Solved

Allow non-administrators to install printers (local).

Posted on 2008-10-07
5
1,732 Views
Last Modified: 2013-12-15
Question,


I'm deploying an image globally to a few hundred sales people. These users need to be able to install local printers on the machines, but cannot have poweruser/administrator privledges.


Can this be set with a local group policy to allow the installation?


The installs will be purely driver and not from CD's that require additional applications. Its possible that we can load the drivers onto the local machine. It is also possible to have the users VPN into the domain to perform some kind of task.


What to do? Sactfice security for the convienience of letting users install printers?


Can we do an install of the printer under administrator that will allow the end-user to simply add the printer?




Two policies I have found but am unsure if are helpful are:


Local Computer Policy | User Configuration | Administrative Templates  | Control Panel
| Printers there is the Point and Print Restrictions setting.

 Computer Configuration | Windows Settings | Security Settings | Local Policies| User Rights Assignment | "Load and Unload Device Drivers."
0
Comment
Question by:citslogin
5 Comments
 
LVL 5

Accepted Solution

by:
ccns earned 500 total points
ID: 22663660
Computer Configuration | Windows Settings | Security Settings | Local Policies| User Rights Assignment | "Load and Unload Device Drivers."

this is the policy you will need to enable on your computers in AD. will give access to deal to the printers.
0
 
LVL 1

Author Comment

by:citslogin
ID: 22663709
This has to be done in AD or can be done on local machines?
0
 
LVL 1

Author Comment

by:citslogin
ID: 22669919
I tried to set this policy but under add/remove printers the option for local printers is greyed out. Only network printers button is available.
0
 
LVL 1

Expert Comment

by:ifmtech
ID: 22670663
It sounds like you are editing the local policy.  I would suggest applying this change to a GPO in AD.  It is probably greyed out because it is being overridden by AD currently.
0
 
LVL 1

Expert Comment

by:ch_b
ID: 22691041
Try this link, this allows to run a specific line in you bat with higher priviledge:
http://www.computerhope.com/runas.htm
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question