Forum Discussion
Connect Home Office printers to managed devices
Since Corona lots of our users are working at home which really works very well for most of them. Nevertheless there are some missing functions like connecting own printers or multifunctional devices to a managed corporate device as by default users have no administrative privileges and are not allowed to install printer drivers. We already tested together with MS some GPO settings but doesn't really help. Do you also experience such issues and how to solve, any ideas?
THank you.
- AnnaChuMicrosoft
Sounds like you might need to investigate looking at Microsoft Endpoint Manager Bayernbazi. There was a recent blog post in the Microsoft Endpoint Manager community here: https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/manage-work-devices-at-home-during-covid-19-using-configuration/ba-p/1262052 but I would point you in the direction of that community to see if you can find anything helpful there.
- BayernbaziCopper Contributor
AnnaChu Thank you for the link to this post, we are already using Endpoint Manager and are currently preparing our environment for co-management. Nevertheless with support from MS we have meanwhile experienced some positive results with GPO settings and need to test with wider audience. We've enabled these both policies:
1. Computer Configuration/Policies/Administrative Templates/Printers/Point and Print Restrictions and choose : Do not show warning or elevation prompt.
2. Computer Configuration\Policies\Administrative Templates\System\Driver Installation\Allow non-administrators to install drivers for these devices setup classes
The policy “Allow non-administrators to install drivers for these devices setup classes” allows a limited user (non-admin) to install devices from specific device setup classes and install drivers for the device without requiring elevated permissions. The option “Do not show warning or elevation prompt” prevents driver installation warning messages and elevation prompts on computers.
You could find more details from the articles as below:
Configure Computer Policy to Allow Non-Administrators to Install Specific Devices
https://technet.microsoft.com/en-us/library/cc725772.aspx
System-Defined Device Setup Classes Available to Vendors
Control Printer Driver Installation Security https://technet.microsoft.com/en-us/library/cc753269.aspx
You may also want to make sure that the following policy is disabled: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers
I hope that our broader tests will be positive as well as with my test machine.
- AnnaChuMicrosoft
Hi Bayernbazi I'm going to move this post to the Windows community to see if anyone can help answer your question.
- BayernbaziCopper Contributorwhich question do you mean?
- C_the_SBronze Contributor
N/M
- BayernbaziCopper Contributor
C_the_S this is completely contradict to our security compliance, users must not send docs to their private address and print out then. But meanwhile with some GPO settings it looks like very well to enable HO printing with user's devices without hitting the security guidelines.