[Samba] Hosted printer drivers can not be used

L.P.H. van Belle belle at bazuin.nl
Wed Dec 18 15:17:32 UTC 2019

Hai Marco, 

In case of your setup. This is a design flaw, or nicer rephrased..   :-p  
You missed a few things. ;-) 

You need a few things more to make this work. 

Expand the following branch in the Group Policy editor: 
Computer Configuration -> Policies -> Windows Settings 
-> Security Settings -> Local Policies -> Security Options, 
where you need to find the policy Devices: Prevent users from installing printer drivers.
Disable this policy. 

Allow user to install the printer drivers via GPO.
Allow non-administrators to install drivers for these device setup classes in the section : 
Computer Configuration -> Policies -> Administrative Templates -> System -> Driver Installation.
Enable this policy, allow non-sysadmins to install drivers ( i dont know that its states in IT or English ). 
( and today to lazy to look it up.. But you see and will find what i mean. ) 

You need these also : 
Class = Printer {4658ee7e-f050-11d1-b6bd-00c04fa372a7}
Class = PNPPrinters {4d36e979-e325-11ce-bfc1-08002be10318}

When above is done, your at the point your now are. ( users can not connect/install the driver ) .
Which is correct ..  ;-) 

Computer Configuration -> Policies -> Administrative Templates -> Printers 
Enable the Point and print restrictions. 

set : do not show warning or elevation prompt when installing drivers for a new connection and when updating drivers for an existing connection

And you also must assign trusted server in FQDN in the "point and print trusted servers" 
Disable only allow Point and Print within own forest. 
( at least i did need it, my previous print server was in an other domain ).

User Policies. 
See computer policies, set same where possible. 

ConfigurationScreen/Printers, disable allow default printer control of windows. (enabled) 

And then i publish the printers from control panel/Printers 
Share names:  \\fq.dn\share 
Run in user security context. 
(optional, only apply once) 
(optional, only if member of group.) 

Pff. Longer mail then expected.. 
I hope you guys can use it. 

Above workes for me on Win7/10 x32/x64 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Marco Gaiarin via samba
> Verzonden: woensdag 18 december 2019 15:25
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Hosted printer drivers can not be used
> b) if i connect the printer by a unprivileged user, does not work (eg,
>  printer connect, but does not print, thow an error...).

Which error, (optional mail me the print screen)

> c) if i try with a privileged user, works as expected (and 
> clearly, all
>  subsequent unprivileged users that try to conect the printer, works
>  because the driver is just installed).
Yes, then it always works, correct, so if you setup a new pc, 
you most probley always login at least once with an admin users.

Create one gpo that installes all needed printers and while setting up a new pc.
Drivers install in the back ground for you.  

> I don't think is a samba bug...
Nope, its windows design.  And yeah, it sucks.. ;-) 



More information about the samba mailing list