Users can only install their own local printers. using “Devices and Printers”.. if they’re a local admin. How do you get out of this mess? They cannot Add a Local printer by themselves. With PPLPM though, you make it super easy for them.
Hi. In this video, I’m going to show you how you can use PolicyPak Least Privilege Manager to grant users their own rights as needed to install their own printer.
By way of example, I’m just a standard user. I’m “WestSalesUser2.” If I go to “Devices and Printers” and I want to “Add a printer” here, as you probably know if they try to “Add a local printer” – again, if a standard user tries to add a local printer – and they “Have Disk,” let’s take a look and see. If I “Browse” for what I have here on my “Desktop/Driver” and I pick this driver and click “OK,” it looks like it will let them do it – and fail.
The standard user is not able to do this by default, but with PolicyPak Least Privilege Manager, we can elevate the rights just as needed for just this task and it’s very easy to do. What we’ll do is we’ll go over to our Group Policy editor here. For our “Sales” team, we’ll say “Let Sales Install their own printer.” You could do what I’m about to do on either the user side or the computer side, but I’m going to do it on the user side.
In fact, we have a preconfigured rule for this, so we make it kind of drop-dead easy. Let me go ahead and show you. Let me go take the “PPLPM xmls” that we have. We have one called “Add Printers as admin (All OS).” We’re just going to simply take that XML that we’ve preconfigured for you, and here’s “Least Privilege Manager,” the GPO we just created ten seconds ago and linked it over to our Sales team.
We’re just going to drag-and-drop that rule right in place. You can see what it’s doing. It says “Add Printers as admin (OS).” That’s it. We’ll go back over to our endpoint here. We’ll run GP Update. We’ll go ahead and give this a second to finish.
Now that that’s done, let’s try to redo that exact same thing. We’ll go to “Devices and Printers.” We’ll go to “Add a printer.” We’ll “Add a local printer.” We’ll go ahead and pick something we “Have Disk” from. We’ll “Browse” for that same driver. Ten seconds ago, it didn’t work. This time when we click “Next” as a standard user, magically it installs. No UAC prompt. We’re successful. We can “Print a test page,” etc.
This whole thing took two minutes. You can make this work on-prem, or if you want to you can export this rule and send it through the cloud using PolicyPak Cloud.
Hope this helps you out, and looking forward to getting you started real soon. Thanks.