How do I disable remote printers using group policy
Solution 1:
RDP printer sharing is on by default in remote desktop, unfortunately:
The printer redirection feature is enabled by default in Windows XP Professional when you enable Remote Desktop. To disable it, use Terminal Services Group Policies. Use Remote Desktop Connection to disable printer redirection on an individual computer. On the Local Resources tab, clear the Printers check box.
So, you have to edit the Terminal Services Group Policy .. but this requires that the Group Policy Management Console be installed. Apparently it is an add-in for Windows Server 2003, but an off-by-default part of the install for Windows Server 2008.
Apparently you can also use the local Group Policy Editor like so:
- Click Start, and then click Run.
- In the Open box, type mmc, and then click OK.
- On the File menu, click Add/Remove Snap-in.
- Click Add.
- Under Available Stand-alone Snap-ins, click Group Policy, and then click Add.
The relevant section to edit is documented here.
Computer Configuration\Policies\Administrative Templates\ Windows Components\Terminal Services\ Terminal Server\Printer Redirection
Solution 2:
Within your group policy object, go to Computer Configuration - Windows Components - Terminal Services - Client/Server data redirection - "Do not allow client printer redirection". Set it to Enabled.
If you don't see the section in your group policy object, you may have to manually add the system.adm template to the policy first.
*Edit: I should also probably add that this group policy should be applied to the server, not on the client. And you can do it using the local group policy object if the server isn't actually in a domain.
Solution 3:
For Windows 2008 R2 this is under Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Printer Redirection on the managment console snap in.