• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3009
  • Last Modified:

Unable to allow users to install printer drivers

I've configured the following policies on the Default Domain Policy:

Computer Configuration -> Administrative Templates -> System -> Driver Installation ->
Allow non-administrators to install drivers for these device setup classes

Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options
Devices: Prevent users from installing printer drivers

I've then confirmed the policy get's pushed out to a workstation by using RSOP (also ran a gpupdate /force for good measure).  However users that are not local administrators on a workstation are still unable to install printer drivers when trying to add any shared printer (from HP, Konica Minolta or Canon) from two different print servers (one Server 2003 and one Server 2012 R2).  I've tried it with multiple user accounts on multiple workstations (gpupdate /force on each).

It looks as though it's going to go through (it downloads the printer driver files from the print server), but then displays this message (attached):

Add Printer
Connect to Printer
Windows cannot connect to the printer.  Access is denied.

I've spent at least a couple hours researching this trying to figure out a fix but all I can find are articles telling me to address the above two group policies.  Can anyone offer any other advice?
1 Solution
These are the following settings I have

AT - Administrative Templates

Computer Policy
  Disallow installation of printers using kernel-mode drivers: Disabled
  Point and Print Restrictions: Enabled
    Users can only point and print to these servers: Disabled
    Users can only point and print to machines in their forest: Disabled
    Security Prompts:
      When installing drivers for a new connection: Do not show warning or evelate prompt
      When updating drivers for an existing connection: Do not show warning or evelate prompt
AT->System->Driver Installation
  {4d36e978-e325-11ce-bfc1-08002be10318}  - Ports (COM & LPT ports)

User Policy
AT->Control Panel->Printers
  Point and Print Restrictions: Disabled

Hope this helps
AkinsdNetwork AdministratorCommented:
This is common on some shared printers. You may need to uninstall and reinstall the driver on the server. Normally, shared printers work without any additional policy modification.

Alternatively, you can work around it.

Add printer as a local printer
- Create new port
- Leave local port selected.
- In the port name, type the unc path to the printer
eg \\server\printer

Hope this helps
Not enough information to confirm an answer.
AkinsdNetwork AdministratorCommented:
I disagree
PalaceitAuthor Commented:
I was able to resolve this finally by using a combination of my original configuration and brendanmeyer's suggestions.

Additionally, I was only able to get this to work right by deploying this on the default domain policy.  I was unable to get it to work on the OU level.  That particular issue was likely caused by my own ignorance of Group Policy administration.

Finally, for anyone else working on this issue be aware that there are two device classes whose IDs are nearly identical so it may be easily overlooked that you may need both:
{4d36e979-e325-11ce-bfc1-08002be10318} - Printers
{4d36e978-e325-11ce-bfc1-08002be10318} - Ports (COM & LPT ports)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now