Allow non administrator users to install printers
-
Hey all.
I've tried once or twice before (and failed) to allow non administrators to install printers with all the management being done at the main office (~36 locations all on a MPLS)
So my question is, whats my best way? I'll start googling my options right now too but figured I'd check with the brain trust first
Thanks!
-
@Sparkum ,
I use GPOs to install and manage printers across 12 locations. Even the CEO is for it. -
@dengelhardt said in Allow non administrator users to install printers:
@Sparkum ,
I use GPOs to install and manage printers across 12 locations. Even the CEO is for it.We do the same - if a user has a home printer they want installed we just do it after hours remotely. No big deal.
-
@dengelhardt said in Allow non administrator users to install printers:
@Sparkum ,
I use GPOs to install and manage printers across 12 locations. Even the CEO is for it.+1 for GPOs and a central print server.
Is there a DFS-like service for printers?
-
@Grey said in Allow non administrator users to install printers:
@dengelhardt said in Allow non administrator users to install printers:
@Sparkum ,
I use GPOs to install and manage printers across 12 locations. Even the CEO is for it.+1 for GPOs and a central print server.
Is there a DFS-like service for printers?
Have your GPO push out printers that print direct to IP instead of through a print server. Then you have no need. GPO still does install, but the printers simply exist only on the user computers instaed of on both the server and the computer.
-
@JaredBusch ,
How do you get the drivers to the printers through GPO if not using a print server? Do allow non-admins to install the drivers? -
@dengelhardt said in Allow non administrator users to install printers:
@JaredBusch ,
How do you get the drivers to the printers through GPO if not using a print server? Do allow non-admins to install the drivers?I cannot answer that yet myself, but I have a need to do this at a client in the next few weeks.
@Dashrender suggested this method to me saying he does it. He mentioned something about getting the drivers, but i do not recall what. I have a chatlog of our conversation and figured I could figure it out.
-
Hey all.
So for the drivers for GPO I assume I'm going...
User configuration>Policies>Software Settings>Published Applications> then add my printer driver.
Then for permissions I would go
Computer configuration>Policies>Window Settings>Security Settings>Local Policies>Devices>>Devices:Prevent user from installing printer drivers: Disabled
And
Computer configuration>Policies>Administrative Template>Printers>>
Users can only point and print to these servers: Disabled
Enter fully qualified server names separated by semicolons
Users can only point and print to machines in their forest DisabledSecurity Prompts:
When installing drivers for a new connection: Do not show warning or elevation prompt
When updating drivers for an existing connection: Do not show warning or elevation prompt
This setting only applies to:
Windows Vista and laterIs there anything else that would need to be added?
Or something I should remove?And some of you are suggesting a printer server, so would you esentially do one server that has upwards of 50+ printers on it?
Thanks
-
As @JaredBusch mentioned - I do this.
I have print queues setup for all of my printer types on the server. This then has the drivers installed on the server. When you create the printers in your GPO, you can set them up as IP direct printers, but you still point them to the print server to get the driver. This has worked very well for my remote locations where I don't have a print server. The machine gets the GPO, then adds the printer and downloads the driver from the remote print server, but after that, prints IP direct.
-
@Sparkum said in Allow non administrator users to install printers:
Hey all.
So for the drivers for GPO I assume I'm going...
User configuration>Policies>Software Settings>Published Applications> then add my printer driver.
Then for permissions I would go
Computer configuration>Policies>Window Settings>Security Settings>Local Policies>Devices>>Devices:Prevent user from installing printer drivers: Disabled
And
Computer configuration>Policies>Administrative Template>Printers>>
Users can only point and print to these servers: Disabled
Enter fully qualified server names separated by semicolons
Users can only point and print to machines in their forest DisabledSecurity Prompts:
When installing drivers for a new connection: Do not show warning or elevation prompt
When updating drivers for an existing connection: Do not show warning or elevation prompt
This setting only applies to:
Windows Vista and laterIs there anything else that would need to be added?
Or something I should remove?And some of you are suggesting a printer server, so would you esentially do one server that has upwards of 50+ printers on it?
Thanks
No, use the print management tool. Through that, add the printer(s) to the server, then add them to the directory, then add the GPO. All of this is through the print management tool.
https://technet.microsoft.com/en-us/library/cc753109(v=ws.10).aspx
-
@Dashrender said in Allow non administrator users to install printers:
As @JaredBusch mentioned - I do this.
I have print queues setup for all of my printer types on the server. This then has the drivers installed on the server. When you create the printers in your GPO, you can set them up as IP direct printers, but you still point them to the print server to get the driver. This has worked very well for my remote locations where I don't have a print server. The machine gets the GPO, then adds the printer and downloads the driver from the remote print server, but after that, prints IP direct.
It will only print 'direct' if you have enabled Branch Office Direct Printing.
https://technet.microsoft.com/en-us/library/jj134156(v=ws.11).aspx -
@Grey said in Allow non administrator users to install printers:
@Dashrender said in Allow non administrator users to install printers:
As @JaredBusch mentioned - I do this.
I have print queues setup for all of my printer types on the server. This then has the drivers installed on the server. When you create the printers in your GPO, you can set them up as IP direct printers, but you still point them to the print server to get the driver. This has worked very well for my remote locations where I don't have a print server. The machine gets the GPO, then adds the printer and downloads the driver from the remote print server, but after that, prints IP direct.
It will only print 'direct' if you have enabled Branch Office Direct Printing.
https://technet.microsoft.com/en-us/library/jj134156(v=ws.11).aspxI'll look at that post in a min, But I haven't intensionally done anything regarding Branch Office Direct Printing and it's working just fine.
My GPO Printer objects have the IP address for the printers in them. The Print Queues setup on the server have IPs for printers in my main location, and know nothing about the IPs of the printers in the remote location - so I'm not sure how it would be flowing through the server, if that's being implied here.
Here is the setup page from GP
https://i.imgur.com/90e0Fqa.png -
My normal printer queue based ones look like this
https://i.imgur.com/e3LCjKt.png -
@Dashrender said in Allow non administrator users to install printers:
@Grey said in Allow non administrator users to install printers:
@Dashrender said in Allow non administrator users to install printers:
As @JaredBusch mentioned - I do this.
I have print queues setup for all of my printer types on the server. This then has the drivers installed on the server. When you create the printers in your GPO, you can set them up as IP direct printers, but you still point them to the print server to get the driver. This has worked very well for my remote locations where I don't have a print server. The machine gets the GPO, then adds the printer and downloads the driver from the remote print server, but after that, prints IP direct.
It will only print 'direct' if you have enabled Branch Office Direct Printing.
https://technet.microsoft.com/en-us/library/jj134156(v=ws.11).aspxI'll look at that post in a min, But I haven't intensionally done anything regarding Branch Office Direct Printing and it's working just fine.
My GPO Printer objects have the IP address for the printers in them. The Print Queues setup on the server have IPs for printers in my main location, and know nothing about the IPs of the printers in the remote location - so I'm not sure how it would be flowing through the server, if that's being implied here.
Here is the setup page from GP
https://i.imgur.com/90e0Fqa.pngAnd you just set all printers to static IP's I assume?
-
Additionally if I go this option and the server dies tomorrow does that mean no one can print?
Or the server is simply giving permission to install and serving up the drivers, and everything else simply becomes local?
-
I assume this isnt actually the case?
"The Active Directory Domain Services (AD DS) schema must use a Windows Server 2003 R2 or Windows Server 2008 schema version."
-
@Sparkum said in Allow non administrator users to install printers:
I assume this isnt actually the case?
"The Active Directory Domain Services (AD DS) schema must use a Windows Server 2003 R2 or Windows Server 2008 schema version."
lol no. I use 2012. I think it means 2003 or above. My FL is 2008.
-
@Sparkum said in Allow non administrator users to install printers:
And you just set all printers to static IP's I assume?
This is one option - JB uses DHCP reservations for things like printers.
-
@Sparkum said in Allow non administrator users to install printers:
Additionally if I go this option and the server dies tomorrow does that mean no one can print?
Or the server is simply giving permission to install and serving up the drivers, and everything else simply becomes local?
No, the server is only used in my case to get the driver. Once the driver is installed, I'm not sure it ever talks to the server again.
-
Hmm very interesting and awesome!
Thanks guys, looks like I have my project for tomorrow.
