Point and Print Restrictions for RemoteApp Session Host
Posted on 2015-02-10
We have deployed several apps using Windows 2008R2 RemoteApp and they work fine. However, printers do not always map correctly when deployed from a GPO.
I think the problem is related to Point and Print, but I haven't been able to solve it via methods mentioned elsewhere.
As long as the remote printer has been connected previously (usually from the console by an admin), there is no problem. However, if a driver is updated on the remote print server, or if a new printer is installed with a driver that isn't on the Session Host, then the printer fails to map and we see an event log entry indicating that no suitable driver was found.
We have a GPO set to apply the following (in machine policy and user policy, just to cover our bases):
Point and Print Restrictions: Enabled
Users can only point and print to these servers: Disabled
Users can only point and print to machines in their forest: Disabled
When installing drivers for a new connection: Do not show warning or elevation prompt
When updating drivers for an existing connection: Do not show warning or elevation prompt
I've done a gpresult /r and verified that the policy is being applied to the machine. If I do a gpresult /h or run a RSoP query remotely it says that those settings are applied. However, users are still not able to install new print drivers or update existing ones.
In my searching I've seen articles which say that the Point and Print settings aren't necessary for a Win2k8R2 machine (which is the context of the RemoteApp), but other sites which say it DOES matter etc.
Can anyone offer any insight as to how to allow a user to update/install drivers without having them be local admins?