I have added a printer on a 2019 print server and deployed it via Group Policy (machine policy deployment mode) as a shared printer. But it only shows up on the client workstation after rebooting, or after running gpupdate from the domain Administrator account. A standard domain user account, even with local administrator privileges, is unable to make the new printer appear.
I have set the proper security filtering. I have run gpresult clientside to confirm that the policy is being applied. I have enabled verbose group policy logging and reviewed the logs, to see that the Deployed Printer Connections extension is returning 0x0 (success) and no errors are logged. Gpupdate reports that all policies were applied successfully. Nothing interesting in the various event logs I checked.
The driver is already pre-installed. I even tested with a dummy printer object. The user is local admin so PrintNightmare restrictions don't matter. I flipped all relevant group policy settings to the most permissive mode just to make sure. The user is able to add the shared printer manually.
I tried using ProcMon and visually comparing the traces for a successful and unsuccessful deployment, but they look too similar and there are no errors shown, I only see a large amount of ole/dcom activation registry lookups in every step of the deployed printer connection preparation. But maybe I just missed it. The order of events is unstable due to multithreading, and there is a lot of noise.
