Tutorials

INTUNE – POINT AND PRINT

Read Time:2 Minute, 4 Second

I came across a situation recently where a company was migrating from what I call traditional AD-joined/SCCM managed clients to Autopilot provisioned AAD-joined devices managed only by Intune. The main challenge of the migration was that these devices needed to work as seamlessly on the corporate network as the “old world” devices.

One particular issue was users trying to add network printers. In the old world a Group Policy could be used to configure Point & Print so that when a user added a printer from a trusted print server the drivers would install without requiring administrative rights. If this was not configured then the user would receive a prompt similar to the below if the drivers were not packaged in the correct (or Microsoft approved) way.

UAC Dialog
UAC dialog shown if the print server is not trusted

My first step was to see if I could configure P&P via a configuration profile. After digging around I found these settings did exist under Administrative Templates so this was a good start.

P&P in Admin Templates
P&P settings shown under Admin Templates

The problem I found was two-fold. The policy states the machine must be “domain-joined” and I am not sure if this was just a copy & paste job into Intune or whether it is actually relevant. The second issue I found was that if P&P restrictions were configured under Computer Configuration this would generate an error when deployed.

If I configured P&P under User Configuration I found the policy applied but seemingly had no effect with users still receiving UAC prompts. The conclusion was that this policy wasn’t particularly helpful in my quest to resolve the issue.

MY SOLUTION

My quick and dirty fix was to create a .reg file with the below content which was then deployed to all devices. I chose to wrap it up using the PowerShell App Deploy Toolkit and ServiceUI.exe just because I like the control this toolkit offers but you could easily deploy by using a batch file or similar. Once deployed, standard users could then install network printers without issue.

COMMAND LINE
@Echo Off
reg import printkey.reg
REG FILE CONTENTS
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint]
"Restricted"=dword:00000001
"TrustedServers"=dword:00000001
"ServerList"="printserver.fqdn.com;printserver2.fqdn.com;printserver3.fqdn.com"
"InForest"=dword:00000000
"NoWarningNoElevationOnInstall"=dword:00000001
"UpdatePromptSettings"=dword:00000002

5 1 vote
Article Rating
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x