1

Is there a way to disable printing or installing printers via UNC path? If a printer is added via UNC path in our RDP environment, it shows up for every user on the same collection. If the printer is added by selecting "Find a printer in the directory" option, it only shows up for them.

Users are adding printers by opening a run prompt and typing: \\server and double-clicking on the printer they want or they are typing: \\server\printer

I want to clarify, this only happens to users who use login via Remote Desktop Services.

Sean
  • 13
  • 4
  • Please explain exactly how you are adding printers via UNC path because network shared printers do not install for all users. They only install for the user who connects it. – Appleoddity Aug 22 '18 at 02:34

1 Answers1

0

Usually only printers with a local port will display to all users. (in example with a tcp/ip port), thus I would check why the behavior is not the same for you on your server, I would think that those users are in the local admin group or in the print operator group.

In a extreme way to resolve your issue;

Prevent by GPO to add any printers and deploy by GPO the needed printer ?

Option 1:

In Group Policy editor, expand the following folders: User Configuration, Administrative Templates, Control Panel, and Printers. (see there)

Disable the addition of printers:Prevents users from using familiar methods to add local and network printers. This policy removes the Add Printer wizard from the Start menu and from the Printers folder in Control Panel. Also, users cannot add printers by dragging a printer icon to the Printers folder. If they try to use this method, a message appears that explains that the action is disabled by a policy.

Option 2:

You can configure point and print restriction too, to restrict which the user can add or not. You need to enable the settings, see there for a explanation. Description of the Point and Print Restrictions policy setting

If the driver is not listed it will prevent the printqueue to install with the above setting;

Policy setting: Prevent Users from Installing Printer Drivers Location: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

yagmoth555
  • 16,300
  • 4
  • 26
  • 48
  • Unfortunately both options you mention would require the creation of about 100 new groups & Group Policy Objects. Maintaining those would be more of a pain than the current situation. – Sean Aug 23 '18 at 11:03
  • @Sean you dont answer my first line, are the users admin? as its anormal they can see other user printqueue – yagmoth555 Aug 23 '18 at 11:53
  • The users are not members of the Print Operators or local Administrators group – Sean Aug 23 '18 at 13:36
  • @Sean if you go in the spooler properties, in the security tab, does any right got deleguated to non admin user ? Ususally Everyone shoudl be ticked for 'printing' and 'see the server' only. – yagmoth555 Aug 23 '18 at 13:54
  • 1
    After doing some additional verification myself, it was discovered to be a personnel issue. Since your question led to the solution, I'm giving you credit. – Sean Aug 23 '18 at 13:59