Windows 7 / Getting Started

---

Configuring Package Point and Print Restrictions

Windows XP SP1 and Windows Server 2003 introduced the following Group Policy setting:

User Configuration\Policies\Administrative Templates\Control Panel\Printers\Point And Print Restrictions

This policy setting controls the servers to which a client computer can connect for Point and Print. A new feature of this policy setting for Windows 7 and Windows Vista is the ability to control the behavior of UAC prompts when installing printer drivers on Windows Vista computers using Point and Print. This policy setting applies only to non- Print Administrators clients and only to computers that are members of a domain.

Controlling the behavior of security prompts using the Point And Print Restrictions policy setting when installing printers using Point and Print

When you enable the policy setting, the client is restricted to only Point and Print to a list of explicitly named servers. You can configure Windows 7 and Windows Vista clients to not show security warnings or elevation prompts when users Point and Print or when drivers for printer connections need to be updated.

If you do not configure the policy setting:

• Windows XP and Windows Server 2003 client computers can point and print to any server in their forest.
• Windows Vista and later client computers can point and print to any server.
• Windows Vista and later computers will show a warning and an elevation prompt when users point and print to any server.
• Windows Vista and later computers will show a warning and an elevation prompt when a driver for an existing printer connection needs to be updated.

If you disable the policy setting:

• Windows XP and Windows Server 2003 client computers can point and print to any server.
• Windows Vista and later client computers can point and print to any server.
• Windows Vista and later computers will not show a warning or an elevation prompt when users point and print to any server.
• Windows Vista and later computers will not show a warning or an elevation prompt when a driver for an existing printer connection needs to be updated.

Note that the Users Can Only Point And Print To Machines In Their Forest setting applies only to Windows XP SP1 (and later service packs) and Windows Server 2003.

In addition to this updated Point And Print Restrictions policy setting, Windows 7 and Windows Vista include two new policy settings related to Point and Print:

• Only Use Package Point And Print This policy restricts clients' computers to use Package Point and Print only. If you enable this setting, users will only be able to point and print to printers that use package-aware drivers. When using Package Point and Print, client computers will check the driver signature of all drivers that are downloaded from print servers. If you disable or don't configure this setting, users will not be restricted to Package Point and Print only.
• Package Point And Print - Approved Servers Restricts Package Point and Print to approved servers. If you enable this setting, users will only be able to use Package Point and Print on print servers approved by the network administrator. When using Package Point and Print, client computers will check the driver signature of all drivers that are downloaded from print servers. If you disable or don't configure this setting, Package Point and Print will not be restricted to specific print servers.

In Package Point and Print, the complete driver package is put in the driver store on the Windows 7 or Windows Vista client computer. All files in the printer driver are installed on the client, and the installation process ensures that the package is digitally signed properly before adding it to the store. This result is a more secure form of Point and Print than found on previous versions of Windows.

Note Printing from Windows Vista and later versions to print servers running earlier versions of Windows uses legacy Point and Print.