Allow non-Admins install third party print drivers
Hello,
My users who are NOT local administrators cannot install printers shared from my printserver if the printer uses a third party driver on their local computers.
No RDP or Citrix here!
I have enabled the GP to allow NON-Admin users to install printers. This works!
How ever, If the shared printer uses a third party print driver an error is received and the user cannot install that printer.
How can I get around this?
I have downloaded ALL the printer drivers DIRECTLY from the manufacture's websites, so I'm not quite sure why there are third party drivers in use.
I would just like to allow non-admins permission to install printers with third party drivers..
Thanks
Windows Server 2008 Std R2 Print Server
Windows 7 & XP clients
My users who are NOT local administrators cannot install printers shared from my printserver if the printer uses a third party driver on their local computers.
No RDP or Citrix here!
I have enabled the GP to allow NON-Admin users to install printers. This works!
How ever, If the shared printer uses a third party print driver an error is received and the user cannot install that printer.
How can I get around this?
I have downloaded ALL the printer drivers DIRECTLY from the manufacture's websites, so I'm not quite sure why there are third party drivers in use.
I would just like to allow non-admins permission to install printers with third party drivers..
Thanks
Windows Server 2008 Std R2 Print Server
Windows 7 & XP clients
ASKER
I have a feeling your settings under "System/Driver Install..." is causing the conflict. Start by removing that option, use gpupdate on the test system, and try again.
If that doesn't work, I'd try the the remaining policies under the Computer config (obviously besides the point and print policy) until you find the one that is causing the issue.
If that doesn't work, I'd try the the remaining policies under the Computer config (obviously besides the point and print policy) until you find the one that is causing the issue.
ASKER
Hello,
I have modified my GPO as you suggested ran gpupdate /force, rebooted, and I was unable to map printers as a local user.
I removed the rest of the GPO setting as shown in the screen shot attached and ran gpupdate /force, then a reboot, and the local user account was still unable to map to shared printers.
Any other suggestions?
SS.jpg
I have modified my GPO as you suggested ran gpupdate /force, rebooted, and I was unable to map printers as a local user.
I removed the rest of the GPO setting as shown in the screen shot attached and ran gpupdate /force, then a reboot, and the local user account was still unable to map to shared printers.
Any other suggestions?
SS.jpg
I'd verify that the x86 and x64 driver is installed on the print server for each printer. If that is setup then login to one of the PCs having issue as an admin and try to add the printer.
If this works then delete the printer and the driver from the PC, reboot and try again as a regular user. Maybe even create a new test user on the domain and use that account. If this gives you an error, screen shot it and post it back here.
If this works then delete the printer and the driver from the PC, reboot and try again as a regular user. Maybe even create a new test user on the domain and use that account. If this gives you an error, screen shot it and post it back here.
ASKER
Hello,
Yes the server has both 32 and 64bit drivers for all printers. If I login as local admin I can install the printer on the machine with no problems. and I have performed the exact same request, deleted the printer and drivers from the PC , rebooted, and tried again as a non-admin which produces the same error..
Title: Connect to Printer
Message: A policy is in effect on your computer which prevents you from connecting to this print queue. Please contact your system administrator.
On the PC I checked the local security policy and noticed that under User Rights & Assignments - Load & unload device drivers was set to Administrators only
and under Security Options - Devices - Prevent users from installing printers - was set to enabled. I disabled this and added Users to the list of groups allowed to load & unload device drivers. I rebooted the machine and still the local user cannot install printers.
Ideas?
Yes the server has both 32 and 64bit drivers for all printers. If I login as local admin I can install the printer on the machine with no problems. and I have performed the exact same request, deleted the printer and drivers from the PC , rebooted, and tried again as a non-admin which produces the same error..
Title: Connect to Printer
Message: A policy is in effect on your computer which prevents you from connecting to this print queue. Please contact your system administrator.
On the PC I checked the local security policy and noticed that under User Rights & Assignments - Load & unload device drivers was set to Administrators only
and under Security Options - Devices - Prevent users from installing printers - was set to enabled. I disabled this and added Users to the list of groups allowed to load & unload device drivers. I rebooted the machine and still the local user cannot install printers.
Ideas?
Go to the Delegation tab, post a screenshot of that here, click on advanced at the bottom, and verify that no one has any deny permissions and that everyone has apply permissions.
ASKER
What Delegation tab?
ASKER
Ahhh.. The delegation tab on the GPO. Gotcha. Here's the before screenshot.
SS-Delegation-GPO.jpg
SS-Delegation-GPO.jpg
The one in Group Policy Management that is right next to the settings tab from your last screen shot.
ASKER
I added user = read to the delegation and rebooted my PC. This did not correct the problem.
Authenticated users should be sufficient if the user that is logging into the PC is a domain user. Be sure that the user is logging into the domain.
If that's all correct, I'd remove the pc from the domain and add it back. Remember to move the PC to the correct OU so that it gets the Printer Policy you created.
If that's all correct, I'd remove the pc from the domain and add it back. Remember to move the PC to the correct OU so that it gets the Printer Policy you created.
ASKER
Grrrrr....
*Removed computer from domain. [reboot]
*Ran Security Configuration & Analysis, applied Compatws.inf [reboot]
see: Win XP Predefined security templates
*renamed computer. [reboot]
*joined domain. [reboot]
*logged in as domain user with local user privs. received same error message when trying to map printer.
*Added PC to OU with 'Allow printer mapping' GPO
*gpupdate /force [reboot]
*logged in as domain user with local user privs. received same error message when trying to map printer.
*Removed computer from domain. [reboot]
*Ran Security Configuration & Analysis, applied Compatws.inf [reboot]
see: Win XP Predefined security templates
*renamed computer. [reboot]
*joined domain. [reboot]
*logged in as domain user with local user privs. received same error message when trying to map printer.
*Added PC to OU with 'Allow printer mapping' GPO
*gpupdate /force [reboot]
*logged in as domain user with local user privs. received same error message when trying to map printer.
ASKER
If I add [domain users] into the local [Power Users] group I can successfully map any printer.
I sincerely do not want to grant all my user [Power User] privs....
MS Article KB 888046
There has GOT to be a way around this...
I sincerely do not want to grant all my user [Power User] privs....
MS Article KB 888046
There has GOT to be a way around this...
Wait a sec, is this a Windows 7 PC or a Windows XP PC that is having issues?
ASKER
We are currently working with a Windows XP pc. I believe on my Win 7 clients it prompts for a username and password to map the printers.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for all your help redbmaster...
Disappointed at Microsoft for not allowing us to grant Win XP Local Users rights to install printers off a printserver. Glad I'll be phasing out my Win XP machines soon...
Disappointed at Microsoft for not allowing us to grant Win XP Local Users rights to install printers off a printserver. Glad I'll be phasing out my Win XP machines soon...
PrintPolicy.JPG