If a user attempts to map the print queue natively (e.g. Start>Run \\printserver\printqueue) the following warning is displayed '‘Do you trust this printer?’ Windows needs to download and install a software driver from the <Print queue server name> computer to <Print queue description>. Proceed only if you trust the <Print queue server name> computer on the network’.
The driver is installed after accepting this warning.
Environment Manager logging will show error code 5, result failed,with access denied. This will be against the map printer action.
The Point and Print Restrictions policy stops drivers being installed from remote servers that are not part of a digitally signed printer driver package. This causes the ‘Do you trust this printer?’ warning. The message will not be displayed when the mapping takes place as part of an Environment Manager policy ‘Map Printer’ action.
The ideal solution is for the print drivers for the client estate to be pre-installed on the client endpoints. Where this is not possible the following options are available:
The Point and Print Restrictions policy can be controlled with the Group policy ADMX setting. This is detailed in the following MS TechNet article. Note that the policy should be amended within the Computer Configuration & User configuration policy if the estate has client devices that are running anything before Windows 7.
An ideal alternative is using Environment Manager policy Set Registry value actions to set the following REG_DWORD values in the key: HLKM\software\Microsoft\Windows NT\Printers\PointAndPrint
InForest = 0
Restricted = 0
TrustedServers = 0
Similarly, the setting should also be amended in HKCU\software\Microsoft\Windows NT\Printers\PointAndPrint if the estate has client devices that are running anything before Windows 7.
This has the effect of disabling the policy, resulting in the message not being displayed and the map printer action working as expected.