Let’s discuss How to Prevent Mapping of Client Printers in Remote Desktop Services Sessions using Intune. This policy setting controls whether users connecting to a Remote Desktop Session Host (RD Session Host) server (or a Virtual Desktop Infrastructure/Cloud PC environment like Azure Virtual Desktop or Windows 365) are allowed to use the printers installed on their local/client computer within the remote session.
By enabling this policy, it reduces the number of temporary or unknown printer objects created on the remote host, leading to a cleaner, more predictable server environment. So it avoids the need to implement and manage a more complex centralized printing solution (like a dedicated print server or Microsoft Universal Print).
This policy also Prevents potential crashes or instability on the RD Session Host server caused by incompatible or poorly written client printer drivers being loaded into the server’s print spooler. This is a common historical issue.
With this policy admins can provides a seamless user experience, as local printers automatically appear in the remote session. Organizations must strategically decide whether the security and stability benefits of enabling the policy outweigh the loss of printing convenience for their users.
Table of Contents
How to Prevent Mapping of Client Printers in Remote Desktop Services Sessions using Intune
Let me explain the application of this policy with an Example. A financial services firm uses a virtual desktop environment (e.g., Azure Virtual Desktop or a traditional RDS farm) for employees who handle confidential client data (e.g., investment portfolios, social security numbers.
- How to Set Deadline for Automatic Installation of Quality Updates on Windows Devices using Intune
- How to Track Windows Security Patch Installation Details using Intune Inventory
- How to Stop Automatic Driver Installation in Windows11
Configure Policy from Intune Portal
Sign in to the Microsoft Intune Portal with Credentials. Navigate to Devices > Configuration > + Create > New Policy.
Profile Choosing Step
After that you can choose appropriate platform and profile type. This is necessary step for policy creation and you cannot change profile and platform after creating profile. Here I would like to configure the policy to Windows 10 and later platform and settings catalog profile. Then click on the Create button.
Begin Policy with Basic Tab
Basic Tab is the first tab that helps users to give identity for policy. For this you can add Name and description for the settings you want to select for policy creation. Here is Name is mandatory and description is optional. After adding this click on the Next button.
Configure Cross Device Participation Policy
After that you will get Configuration settings tab which helps you to access specific settings. To get the settings click on the +Add settings hyperlink and select specific settings from Settings Picker. Here, I would like to select the settings by browsing by Category. I choose Windows Components > Remote Desktop Services > Remote Desktop Session Host > Printer Redirection >Do not allow client printer redirection.
Disable Mapping of Client Printers in Remote Desktop Services Sessions
If you disable this policy setting, users can redirect print jobs with client printer mapping. By default this policy is disable. Click on the Next button.
Enable Mapping of Client Printers in Remote Desktop Services Sessions
If you enable this policy setting, users cannot redirect print jobs from the remote computer to a local client printer in Remote Desktop Services sessions. Click on the Next button.
Adding Scope Tags
Scope Tag is not a mandatory step for policy creation. But you can add Scope tags for visibility restrictions. Here, I don’t add scope tags for Prevent Mapping of Client Printers Policy. Click on the Next button.
Selecting Group from the Assignment Tab
To assign the policy to specific groups, you can use the Assignment Tab. Here I click, +Add groups option under Included groups. I choose a group from the list of groups and click on the Select button. Again, I click on the Select button to continue.
Finalize Policy
This is the Fina step for policy creation. You can review all the details on this tab and avoid misconfiguration. After verifying all the details, click on the Create Button. After creating the policy, you will get a success message.
Device Check-in Status
Device Check-in Status Page shows if the Policy is succeeded or Not. Before checking this, you can sync the device on Company Portal for Faster policy deployment. Then Go to Devices > Configuration > Search for the Policy. Here, the policy shows as successful.
Client-Side Verification
To confirm the policy is successful or not, you can use the Event Viewer. First, open Event Viewer and navigate to Applications and Services Logs > Microsoft > Windows > Device Management > Enterprise Diagnostic Provider > Admin. Look for Event IDs 813 or 814, as these typically contain policy-related information
Removing the Assigned Group from Prevent Mapping of Client Printers Policy Settings
If you want to remove the Assigned group from the policy, it is possible from the Intune Portal. To do this, open the Policy on Intune Portal and edit the Assignments tab and the Remove Policy.
To get more detailed information, you can refer to our previous post – Learn How to Delete or Remove App Assignment from Intune using by Step-by-Step Guide.
How to Delete Prevent Mapping of Client Printers Policy
You can easily delete the Policy from the Intune Portal. From the Configuration section, you can delete the policy. It will completely remove it from the client devices.
For detailed information, you can refer to our previous post – How to Delete Allow Clipboard History Policy in Intune Step by Step Guide.
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.