Solved

Allow non-administrators to install printers (local).

Posted on 2008-10-07
5
1,730 Views
Last Modified: 2013-12-15
Question,


I'm deploying an image globally to a few hundred sales people. These users need to be able to install local printers on the machines, but cannot have poweruser/administrator privledges.


Can this be set with a local group policy to allow the installation?


The installs will be purely driver and not from CD's that require additional applications. Its possible that we can load the drivers onto the local machine. It is also possible to have the users VPN into the domain to perform some kind of task.


What to do? Sactfice security for the convienience of letting users install printers?


Can we do an install of the printer under administrator that will allow the end-user to simply add the printer?




Two policies I have found but am unsure if are helpful are:


Local Computer Policy | User Configuration | Administrative Templates  | Control Panel
| Printers there is the Point and Print Restrictions setting.

 Computer Configuration | Windows Settings | Security Settings | Local Policies| User Rights Assignment | "Load and Unload Device Drivers."
0
Comment
Question by:citslogin
5 Comments
 
LVL 5

Accepted Solution

by:
ccns earned 500 total points
ID: 22663660
Computer Configuration | Windows Settings | Security Settings | Local Policies| User Rights Assignment | "Load and Unload Device Drivers."

this is the policy you will need to enable on your computers in AD. will give access to deal to the printers.
0
 
LVL 1

Author Comment

by:citslogin
ID: 22663709
This has to be done in AD or can be done on local machines?
0
 
LVL 1

Author Comment

by:citslogin
ID: 22669919
I tried to set this policy but under add/remove printers the option for local printers is greyed out. Only network printers button is available.
0
 
LVL 1

Expert Comment

by:ifmtech
ID: 22670663
It sounds like you are editing the local policy.  I would suggest applying this change to a GPO in AD.  It is probably greyed out because it is being overridden by AD currently.
0
 
LVL 1

Expert Comment

by:ch_b
ID: 22691041
Try this link, this allows to run a specific line in you bat with higher priviledge:
http://www.computerhope.com/runas.htm
0

Featured Post

Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now