I have a server 2008R2-level AD domain in which all the printers are networked. I have a highly mobile workforce of about 350 in the facility, and when they move from one work area to another, they typically map to the network printer in their current work area.
Unfortunately, when installing the networked printer, the option to "Share this printer" comes up during the install. When they share the networked printer (despite being told not to), it replicates the printer on the Print server, and it cannot be removed until I go into the specific computer CN and delete it from there. This has led to spooling issues on the print server, as you might imagine.
Is there any way to prevent users from sharing their installed printers without interfering with thier ability to use shared files and network printers? I can see in group policy that I can disable file and print sharing altogether, but I don't want to remove access to domain shared resources.
Best Answer
Apply the point and print restrictions policy:
Point and Print Restrictions: This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain.
When the policy setting is enabled, the following conditions obtain: •Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made. •You can configure Windows Vista clients so that security warnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated.
When the policy setting is not configured, the following conditions obtain: •Windows Vista client computers can point and print to any server. •Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print. •Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated. •Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print.
When the policy setting is disabled, the following conditions obtain: •Windows Vista client computers can create a printer connection to any server by using Point and Print. •Windows Vista computers will not show a warning or an elevated command prompt when users create a printer connection to any server by using Point and Print. •Windows Vista computers will not show a warning or an elevated command prompt when an existing printer connection driver has to be updated. •Windows Server 2003 and Windows XP client computers can create a printer connection to any server by using Point and Print. •The Users can only point and print to computers in their forest setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs).