Solved

Unable to allow users to install printer drivers

Posted on 2014-02-28
7
2,559 Views
Last Modified: 2014-04-14
I've configured the following policies on the Default Domain Policy:

Computer Configuration -> Administrative Templates -> System -> Driver Installation ->
Allow non-administrators to install drivers for these device setup classes
Enabled
{4d36e979-e325-11ce-bfc1-08002be10318}
{4658ee7e-f050-11d1-b6bd-00c04fa372a7}

Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options
Devices: Prevent users from installing printer drivers
Disabled

I've then confirmed the policy get's pushed out to a workstation by using RSOP (also ran a gpupdate /force for good measure).  However users that are not local administrators on a workstation are still unable to install printer drivers when trying to add any shared printer (from HP, Konica Minolta or Canon) from two different print servers (one Server 2003 and one Server 2012 R2).  I've tried it with multiple user accounts on multiple workstations (gpupdate /force on each).

It looks as though it's going to go through (it downloads the printer driver files from the print server), but then displays this message (attached):

Add Printer
Connect to Printer
Windows cannot connect to the printer.  Access is denied.

I've spent at least a couple hours researching this trying to figure out a fix but all I can find are articles telling me to address the above two group policies.  Can anyone offer any other advice?
printer-driver-installation-erro.bmp
0
Comment
Question by:Palaceit
7 Comments
 
LVL 14

Accepted Solution

by:
brendanmeyer earned 500 total points
ID: 39896693
These are the following settings I have

AT - Administrative Templates

Computer Policy
AT->Printers
  Disallow installation of printers using kernel-mode drivers: Disabled
  Point and Print Restrictions: Enabled
    Users can only point and print to these servers: Disabled
    Users can only point and print to machines in their forest: Disabled
    Security Prompts:
      When installing drivers for a new connection: Do not show warning or evelate prompt
      When updating drivers for an existing connection: Do not show warning or evelate prompt
AT->System->Driver Installation
  {4d36e978-e325-11ce-bfc1-08002be10318}  - Ports (COM & LPT ports)

User Policy
AT->Control Panel->Printers
  Point and Print Restrictions: Disabled


Hope this helps
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 39902449
This is common on some shared printers. You may need to uninstall and reinstall the driver on the server. Normally, shared printers work without any additional policy modification.

Alternatively, you can work around it.

Add printer as a local printer
- Create new port
- Leave local port selected.
- In the port name, type the unc path to the printer
eg \\server\printer

Hope this helps
0
 
LVL 38

Expert Comment

by:hdhondt
ID: 39964673
Not enough information to confirm an answer.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 39954883
I disagree
0
 

Author Closing Comment

by:Palaceit
ID: 40000587
I was able to resolve this finally by using a combination of my original configuration and brendanmeyer's suggestions.

Additionally, I was only able to get this to work right by deploying this on the default domain policy.  I was unable to get it to work on the OU level.  That particular issue was likely caused by my own ignorance of Group Policy administration.

Finally, for anyone else working on this issue be aware that there are two device classes whose IDs are nearly identical so it may be easily overlooked that you may need both:
{4d36e979-e325-11ce-bfc1-08002be10318} - Printers
{4d36e978-e325-11ce-bfc1-08002be10318} - Ports (COM & LPT ports)
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question