- Standard stuff: On Server install your printer and printer driver. Then run printmanagament.msc and do Deploy with Group Policy. Have an eye on the drivers section. Know the exact name of your driver, thats important for deploying drivers to local machines.
- Your brandnew Group Policy should consist of (i)
- computer >> policies >> windows settings >> printer connection: \\yourserver\yourprinter
- computer >> policies >> windows settings >> security settings >>> local policies/security options >>> devices >>>policy >>> users are not allowed to install printer drivers >>> disabled
- computer >> policies >> administrative templates >> printer >> point-and-print – allowed servers
- computer >> policies >> administrative templates >> printer >> point-and-print – restrictions (suppress warnings + eventually [UNTESTED] point-and-print allowed only inside your structures >>> disabled )
- computer >> policies >> administrative templates >> printer >> only point-and-print for packets >>> disabled [UNTESTED]
- computer >> policies >> administrative templates >> system >> Internet Communication Management >> Internet Communication setting: disable printer driver download via http
- user >> policies >> windows settings >> printer connection: \\yourserver\yourprinter
- user >> policies >> administrative templates >> system >> Internet Communication Management >> Internet Communication setting: disable printer driver download via http
Eventually add to your reg [UNTESTED]:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint\RestrictDriverInstallationToAdministrators >>> REG_DWORD >>> 0x0
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\RpcAuthnLevelPrivacyEnabled >>> REG_DWORD >>> 0x0
Since printnightmare and a bunch of lame microsoft patches i did run into problems deploying the drivers.
What did happen to me:
The printers were sometimes ‘installed’, what means that they did appear in local machines printer list. After clicking this printers management button and trying to enter the settings i got someting like ‘printer not found‘. I had have tried to get the printer via explorer and got a 0x00000bc4. I will translate this for you: ‘printer not found‘ simply means is ms language: we don’t know what did happen, something went wrong, help yourself.
In my case nothing of the above did work well, so i did decide to install the driver via powershell.
at first i did drop the extracted driver to a share on the printserver.
# Import the drivers signature to local machines trusted # publishers or you will get some modal windows during installation. $signature = Get-AuthenticodeSignature "\\Printer22\install\KYO\Treiber\KX 8.0.3028\PrnDrv\KXDriver\64bit\kyomita.cat" $store = Get-Item -Path Cert:\LocalMachine\TrustedPublisher $store.Open("ReadWrite") $store.Add($signature.SignerCertificate) $store.Close() # Import the driver to the local machine. pnputil.exe /a "\\Printer22\install\KYO\Treiber\KX 8.0.3028\PrnDrv\KXDriver\64bit\*.inf" # Install the imported driver. Add-PrinterDriver -Name "Kyocera TASKalfa 5054ci KX" -InfPath "C:\Windows\System32\DriverStore\FileRepository\oemsetup.inf_amd64_21f4e2a7b7e3f5ca\OEMSETUP.inf" # Add the printer. (Not necessary if you install him via GPO) Add-Printer -ConnectionName \\PRINTER22\PrinterPool