Devices: Prevent users from installing printer drivers
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
Description
For a computer to print to a network printer, the driver for that network printer must be installed on the local computer. This security setting determines who is allowed to install a printer driver as part of adding a network printer. If this setting is enabled, only Administrators and Power Users can install a printer driver as part of adding a network printer. If this setting is disabled, any user can install a printer driver as part of adding a network printer. This setting can be used to prevent unprivileged users from downloading and installing an untrusted printer driver.
Default:
| • | Enabled on servers. |
| • | Disabled on workstations. |
Note
| • | If an administrator has configured a trusted path for downloading drivers, this setting has no impact. When trusted paths are used, the print subsystem attempts to use the trusted path to download the driver. If the trusted path download succeeds, the driver is installed on behalf of any user. If the trusted path download fails, the driver is not installed and the network printer cannot be added. |
| • | If this setting is enabled, but the driver for a network printer already exists on the local machine, users can still add the network printer. |
| • | This setting does not affect the ability to add a local printer. |
For more information, see:
| • |
