Solved

Deploying Point and Print in a Windows 2008, 2003 AD server environment to stop being prompted for security and UAC when selecting a new printer.

Posted on 2011-09-09
3
308 Views
Last Modified: 2012-05-12
We use Dell and Toshiba (all in one) printers.
We have Windows 2008 and 2003 servers in our AD environment. Our print server is a 2003 R2 Standard Edition server. Our users are Windows 7 and a few Visa pc's. They can go to \\myprintserver from the command prompt and select printer to install. However, then it prompts them with the security warning prompt and "do you wnat to continue". They respond with Yes. However the print driver download begins and they then get a UAC prompt because they do not have sufficient credentials to download the driver. So our helpdesk person has to go by, login with there credentials and download the driver. Then they are ready to print.
We want to get around this issue. What is the best way to do this?
Implement Point and Print?
Pre-stage the print drivers on the pc's we image?
Upgrade our print server to Windows 2008?
Use only signed print drivers? (I am not sure we can always guarantee the download of signed drivers).

What would be best practices?
0
Comment
Question by:lanman777
  • 2
3 Comments
 
LVL 4

Expert Comment

by:ZephyrTC
ID: 36511657
You tried applying printers through a login script?

VBS can do this, and if you use a case statement with a little cool coding, you can apply printers as needed by users according to their security groups.

Here's a quick example of adding  a printer to a computer via VBS.

dim objNetwork

set objNetwork = CreateObject("Wscript.Network")

objNetwork.AddWindowsPrinterConnection "\\YourServer\PrinterShare"

set objNetwork = nothing

Open in new window


Also, in Server 2008, you can assign printers based on OUs in Group Policy. (this may be your preferred option).

Simply navigate to:
http://technet.microsoft.com/en-us/library/cc754699.aspx

Both linked articles are necessary.  
0
 
LVL 4

Expert Comment

by:ZephyrTC
ID: 36511682
Also, if you go the scripting route with UAC enabled, you will need to apply this registry setting in order to allow the scripts to run:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\System
EnableLinkedConnections=dword:1

This can be applied through GPO as well.
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 500 total points
ID: 36512387
The easiest way, IMO, to deploy printers in the environment you've described is by using the Print Management console and group policies.  This allows you to deploy printers through group policies and bypasses the need for local users to have an administrative-level password to install printer drivers.  

Here are a couple of Technet articles:

http://technet.microsoft.com/en-us/library/cc731292.aspx

http://technet.microsoft.com/en-us/library/cc725938.aspx
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
When I recently replaced my image transfer kit on my office HP color laserjet 5550dn printer, I had a slight problem.  The left bracket that holds the transfer kit got stuck in the upright locked position instead of being at a 45 degree angle facing…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question