This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 28.000000000000004%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJR%3C/text%3E%3C/svg%3E)
I have a problem with my network printers server and GPO, I tried to deploy printers in users in my company but impossible.
I saw many topics talking about PrintNightmare vulnerabilities and Microsoft patch it but still impossible to do something.
I tried many solutions like :
1.Via Group Policy (Computer Configuration > Preferences > Windows Settings > Registry), I added the registry entry “RestrictDriverInstallationToAdministrators” to “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint” and set to 0 (DWORD).
Computer Configuration > Policies > Administrative Templates > Printer > Package Point and print - Approved servers > [Enter FQDN(s) of print server(s).]
Computer Configuration > Policies > Administrative Templates > Printer > Point and Print Restrictions > [Enable and enter FQDN(s) of print server(s). I personally set security prompts for “Do not show warning or elevation prompt”.]
User Configuration > Policies > Adminstrative Templates > Control Panel > Printers > Package Point and print - Approved servers > [Enter FQDN(s) of print server(s).]
User Configuration > Policies > Administrative Templates > Control Panel > Printers > Point and Print Restrictions > [Enable and enter FQDN(s) of print server(s). I personally set security prompts for “Show warning only”.]
Or regedit update, but nothing works, always have a prompt elevation to deploy a printer to a non-admin domain user
There is a solution or I need to move to each user and install manually ?
Thank you !
Best Regards,
Super. Thanks for the update
Hey !
I succeed to deploy with Active Directory share and GPO.
I follow this site : https://rdr-it.com/en/troubleshooting/kb5005033-allow-non-administrators-to-install-printer-drivers/
And I active sharing with AD in my printers, so when my user is connected the printer is installed with print server name
https://www.technipages.com/add-delete-printers-active-directory
Well I will resume my configuration before close this topic :
I configure GPO Point and Print Restriction :
Computer Configuration / Policies / Administrative Templates / Printers with "Do not display warning or elevation prompt"
I create a regedit key in my GPO :
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint**RestrictDriverInstallationToAdministrators**
REG_DWORD value data 0
And in Common properties I checked **Delete the element when it is no longer applied **
In my printer server, I activated sharing for each printers and list in Active Directory,
I used GPP from my print server
If you want to follow :
@Alan Morris Thanks again for your help and your time !