Share via

Print driver installation from print server

michal 191 Reputation points
2022-05-26T23:33:35+00:00

Hi all,

I've added a new printer to network and been strugling to deploy the printer (XEROX) to users since then.... I've added the printer to Print Server (Windows Server 2016) with no problem, downloaded and installed a driver and trying to deploy it to users via GPO....

As I've found out, there are some limitation now for installing printer drivers from print server - non-admin users are not allowed to do it. How can I resolve that? I've been doing some research online and found some solutions but it is still not working for me.

I configured GPO as below:

  • Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options. Find the policy Devices: Prevent users from installing printer drivers -> DISABLED
  • Computer Configuration > Policies > Administrative Templates > System > Driver Installation > Allow non-administrators to install drivers for these device setup classes {4658ee7e-f050-11d1-b6bd-00c04fa372a7} and {4d36e979-e325-11ce-bfc1-08002be10318}
  • Point and Print Restrictions for Computers and also Users
  • Configured registry -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint\ RestrictDriverInstallationToAdministrators =0

The Results:

  • When I use printer server name only (like "abc") then I get message that "We can't install this printer at the moment. Try again later or contact your network admin for help"
  • When I use FQDM of printer server, I get message "Printer isn't available because your network administrator has restricted access to it"
  • When I set Point and Print to DISABLED, I get again "Printer isn't available because your network administrator has restricted access to it"

When I check the registry on testing machine (WINDOWS 11), I can see all the setting there under " HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint\" ... soo it seems to be applied correctly

From what I've read, I should be getting some warnings when adding printer - like "Do you trust this printer" or asked for Admin credentials when adding printer. But all I get is are those messages above,,,

Below is a printscr of the GPO

206043-printer-gpo.jpg

What am I missing here??? How comes it is so complicated to deploy a printer? Or is there any other way than the above to resolve this issue? Spent hours and hours testing it but no luck :/

Windows Server Printing
Windows Server Printing
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Printing: Printer centralized deployment and management, scan and fax resources management, and document services
655 questions
0 comments

6 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alan Morris 1,161 Reputation points
    2022-05-27T13:13:01.33+00:00

    @michal

    The current default is admin access to install software from the server.

    With the registry key added so the non admin can install the software when no server name is configured in Point and Print policy, you get the error?

    The other policy that forces a similar check is the Package Point and Print policy. Make sure you don't have a server name in that policy.

    Sorry, not currently at a computer to confirm the exact name.

    Thanks

    1 person found this answer helpful.
    0 comments
  2. michal 191 Reputation points
    2022-05-27T15:03:01.99+00:00

    Hi @Alan Morris .... that's right ... with the configuration you see above, I'm getting the messages that user is restricted to access printer. From many online sources I've seen, that it should -at least- ask for Administrator credentials.... which is not my case either :/

    Btw, "Package Point and Print policy" is set as "Not Configured"

    PS: I have that GPO applied directly to domain. I'm not expert with GPO, but I guess it should be automatically applied to all users/computers in that domain...

    0 comments
  3. michal 191 Reputation points
    2022-05-31T16:04:44.697+00:00

    so... I've spent another several hours on this.... Looks like the issue is the driver (it's Type 3)... When I tried to use another one - Xerox WorkCenter driver for example - which is type 4, the printer was added to users via GPO with no issue.... However, as it is not the proper driver, it is causing some issues when printing... :/

    0 comments
  4. Alan Morris 1,161 Reputation points
    2022-05-31T20:42:36.273+00:00

    @michal

    That's the way Type 4 works.

    There is no driver software transferred to the client system but you can add the connection to the share.

    This is the reason Standard user can add the connection. No software.

    When software is required, then admin access is also the new default

  5. Limitless Technology 44,101 Reputation points
    2022-06-01T07:44:46.013+00:00

    Hello Michaelkedhlow,

    By default Microsoft recommends to deploy Printers using GPO instead of user installing the printer, to avoid security issues or workarounds. You seem to have applied all the steps known by the community to enable that workaround and allow the users to install certain printers based in Classes, but for some reason the system is still ignoring it.

    My guess would be that UAC is not working properly, and strongly suggest to make a test disabling completely UAC in order to confirm or discard that interaction.

    Please follow the instructions to disable UAC in one of the machines and user sessions affected: https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/disable-user-account-control

    ----------------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments