Allow non administrator users to install printers
-
@dengelhardt said in Allow non administrator users to install printers:
@JaredBusch ,
How do you get the drivers to the printers through GPO if not using a print server? Do allow non-admins to install the drivers?I cannot answer that yet myself, but I have a need to do this at a client in the next few weeks.
@Dashrender suggested this method to me saying he does it. He mentioned something about getting the drivers, but i do not recall what. I have a chatlog of our conversation and figured I could figure it out.
-
Hey all.
So for the drivers for GPO I assume I'm going...
User configuration>Policies>Software Settings>Published Applications> then add my printer driver.
Then for permissions I would go
Computer configuration>Policies>Window Settings>Security Settings>Local Policies>Devices>>Devices:Prevent user from installing printer drivers: Disabled
And
Computer configuration>Policies>Administrative Template>Printers>>
Users can only point and print to these servers: Disabled
Enter fully qualified server names separated by semicolons
Users can only point and print to machines in their forest DisabledSecurity Prompts:
When installing drivers for a new connection: Do not show warning or elevation prompt
When updating drivers for an existing connection: Do not show warning or elevation prompt
This setting only applies to:
Windows Vista and laterIs there anything else that would need to be added?
Or something I should remove?And some of you are suggesting a printer server, so would you esentially do one server that has upwards of 50+ printers on it?
Thanks
-
As @JaredBusch mentioned - I do this.
I have print queues setup for all of my printer types on the server. This then has the drivers installed on the server. When you create the printers in your GPO, you can set them up as IP direct printers, but you still point them to the print server to get the driver. This has worked very well for my remote locations where I don't have a print server. The machine gets the GPO, then adds the printer and downloads the driver from the remote print server, but after that, prints IP direct.
-
@Sparkum said in Allow non administrator users to install printers:
Hey all.
So for the drivers for GPO I assume I'm going...
User configuration>Policies>Software Settings>Published Applications> then add my printer driver.
Then for permissions I would go
Computer configuration>Policies>Window Settings>Security Settings>Local Policies>Devices>>Devices:Prevent user from installing printer drivers: Disabled
And
Computer configuration>Policies>Administrative Template>Printers>>
Users can only point and print to these servers: Disabled
Enter fully qualified server names separated by semicolons
Users can only point and print to machines in their forest DisabledSecurity Prompts:
When installing drivers for a new connection: Do not show warning or elevation prompt
When updating drivers for an existing connection: Do not show warning or elevation prompt
This setting only applies to:
Windows Vista and laterIs there anything else that would need to be added?
Or something I should remove?And some of you are suggesting a printer server, so would you esentially do one server that has upwards of 50+ printers on it?
Thanks
No, use the print management tool. Through that, add the printer(s) to the server, then add them to the directory, then add the GPO. All of this is through the print management tool.
https://technet.microsoft.com/en-us/library/cc753109(v=ws.10).aspx
-
@Dashrender said in Allow non administrator users to install printers:
As @JaredBusch mentioned - I do this.
I have print queues setup for all of my printer types on the server. This then has the drivers installed on the server. When you create the printers in your GPO, you can set them up as IP direct printers, but you still point them to the print server to get the driver. This has worked very well for my remote locations where I don't have a print server. The machine gets the GPO, then adds the printer and downloads the driver from the remote print server, but after that, prints IP direct.
It will only print 'direct' if you have enabled Branch Office Direct Printing.
https://technet.microsoft.com/en-us/library/jj134156(v=ws.11).aspx -
@Grey said in Allow non administrator users to install printers:
@Dashrender said in Allow non administrator users to install printers:
As @JaredBusch mentioned - I do this.
I have print queues setup for all of my printer types on the server. This then has the drivers installed on the server. When you create the printers in your GPO, you can set them up as IP direct printers, but you still point them to the print server to get the driver. This has worked very well for my remote locations where I don't have a print server. The machine gets the GPO, then adds the printer and downloads the driver from the remote print server, but after that, prints IP direct.
It will only print 'direct' if you have enabled Branch Office Direct Printing.
https://technet.microsoft.com/en-us/library/jj134156(v=ws.11).aspxI'll look at that post in a min, But I haven't intensionally done anything regarding Branch Office Direct Printing and it's working just fine.
My GPO Printer objects have the IP address for the printers in them. The Print Queues setup on the server have IPs for printers in my main location, and know nothing about the IPs of the printers in the remote location - so I'm not sure how it would be flowing through the server, if that's being implied here.
Here is the setup page from GP
https://i.imgur.com/90e0Fqa.png -
My normal printer queue based ones look like this
https://i.imgur.com/e3LCjKt.png -
@Dashrender said in Allow non administrator users to install printers:
@Grey said in Allow non administrator users to install printers:
@Dashrender said in Allow non administrator users to install printers:
As @JaredBusch mentioned - I do this.
I have print queues setup for all of my printer types on the server. This then has the drivers installed on the server. When you create the printers in your GPO, you can set them up as IP direct printers, but you still point them to the print server to get the driver. This has worked very well for my remote locations where I don't have a print server. The machine gets the GPO, then adds the printer and downloads the driver from the remote print server, but after that, prints IP direct.
It will only print 'direct' if you have enabled Branch Office Direct Printing.
https://technet.microsoft.com/en-us/library/jj134156(v=ws.11).aspxI'll look at that post in a min, But I haven't intensionally done anything regarding Branch Office Direct Printing and it's working just fine.
My GPO Printer objects have the IP address for the printers in them. The Print Queues setup on the server have IPs for printers in my main location, and know nothing about the IPs of the printers in the remote location - so I'm not sure how it would be flowing through the server, if that's being implied here.
Here is the setup page from GP
https://i.imgur.com/90e0Fqa.pngAnd you just set all printers to static IP's I assume?
-
Additionally if I go this option and the server dies tomorrow does that mean no one can print?
Or the server is simply giving permission to install and serving up the drivers, and everything else simply becomes local?
-
I assume this isnt actually the case?
"The Active Directory Domain Services (AD DS) schema must use a Windows Server 2003 R2 or Windows Server 2008 schema version."
-
@Sparkum said in Allow non administrator users to install printers:
I assume this isnt actually the case?
"The Active Directory Domain Services (AD DS) schema must use a Windows Server 2003 R2 or Windows Server 2008 schema version."
lol no. I use 2012. I think it means 2003 or above. My FL is 2008.
-
@Sparkum said in Allow non administrator users to install printers:
And you just set all printers to static IP's I assume?
This is one option - JB uses DHCP reservations for things like printers.
-
@Sparkum said in Allow non administrator users to install printers:
Additionally if I go this option and the server dies tomorrow does that mean no one can print?
Or the server is simply giving permission to install and serving up the drivers, and everything else simply becomes local?
No, the server is only used in my case to get the driver. Once the driver is installed, I'm not sure it ever talks to the server again.
-
Hmm very interesting and awesome!
Thanks guys, looks like I have my project for tomorrow.
-
@Sparkum said in Allow non administrator users to install printers:
Hmm very interesting and awesome!
Thanks guys, looks like I have my project for tomorrow.
Honestly, if you use the print management tool, you'll be done before lunch.
-
That sounds awesome, I can only imagine how much time my lower tier spends on installing these stupid things.
-
@Sparkum said in Allow non administrator users to install printers:
That sounds awesome, I can only imagine how much time my lower tier spends on installing these stupid things.
o.O
The PM tool is part of Windows 7+, chief. It's not a tiered tool or anything.
-
@Grey said in Allow non administrator users to install printers:
@Sparkum said in Allow non administrator users to install printers:
That sounds awesome, I can only imagine how much time my lower tier spends on installing these stupid things.
o.O
The PM tool is part of Windows 7+, chief. It's not a tiered tool or anything.
Hopefully he's talking about how much time his helpdesk spends manually creating printers for people.
-
Haha sorry ya thats what I meant.
-
Hey guys.
So just doing some more reading on Branch Office Direct Printing just kinda finding mixed opinions.
So all of our computers are Windows 7 (and prob will be for a good while)
Can I use branch office direct printing? I assume thats my best option right? Alot is saying Windows8+ only with a fall back to legacy,
Rather will I see a benefit to using it now versus just future proofing.
Thanks