Solved

Deploying Point and Print in a Windows 2008, 2003 AD server environment to stop being prompted for security and UAC when selecting a new printer.

Posted on 2011-09-09
3
307 Views
Last Modified: 2012-05-12
We use Dell and Toshiba (all in one) printers.
We have Windows 2008 and 2003 servers in our AD environment. Our print server is a 2003 R2 Standard Edition server. Our users are Windows 7 and a few Visa pc's. They can go to \\myprintserver from the command prompt and select printer to install. However, then it prompts them with the security warning prompt and "do you wnat to continue". They respond with Yes. However the print driver download begins and they then get a UAC prompt because they do not have sufficient credentials to download the driver. So our helpdesk person has to go by, login with there credentials and download the driver. Then they are ready to print.
We want to get around this issue. What is the best way to do this?
Implement Point and Print?
Pre-stage the print drivers on the pc's we image?
Upgrade our print server to Windows 2008?
Use only signed print drivers? (I am not sure we can always guarantee the download of signed drivers).

What would be best practices?
0
Comment
Question by:lanman777
  • 2
3 Comments
 
LVL 4

Expert Comment

by:ZephyrTC
ID: 36511657
You tried applying printers through a login script?

VBS can do this, and if you use a case statement with a little cool coding, you can apply printers as needed by users according to their security groups.

Here's a quick example of adding  a printer to a computer via VBS.

dim objNetwork

set objNetwork = CreateObject("Wscript.Network")

objNetwork.AddWindowsPrinterConnection "\\YourServer\PrinterShare"

set objNetwork = nothing

Open in new window


Also, in Server 2008, you can assign printers based on OUs in Group Policy. (this may be your preferred option).

Simply navigate to:
http://technet.microsoft.com/en-us/library/cc754699.aspx

Both linked articles are necessary.  
0
 
LVL 4

Expert Comment

by:ZephyrTC
ID: 36511682
Also, if you go the scripting route with UAC enabled, you will need to apply this registry setting in order to allow the scripts to run:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\System
EnableLinkedConnections=dword:1

This can be applied through GPO as well.
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 500 total points
ID: 36512387
The easiest way, IMO, to deploy printers in the environment you've described is by using the Print Management console and group policies.  This allows you to deploy printers through group policies and bypasses the need for local users to have an administrative-level password to install printer drivers.  

Here are a couple of Technet articles:

http://technet.microsoft.com/en-us/library/cc731292.aspx

http://technet.microsoft.com/en-us/library/cc725938.aspx
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now