Good day,
I have seen a number of similar questions to mine in the Forums and even with many answered I do not see any covering precisely what I need. I suspect that the official answer is simply 'NO' with all the dancing around I see present in the past answers, but I want to be certain I did not miss something so here goes.
What I am looking to do is the following: Allow users to connect to our Windows 2008 and 2008R2 Remote Desktop Servers and redirect their printers constraining them to use only drivers that have been preinstalled into the OS by admins(Including Universal drivers), or immediately fall back to TS EasyPrint without grabbing inbox drivers or permitting any user installation of signed or 'validated' drivers.
With as many stability problems as RDT/TS has had related to spooler issues I am surprised to see that this is not the default behaviour, and even more surprised that this does not seem to be easily implemented. Since many of the packaged INBOX drivers in Windows do not seem to be TS/RDS friendly, it seems reasonable to assume that after nearly a decade of spooler issues in TS/RDS this should have been addressed in a simple fashion. The answers on the forums and blogs give me the impression that it has not. I see a lot of excellent work has gone into process isolation for the spooler, but even that great idea seems like addressing the fault rather than preventing it.
So for the question: Is there a way to allow users to have printer redirection and also prevent them from installing ANY drivers that are not preloaded in a TS/RDS server by admins ?
Those of you from Microsoft can think of this as a product suggestion, a policy that actually restricts driver installation (but not driver usage if already installed) seems the best solution. The code that handles printer mapping would simply need to look for the policy and skip scanning INBOX drivers for non admin user tokens.. I suppose if one wanted to 'hack' at the windows installation one could use the existing policies combined with the physical removal of the inbox drivers, but kludges like that really should not be necessary (and could cause problems or be obviated by updates or service packs).
Any opinions or suggestions on this are appreciated.
Thanks in advance !
Dave
