Please bear with me, my server and networking knowledge is not amazing.

The company that I work for has a central 'Head Office'. This is where our server room is located. We have a bunch of Windows severs providing services such as AD, Group Policy, DNS and Printing etc.

We also have a bunch of remote sites, most usually run a wireless network with a printer attached. All of the employees in each site can connect back to our main network via a VPN using a Cisco VPN application on their desktops.

We have a problem where whenever someone travels out onto a remote site, they often cannot print because they need to install the Drivers for the site based Multi-Function Network Printers. They cannot do this because, they don't have admin rights therefore, I have to remotely connect to their laptops via TeamViewer and then install it for them with my Admin password (while they have VPN connected).

Back at Head Office, all of our printers are networked and no drivers are required to be manually installed. (I assume Group Policy handles this).

Is it possible to have all of my remote printers automatically install on all computers via Group Policy, even though they are remote? There is no VPN between the remote networks and Head Office however, the VPN is established directly from the clients out on those sites and Head Office, which means the remote printers are not visible from Head Office.

I was thinking that maybe when the computers connect via VPN, they would be able to download the drivers for their local printer.

How should I handle this situation?

  • 311
  • 4
  • 6
  • 15
  • It might be useful to know that I can spend money to solve this if necessary however, free/cheap solutions are preferred. – pgunston Sep 11 '14 at 04:01
  • Why not connect the sites to the main site with site to site VPN tunnels instead of all these client VPN's? – Rex Sep 11 '14 at 07:21

2 Answers2


edited: In hindsight, my original answer probably won't work for you it might require a printer server for the printers. New answer below:

You may want to just setup a policy to explicitly allow the printer device classes to be installed by non-admins

You first need to determine the device class - I often find this easiest by going through device manager on a computer that already has a device installed (in your case, any computer that has a printer installed should work)

  1. Open device manager
  2. Go the properties of the device
  3. Under the details tab in the proper list, select the Device class guid
  4. Copy the GUID and paste it into notepad (or some other place for later)

note: if you don't want to go through these steps, here is the usual GUID for printers: {4d36e979-e325-11ce-bfc1-08002be10318}. A list of other device class GUIDs can be found here

Once you have the device class, setup the policy.

  1. Open GPMC and create a new or edit the appropriate policy.
  2. Browse to the Computer Configuration/Administrative Templates/System/Driver Installation section
  3. Open the policy setting for Allow non-administrators to install drivers for these device setup classes
  4. Set the policy to enabled an click the Show.. button
  5. Paste in the GUID for the device class

Ensure the policy is applied to the proper container/OU that contains the computer objects, ensure policies are being applied and you should be good to go.

  • 7,815
  • 3
  • 28
  • 44

This would be best addressed with Group Policy Printers. You can read more at TechNet. The driver installation is handled automatically. The major caveat of using Group Policy is that the VPN has to be active when the user logs on for the printers to be mapped, regardless of whether you install them from a computer policy or a user policy. Many VPN clients (as well as the Windows VPN provider) allow you to do this from the logon screen.

  • 1,442
  • 1
  • 12
  • 29