-
Titel
How to edit a GPO to edit the Driver Installation policy to allow non-admins to install printers -
Beschreibung
How to edit the Driver Installation group policy to allow non administrators to install printers. -
Ursache
Privilege Manager for Windows does not elevate the users permission to allow for printer driver installation.
This can be done using a Group Policy.
-
Lösung
1. The Driver Installation policy is located in the Group Policy Management Console (GPMC):
Computer Configuration | Policies | Administrative Templates | System | Driver Installation
The setting is called "Allow non-administrators to install drivers for these devices setup classes". In this policy there is a need to add the Device Class GUID of the device you are trying to allow.
Printers
ClassGuid = {4d36e979-e325-11ce-bfc1-08002be10318}NOTE: The GUIDs can be found here: Device Class GUIDS
2. If a user is also getting prompted to trust a printer driver Point and Print Restrictions can be disabled. Configure Group Policy settings for "Point and Print" on BOTH computer and user settings.The Location of the settings can be found in the Group Policy Management Console:
Computer Configuration | Policies | Administrative Templates | Printers | Point and Print RestrictionsUser Configuration | Policies | Administrative Templates | Control Panel | Printers | Point and Print RestrictionsYou can configure the Point and Print Restrictions Group Policy setting in any of the following ways:
-
If you set the policy setting to Enabled and you select the Users can only Point and Print to machines in their Forest check box, users can use the Point and Print functionality to select only computers that have active computer accounts in the same forest as the user.
Note Cross-forest trust relationships are not supported by this policy setting. This is so that this policy setting can be effective for shared printers in Windows NT 4.0 and later environments.
-
If you set the policy setting to Enabled and you select the Users can only Point and Print to these servers check box, users can use the Point and Print functionality to select only the servers that are listed. When you add servers to this list, you must use their fully qualified domain names (FQDNs) and use a semi-colon (;) to separate the FQDNs. Also, you cannot put any spaces between the FQDNs and the semicolon (;). For example:
server1.domain1.microsoft.com;server2.domain1.microsoft.comTo locate the FQDN of a server, click the Computer Name tab in System Properties.
-
If you set the policy to Enabled and you select both the Users can only Point and Print to machines in their Forest check box and the Users can only Point and Print to these servers check box, users can use the Point and Print functionality to select any server in their forest and any servers that are explicitly listed. You can use this configuration to grant the user the ability to use the Point and Print functionality to select any server in their forest and specific servers that are outside the forest.
-
If you set the policy to Disabled, users can use the Point and Print functionality to select any shared printer they have access to.
-
By default, this policy setting is not configured. If you do not configure this policy setting, users cannot download Point and Print drivers from computers that are not in their Active Directory forest. The result of not configuring the setting is the same as enabling the policy and setting it to Users can only Point and Print to machines in their Forest.
-
-
Änderungsanforderung
DPM-822