Windows 7 Device Installation without Administrator Privileges

Supporting mobile workers is always a little tricky.  Whilst you need them to be able to work effectively, you don’t always want to grant them enough system access that they can break things whilst on the other side of the world where you can’t help them.

One of the big requirements for administrative access to systems is the ability to install new devices such as printers.  Windows has supported non-admin installation of drivers for years, but with the big caveat that the drivers are signed.  If they’re not then it won’t work, and often the manufactures don’t bother going through the time and expense.

Fortunately Windows 7 offers some help here by allowing you to point the system at Windows Update for driver installations.  When a device is plugged in Windows will check for appropriate drivers on the local disk (these can of course be pre-populated) and then if it can’t find any search Windows Update.

We’ve tested it with a few devices here, and whilst not everything is on Windows Update, it would seem that the majority of newer printers and devices are.  At the very least it’s a huge expansion of the drivers included out-the-box.

You can also search the Windows Update catalog so check whether certain devices are covered, and download those drivers manually.  I’ve not tried it, but I suspect that might also be useful should only Vista drivers be available.

image

Anyway, so how do you set this up?  Well there are two Group Policies that you need to set:

Computer Configuration > Policies > Administrative Templates > System > Device Installation >  Specify search order for device driver installation source locations = Enabled: Search Windows Update Last

This tells Windows to search locally for drivers, then search Windows Update for a compatible driver if none are found

Computer Configuration > Policies > Administrative Templates > System > Driver Installation > Turn off Windows Update device driver search prompt = Enabled

This removes the choice for an administrator to specify searching Windows Update and sets Windows to search Windows Update by default (given the search order specified above).  If this isn’t set the user is prompted to enter administrative credentials before searching Windows Update

Leave a comment

Leave a Reply