Windows 7 does not allow domain user to add a local printer

Summary

By default, Windows 7 does not allow a domain user to add a local printer except under the following circumstances:

1. Install a printer is allowed if the driver is already in the driver store
2. Add a printer is allowed if the driver is already installed in the local spooler

More Information

To revert back to Windows XP behavior, you can remove the INTERACTIVE security group from the print server security descriptor.

This can be automated via startup script by carrying out the following steps:

1. On a client machine, remove the INTERACTIVE group from the print server security descriptor
2. Export the registry key from this machine: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\ServerSecurityDescriptor
3. Create a Vbscript to import this registry key and restart the spooler service
4. Create a StartupScript GPO to run this Vbscript when the client computer restarts


Properties

Article ID: 2530459 - Last Review: Mar 29, 2011 - Revision: 1

Windows 7 Enterprise, Windows 7 Professional, Windows 7 Ultimate

Feedback