Apr 01 2020 04:51 AM
Apr 01 2020 04:51 AM
Since Corona lots of our users are working at home which really works very well for most of them. Nevertheless there are some missing functions like connecting own printers or multifunctional devices to a managed corporate device as by default users have no administrative privileges and are not allowed to install printer drivers. We already tested together with MS some GPO settings but doesn't really help. Do you also experience such issues and how to solve, any ideas?
Apr 06 2020 11:04 AM
Sounds like you might need to investigate looking at Microsoft Endpoint Manager @Bayernbazi. There was a recent blog post in the Microsoft Endpoint Manager community here: https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/manage-work-devices-at-home-d... but I would point you in the direction of that community to see if you can find anything helpful there.
Apr 06 2020 11:25 PM
@Anna Chu Thank you for the link to this post, we are already using Endpoint Manager and are currently preparing our environment for co-management. Nevertheless with support from MS we have meanwhile experienced some positive results with GPO settings and need to test with wider audience. We've enabled these both policies:
1. Computer Configuration/Policies/Administrative Templates/Printers/Point and Print Restrictions and choose : Do not show warning or elevation prompt.
2. Computer Configuration\Policies\Administrative Templates\System\Driver Installation\Allow non-administrators to install drivers for these devices setup classes
The policy “Allow non-administrators to install drivers for these devices setup classes” allows a limited user (non-admin) to install devices from specific device setup classes and install drivers for the device without requiring elevated permissions. The option “Do not show warning or elevation prompt” prevents driver installation warning messages and elevation prompts on computers.
You could find more details from the articles as below:
Configure Computer Policy to Allow Non-Administrators to Install Specific Devices
System-Defined Device Setup Classes Available to Vendors
Control Printer Driver Installation Security https://technet.microsoft.com/en-us/library/cc753269.aspx
You may also want to make sure that the following policy is disabled: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/devices...
I hope that our broader tests will be positive as well as with my test machine.
Apr 07 2020 10:40 AM
Hi @Bayernbazi I'm going to move this post to the Windows community to see if anyone can help answer your question.
Apr 13 2020 11:35 PM
@Cary Siemers this is completely contradict to our security compliance, users must not send docs to their private address and print out then. But meanwhile with some GPO settings it looks like very well to enable HO printing with user's devices without hitting the security guidelines.