Solved

Unable to allow users to install printer drivers

Posted on 2014-02-28
7
2,417 Views
Last Modified: 2014-04-14
I've configured the following policies on the Default Domain Policy:

Computer Configuration -> Administrative Templates -> System -> Driver Installation ->
Allow non-administrators to install drivers for these device setup classes
Enabled
{4d36e979-e325-11ce-bfc1-08002be10318}
{4658ee7e-f050-11d1-b6bd-00c04fa372a7}

Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options
Devices: Prevent users from installing printer drivers
Disabled

I've then confirmed the policy get's pushed out to a workstation by using RSOP (also ran a gpupdate /force for good measure).  However users that are not local administrators on a workstation are still unable to install printer drivers when trying to add any shared printer (from HP, Konica Minolta or Canon) from two different print servers (one Server 2003 and one Server 2012 R2).  I've tried it with multiple user accounts on multiple workstations (gpupdate /force on each).

It looks as though it's going to go through (it downloads the printer driver files from the print server), but then displays this message (attached):

Add Printer
Connect to Printer
Windows cannot connect to the printer.  Access is denied.

I've spent at least a couple hours researching this trying to figure out a fix but all I can find are articles telling me to address the above two group policies.  Can anyone offer any other advice?
printer-driver-installation-erro.bmp
0
Comment
Question by:Palaceit
7 Comments
 
LVL 14

Accepted Solution

by:
brendanmeyer earned 500 total points
ID: 39896693
These are the following settings I have

AT - Administrative Templates

Computer Policy
AT->Printers
  Disallow installation of printers using kernel-mode drivers: Disabled
  Point and Print Restrictions: Enabled
    Users can only point and print to these servers: Disabled
    Users can only point and print to machines in their forest: Disabled
    Security Prompts:
      When installing drivers for a new connection: Do not show warning or evelate prompt
      When updating drivers for an existing connection: Do not show warning or evelate prompt
AT->System->Driver Installation
  {4d36e978-e325-11ce-bfc1-08002be10318}  - Ports (COM & LPT ports)

User Policy
AT->Control Panel->Printers
  Point and Print Restrictions: Disabled


Hope this helps
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 39902449
This is common on some shared printers. You may need to uninstall and reinstall the driver on the server. Normally, shared printers work without any additional policy modification.

Alternatively, you can work around it.

Add printer as a local printer
- Create new port
- Leave local port selected.
- In the port name, type the unc path to the printer
eg \\server\printer

Hope this helps
0
 
LVL 38

Expert Comment

by:hdhondt
ID: 39964673
Not enough information to confirm an answer.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 39954883
I disagree
0
 

Author Closing Comment

by:Palaceit
ID: 40000587
I was able to resolve this finally by using a combination of my original configuration and brendanmeyer's suggestions.

Additionally, I was only able to get this to work right by deploying this on the default domain policy.  I was unable to get it to work on the OU level.  That particular issue was likely caused by my own ignorance of Group Policy administration.

Finally, for anyone else working on this issue be aware that there are two device classes whose IDs are nearly identical so it may be easily overlooked that you may need both:
{4d36e979-e325-11ce-bfc1-08002be10318} - Printers
{4d36e978-e325-11ce-bfc1-08002be10318} - Ports (COM & LPT ports)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is an article about Leadership and accepting and adapting to new challenges. It focuses mostly on upgrading to Windows 10.
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now