BalthierMemberJune 22, 2017 at 2:43 pm #167080
I have some Remote Desktop Session Host servere where we are having difficulties because users are able to install printer drivers on the RDSH servers.
The Devices: Prevent users from installing printer drivers is set to Enabled. But it does not help.
The only way I seem to be able to prevent users from installing printer drivers is by setting the following two policy settings in a GPO applied to the RDSH servers,
Only use Package Point and print, Enabled
Package Point and print – Approved servers, Enabled (FalseName.com configured as approved server)
But if I do this, then the users are not able to make connections to the printer queues on the print server at all. Not even for those queues I myself have installed the driver for on the RDSH servers. Is there any way I can prevent non-admin users from installing drivers, when they connect to network printers which do not have a driver on the RDSH servers?
JeremyWModeratorJune 28, 2017 at 10:48 am #271521
What indications do you see that users are installing printer drivers?
Do you use group policy to push printers to users?
DextMemberJuly 20, 2017 at 7:14 am #379129
Are you sure the printers installed aren’t users “printer redirects” rather than actually installing printers?
Paul GMemberAugust 22, 2017 at 2:47 pm #391857
Balthier, I am experiencing this exact issue. Did you ever find a resolution?
James HaynesMemberAugust 26, 2017 at 3:16 pm #252108
id like to know the same thing that JermeyW asked, what makes you think they are installing other drivers? is it possible that they are on a different OS or maybe there are multiple drivers installed that are being selected as default?
if that is the case and youre sure but the GPO doesnt seem like its working or they are circumventing it, purposely or by weird permissions structure, you could try restricting write to the print driver folder once things are set up correctly.. literally denying change to everyone but admin, even SYSTEM.. that would prevent any new drivers from being installed…
the only other thing i can think of is creating a security group to specifically deny anyone outside the admin arena. possibly an rsop on the users that you say are changing versus an admin and regular user… idk.
JDMilsMemberSeptember 5, 2017 at 5:13 pm #251027
To check if your settings are working, log in yourself using a test account and try to install a new printer and/or driver. I think you are seeing what 5habbaranks has mentioned as this appears in the Event logs and I remember seeing that the RDP redirects can be removed from event logs if they are too annoying.
You must be logged in to reply to this topic.