Prevent Users From Installing Printer Drivers using Intune

This post gives you a quick walkthrough of how you can Prevent Users From Installing Printer Drivers using Intune. This security setting determines who is allowed to install a printer driver as part of connecting to a shared printer. For a computer to print to a shared printer, the driver for that shared printer must be installed on the local computer.

It may be appropriate in some organizations to allow users to install printer drivers on their own workstations. However, in a high security environment, you should allow only Administrators, not users, to do this, because printer driver installation may unintentionally cause the computer to become less stable. A malicious user could install inappropriate printer drivers in a deliberate attempt to damage the computer, or a user might accidentally install malicious software that masquerades as a printer driver.

Here you will see the steps to create a policy to prevent users from installing printer drivers. When you create the policy, it creates a device configuration profile. You can then assign or deploy this profile to devices in your organization. You can learn more –

Patch My PC


Only Administrators will be able to install a printer driver as part of connecting to a shared printer. The ability to add a local printer will not be affected.

Prevent Users From Installing Printer Drivers using Intune

Let’s follow the below steps to Prevent Users From Installing Printer Drivers using Intune –

Configuration Profiles - Create Profile
Configuration Profiles – Create Profile

In Create Profile, Select Platform, Windows 10, and later and Profile, Select Profile Type as Settings catalog. Click on Create button.

1E Nomad
Intune Configuration Profiles – Select Platform, Profile type
Intune Configuration Profiles – Select Platform, Profile type

On the Basics tab, enter a descriptive name, such as Prevent Users From Installing Printer Drivers. Optionally, enter a Description for the policy, then select Next.

Create Profile – Enter Name, Description for profile setting
Create Profile – Enter Name, Description for profile setting

In Configuration settings, click Add settings.

In Configuration settings, click + Add settings.
In Configuration settings, click + Add settings

On the Settings Picker windows, Select Local Policies Security Options to see all the settings in this category. Select Devices Prevent Users From Installing Printer Drivers When Connecting To Shared Printers below. After adding your settings, click the cross mark at the right-hand corner to close the settings picker –

Note – In policy, use the search box to find specific settings. You can search by category or a keyword, such as Installing Printer Drivers. It will display all the related settings available.

Settings picker - Local Policies Security Options
Settings picker – Local Policies Security Options

The setting is shown and configured with a default value. Set Devices Prevent Users From Installing Printer Drivers When Connecting To Shared Printers to Enabled, Click Next.

Devices Prevent Users From Installing Printer Drivers When Connecting To Shared Printers – This security setting determines who is allowed to install a printer driver as part of connecting to a shared printer. If this setting is enabled, only Administrators can install a printer driver as part of connecting to a shared printer. If this setting is disabled, any user can install a printer driver as part of connecting to a shared printer. This setting does not affect the ability to add a local printer, Administrators.

Devices Prevent Users From Installing Printer Drivers When Connecting To Shared Printers - Enabled
Devices Prevent Users From Installing Printer Drivers When Connecting To Shared Printers – Enabled

Under Assignments, In Included groups, click Add groups and then choose Select groups to include one or more groups. Click Next to continue.

Assignments – Select groups to include
Assignments – Select groups to include

In Scope tags, you can assign a tag to filter the profile to specific IT groups. Add scope tags (if required) and click Next.
In Review + create, review your settings. When you select Create, your changes are saved, and the profile is assigned.

Review + Create Configuration settings
Review + Create Configuration settings

A notification will appear automatically in the top right-hand corner with a message. Here you can see, Policy “Prevent Users From Installing Printer Drivers” created successfully. The policy is also shown in the Configuration profiles list.

Policy "Prevent Users From Installing Printer Drivers" created successfully
Policy “Prevent Users From Installing Printer Drivers” created successfully

Your groups will receive your profile settings when the devices check-in with the Intune service. Once the policy applies to the devices, Only Administrators will be able to install a printer driver as part of connecting to a shared printer. The ability to add a local printer will not be affected.

Author

About Author -> Jitesh has over 5 years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus area is Windows 10 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.