Hi Having read a lot of posts and implemented a lot of GPO settings I'm still not able to let a normal user install a local printer. I have implemented the following policies: computer\policies\windows settings\security settings\user rights\Load and unload device drivers -> specific AD group computer\policies\admin templates\printers -> disallow installation of printers using kernel-mode drivers = DISABELED computer\policies\admin templates\system\driver installations -> allow non-administrators to install drivers for these device setup classes: {4D36E979-E325-11CE-BFC1-08002BE10318} {4658EE7E-F050-11D1-B6BD-00C04fA372A7} {49CE6AC8-6F86-11D2-BLE5-0080C72E74A2} {4D36E97A-E325-11CE-BCF1-08002BE10318} {6BDD1fC6-810F-11D0-BEC7-08002BE2092F} {4658EE7E-F050-11D1-B6BD-00C04fA372A7} {36FC9E60-C465-11CF-8056-444553540000} {4D36E978-E325-11CE-BFC1-08002be10318} {48721B56-6795-11D2-B1A8-0080C72E74A2} {49CE6AC8-6F86-11D2-B1E5-0080C72E74a2} User\policies\admin templates\system\driver installations ->Codesigning for device drivers -> warn when not signed As you can see there is a lot of overkill in the settings but still I can't get it to be installed. The printer is a HP Multifunctional B110 series (typical type of home printer used these days) It is installing some of the drivers but it seems to block on a DOT4USB driver and in the user context you get Access denied. I used some sysinternal tools and found out that I got an access denied on the registry when creating a key in the LOCAL_MACHINE (I think it was Hewlett-Packard) Can somebody shed some light on what is wrong or should be changed? Thanks Jan jgs

Hi, What is device of this driver(DOT4USB)? Please get the class GUID and add it into "allow non-administrators to install drivers" policy. It seems your printer has some additional functions that need Kernel Mode driver support. Also, Navigate to Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Devices: Prevent users from installing printer drivers - Disabled Furthermore, Windows should auto install USB printer drivers when you plug them in. If you need to add a User Mode driver, please navigate to Printer Server to add it. Juke Chou TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedbackhere.Juke Chou TechNet Community Support

Hi Juke I forgot to mention that the policy you suggested was allready in place: Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Devices: Prevent users from installing printer drivers - Disabled However, nice thinking about the GUID for the USB4DOT I'll give that a shot ...jgs

Hi Juke It seems to be some kind of USB filter driver but they where allready in the list so a user should be able to install. INFO: IEEE 1284.4 Devices Class = Dot4ClassGuid = {48721b56-6795-11d2-b1a8-0080c72e74a2} This class includes devices that control the operation of multifunction IEEE 1284.4 peripheral devices. IEEE 1284.4 Print Functions Class = Dot4PrintClassGuid = {49ce6ac8-6f86-11d2-b1e5-0080c72e74a2} This class includes Dot4 print functions. A Dot4 print function is a function on a Dot4 device and has a single child device, which is a member of the Printer device setup class. jgs

Hi, If so, I guess HP printer installtion package may need to install some other applications or write some critical keys into LOCAL_MACHINE. I suggest you try to just install Dot4USB device to check this. Juke Chou TechNet Community Support

Hi Juke When I log in under a (power) user on the laptop and I manually update the DOT4USB by using "let windows search for a driver". It errors out whit Access denied. Ofcourse a normal user doesn't have access to the c:\windows\system32\drivers\ which I think is the cause of the error. On the other hand the policy should allow to install a device of that type.... When using these policies, is the driver installed under the user context or does it do this with elevated rights? That's not clear to me .... jgs

Hi, I guess this procedure should use the elevated rights to install the specific deivce drivers. I suggest you try to copy the ini file of DOT4USB to a place which you have permissions on=>Then Open Computer Management in Administrative Tools=>Manually install the Driver. If you still get the same error, please upload the logs in C:\Windows\inf to Skydriver and post the link here. Thanks.Juke Chou TechNet Community Support

Hi, Any update?Juke Chou TechNet Community Support