point and print

  • Thread starter Thread starter Dieter Molle
  • Start date Start date
D

Dieter Molle

Hi all,
maybe anyone can give me some input...

my goal is
- to control, which printer drivers are installed on my terminal
servers
- to allow users to map printers from exactly ONE print server
- auto-created printers are not a choice

my actual problems are
- users can map printers from ANY print server
- when they map a printer, the driver is installed in the background
(that
windows "point and print" feature installs the drivers under SYSTEM
context, so i cannot use the "prevent users from installing printer
drivers"
policy :-(. So i have no control over what drivers come onto my
servers.

i found that new "point and print restriction" policy, where i could
allow
that feature only on specified servers, but the printers are
nevertheless installed if a matching driver is found in the
drivers.cab.

thanks in advance for your help!
regards,
Dieter
 
1. Disable "Connect Client Printer's at Logon
2. Disable "LPT Port Mapping
3. Enable "Devices: Prevent users from Installing Print Drivers" (GPO -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options

More printing faq here
http://www.workthin.com/tsp.ht

Patrick Rous
Microsoft MVP - Terminal Serve
http://www.workthin.co

----- Dieter Molle wrote: ----

Hi all
maybe anyone can give me some input..

my goal i
- to control, which printer drivers are installed on my termina
server
- to allow users to map printers from exactly ONE print serve
- auto-created printers are not a choic

my actual problems ar
- users can map printers from ANY print serve
- when they map a printer, the driver is installed in the backgroun
(tha
windows "point and print" feature installs the drivers under SYSTE
context, so i cannot use the "prevent users from installing printe
drivers
policy :-(. So i have no control over what drivers come onto m
servers

i found that new "point and print restriction" policy, where i coul
allo
that feature only on specified servers, but the printers ar
nevertheless installed if a matching driver is found in th
drivers.cab

thanks in advance for your help
regards
Diete
 
Hi Patrick,

sorry but did you really read my questions?!?

Patrick Rouse said:
1. Disable "Connect Client Printer's at Logon"
2. Disable "LPT Port Mapping"

That's what i already did, because - as i mentioned - i don't want to
use auto-created printers in this environment.
3. Enable "Devices: Prevent users from Installing Print Drivers" (GPO -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options)

As i also wrote in my first posting: Those drivers are installed in
the background under SYSTEM CONTEXT... Mapping a printer is not a real
driver installation. I know this policy and i told you in my first
posting that i cannot use it.

In the meantime i found a solution myself. There are those reg entries
"LoadTrustedDrivers" and "TrustedDriverPath", which prevent my users
from installing unwanted drivers.

But there still is my second problem. Users can map printers from any
available printserver and i cannot control this.

Regards,
Dieter
 
Back
Top