUserValues = (Get-ChildItem REGISTRY::HKEY_USERS | Select-Object -ExpandProperty name)
Foreach ($item in $RegUserValues)

    $Result = (Get-ItemProperty "HK_USERS:\$item\Printers\Connections\*" -ErrorAction SilentlyContinue | Select-Object PSChildName)
    If ($Result -ne $null)    # ",,SERVER,EastCopyRoom1")
        Write-Output "Success!!"


Remove-PSDrive -Name * -Force`

EDIT: To clarify, by not run I mean that I get an error in the AppDiscovery.log that shows Script Execution returned error message: Get-ChildItem: Requested Access is not allowed.....PermissionDenied (HKEY_USERS...SecurityException

I can run the script as Admin on my laptop and it results in "Success!!" when I have the printer installed for my user and blank when then printer is not installed for my user.

Anyone have any thoughts on a different detection method here? Looking for a file or reg entry that get generated when a network connection printer is installed and gets removed when the printer is removed.

Microsoft Configuration Manager Application
Microsoft Configuration Manager Application
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Application: A computer program designed to carry out a specific task other than one relating to the operation of the computer itself, typically to be used by end users.
469 questions
Microsoft Configuration Manager
0 comments No comments
{count} votes

6 answers

Sort by: Most helpful
  1. Rahul Jindal [MVP] 9,556 Reputation points MVP

    Maybe this can help. I set it up using Intune, but you can replicate it in ConfigMgr. intune-configure-printers-for-non.html

    2 people found this answer helpful.

  2. AlexZhu-MSFT 5,626 Reputation points Microsoft Vendor


    Firstly, if we use custom script detection methods, please check below table for the logic that the configuration manager determines if an application is installed.

    Create applications in Configuration Manager


    Secondly, for the script you shared, it seems the break is not necessary (Please correct me if I am wrong since I'm unable to touch the real environment)

    foreach enumerates all the child keys, if break is used, only the first key, that is HKEY_USERS.DEFAULT in my test, is executed.

    test script (just show how it works) for your information

    # Look For Registry Values that show East Copy Room Printer Installed  
    New-PSDrive -Name HK_USERS -PSProvider Registry -Root HKEY_USERS | Out-Null  
    $RegUserValues = (Get-ChildItem REGISTRY::HKEY_USERS | Select-Object -ExpandProperty name)   
    Foreach ($item in $RegUserValues)   
       "=====   " + $item + "   ====="  
       $reg_path = "HK_USERS:\" + $item + "\Printers\ConvertUserDevModesCount"  
       $Result = Get-ItemProperty -path $reg_path -ErrorAction SilentlyContinue  
       If ($Result -ne $null) # ",,SERVER,EastCopyRoom1"  
    			Write-Output "Success!!"  
    Remove-PSDrive -Name HK_USERS -Force  

    screenshots from lab test

    registry hive

    script result w/o break

    script result w/ break

    If the response is helpful, please click "Accept Answer" and upvote it.

    1 person found this answer helpful.

  3. Garth 5,801 Reputation points

    Why have a detection method at all? Why did you need to rerun the script if the printer is remove? What is you sla for printer reinstalls?

    I have ideas but it needs 3rd party tools.

  4. Matt Dillon 1,211 Reputation points

    Ugh. Still messy . Now after waiting the weekend, the AppDiscovery.log no longer shows the error. I have to run the job twice before everything removes itself. Not good enough. Back to the drawing board. Seeing as Step 1 and Step 3 have opposite detection methods, this will be a bit more challenging than I had hoped if I want it to be secure.

    0 comments No comments

  5. Eirik Hamer 81 Reputation points

    As much as I love ConfigMgr, I prefer GPP for printer deployment... Any reason it has to be done by CM?

    0 comments No comments