Erratic operation of Print Server

Question

I volunteer for a small non-profit that has a domain under Windows 2019 Standard server. Print Server has been added as a role. Group Policy has been configured to allow domain users to add and remove printers.

Server 2019 was preceded by Server 2008, under which printers on the print server could be added and removed by any domain user -- the print server thus worked splendidly under Server 2008.

Under Server 2019, it simply doesn't work.

All of our workstations are under Windows 10, either 32 or 64 bit, either version 20H2 or 21H2. The anti-virus is Windows Defender. All of our domain users are in the same OU. All of the workstations are Dells of various vintages.

I attempted installation of 3 print server printers, which I'll call HP1, HP2 and B1, on 4 workstations, which I'll call A, B, C and D. On A, all 3 printers could be installed by a domain user. On B, only HP1 could be installed. On C, only B1 could be installed. On D, only HP1 and B2 could be installed.

When installation failed, it was always due to the same error:

Error #740

Pressing the details buttons revealed error 0x000002e4, the requested operation requires elevation.

There were no distinctive differences between the workstations.

I researched error 740 and found this article, which did not include a solution:

Windows: Shared Printer Cannot Be Added (Error 740)

I am unable to get the Print Server to operate as designed on all the workstations.

Does anyone have a suggestion?

best regards, Andy

Answer 1

FOA, thanks for your reply.

Yes, all roles are on a single physical machine. I don't need to run as admin to install all the printers on all the workstations, just certain printers on certain workstations. It's not clear to me why the workstations behave so differently. If one workstation can permit all three printers to be installed from the Print Server, why not every workstation? What should I monitor to figure out what the problem is?

best regards, Andy

Answer 2

Hello @Andrew Aronoff

You can control this with 2 different policies:

1st: You need to "unlock" the regular users: Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options. Find the policy Devices: Prevent users from installing printer drivers. (set to Disable)

2nd: Allow non-administrators to install drivers for these device setup classes in the GPO section Computer Configuration > Policies > Administrative Templates > System > Driver Installation.

Enable the policy and specify the device classes that users should be allowed to install. Click the Show button and in the appeared window add two lines with device class GUID corresponding to printers:

Class = Printer {4658ee7e-f050-11d1-b6bd-00c04fa372a7};
Class = PNPPrinters {4d36e979-e325-11ce-bfc1-08002be10318}.

Reference to the full list of classes: https://learn.microsoft.com/en-us/windows-hardware/drivers/install/system-defined-device-setup-classes-available-to-vendors?redirectedfrom=MSDN

Hope this helps with your query,

------
--If the reply is helpful, please Upvote and Accept as answer--

Answer 3

Thanks for your reply.

As I stated in my first message, "Group Policy has been configured to allow domain users to add and remove printers." Later in the message, it was stated that on one workstation, "all 3 printers could be installed by a domain user." On other workstations, either one or two printers could be installed by a domain user.

So, domain users are able to install one, two or all three printers on a given workstation due to the changes that were made to Group Policy. (The two changes you listed and a third involving the disabling of Point and Print restrictions.) If a domain user cannot install a particular printer on that workstation, no other domain user can, either.

I'm trying to find out why all of the printers on the print server cannot be installed by any domain user on any workstation. Of course, that's how the print server should work.

regards, Andy

Answer 4

Do you mean adding printers to the server or adding connections to the shared printers ?

The new Windows requirement is that client systems require administrative rigtts to install the software from the server. The software is the print driver.

If the clients are not admin, the default Windows behavior is to prevent the connection creation.

Answer 5

Hi, TheAlanMorris,

Adding printers to the print server is done with a domain admin account on the server. Once the printers are listed in active directory, those printers can be installed and uninstalled by any domain user, not just admins, provided the appropriate changes have been made to Group Policy. This works in Server 2008 and, for now, it works for some printers on each workstation in Server 2019. (As I've already posted, on one workstation it works for all 3 of our printers, on another it works for 1 printer and on a third it works for 2 printers. I stopped my trials at that point.) I'm trying to find out how to get it to work for all printers listed in active directory on all workstations joined to the domain.

regards, Andy