Windows 10

Deploy a Printer with RMM

Intro

Deploying a printer in Windows with PowerShell is easy with a little scripting but there are some things to understand first so let’s go over it.

Print Drivers and User Profiles

1. Printers Installed Per User Profile in Windows

  • In Windows, printers are generally installed per user profile. This means that if you install a printer for User A, it will not be available to User B unless it is installed under SYSTEM context or with elevated permissions.

Driver Installation via Wizard vs. Vendor Installer

2. Manual Installation vs. Vendor Installer

  • When installing a printer driver manually through Windows’ built-in wizard or using a vendor-provided installer, the context in which the installation occurs is important:
    • If installed by a standard user, the printer may only be available for that user.
    • Elevation to administrator or SYSTEM permissions is often required to make the printer available to all users.

RMM Agents and SYSTEM Permissions

3. Remote Monitoring and Management (RMM) Tools

  • RMM tools like Datto RMM typically execute commands under the SYSTEM context. This has a major benefit:
    • When a printer driver installation is executed under SYSTEM permissions, it will install the printer and make it available to all users who log into the system.
    • SYSTEM has access to all user profiles, meaning the printer will be universally available on that machine once the installation is complete.

Security Considerations and Vulnerabilities

4. Security Risks of SYSTEM-Level Printer Drivers

  • While installing a printer under SYSTEM context makes it available to all users, there are security considerations:
    • If the printer driver installed under SYSTEM permissions has security flaws, these vulnerabilities could be exploited across all user profiles.
    • This is particularly concerning if the printer manufacturer is not regularly updating or patching their drivers for known security issues, as it could expose the entire system to a larger attack surface.

Preparing the Driver Package

These instructions are specifically for the Brother MFC-L3770CDW series printer, but the general process should be very similar for other printer brands and models. The key steps outlined below—downloading the driver, extracting the necessary files, and creating an archive for deployment—will apply across various printers. You will just need to adjust for the specific printer model and driver files for the printer you’re working with.

Step 1: Download the Printer Driver

1. Download the driver package

  • Go to the provided download link for the Brother printer driver.
  • Look for the package titled “Add Printer Wizard Driver” and download it to your local machine.

Step 2: Extract the Driver Files

2. Run the downloaded installer or use 7-Zip

  • After the download is complete, locate the file named “Y17E_C1-hostm-D1.exe”.
  • Option 1: Run the installer:
    • Double-click to run the installer. It will extract the contents to a folder in the same directory.
  • Option 2: Use 7-Zip (Alternative method):
    • If you prefer not to run the installer directly, you can use 7-Zip to extract the files:
      1. Right-click on “Y17E_C1-hostm-D1.exe”.
      2. Select 7-Zip > Extract to “Y17E_C1-hostm-D1”.
      3. This will extract the contents into a folder named “Y17E_C1-hostm-D1”.
  • Regardless of the method, the extracted folder will contain several .inf driver files related to the printer.

Step 3: Review the Driver Files

3. Identify the correct .inf file

  • Open each .inf file in the extracted folder using Notepad to check the file contents.
  • Look for the “Function” section near the top of each file to understand its purpose.
  • You should identify:
    • A .inf file for USB use.
    • A scanner driver for USB/LAN use.
    • A PlugAndPlay driver, which is the one you need to install for TCP/IP use. This driver is typically named something like “BRPRC17A.inf”.

Step 4: Record the Driver Name

4. Note the correct “DriverName”

  • Open the BRPRC17A.inf file (the PlugAndPlay driver) and find the section containing the DriverName.
  • Record the exact DriverName for the printer. In this example, it would be “Brother MFC-L3770CDW series”.
  • Important: If you do not record the correct driver name, the script will fail when attempting to create the printer port.

Step 5: Create a ZIP Archive of the Driver Files

5. Create a .ZIP archive

  • You cannot just copy the .inf file; you also need to include any associated files, such as .cat files and other files in the folder, for the installation.
  • Select all the files from the extracted folder and create a .ZIP archive.
  • This will bundle all necessary files for the printer installation in one compressed archive.

Step 6: Plan the Location for Extraction

6. Choose where to extract the files

  • Before running any scripts, decide where the extracted driver files will be located on the remote Windows host.
  • The script will point to this location to access the driver files.
  • Make sure the chosen location is accessible to the script during execution (e.g., C:\Windows\LTSvc\Printers\Brother MFC-L3770CDW series).

PowerShell Script

Here is the script I use for ConnectWise Automate below. ConnectWise Automate is different in that you have to copy the driver package to your LTShare then pull it down in your script first via “File Transfer (Forced)” option.

PowerShell
# Define the path where printer driver files are stored
$DriverPath = "C:\Windows\LTSvc\Printers"

# Extract the Brother printer driver from the ZIP file into a folder under $DriverPath
Expand-Archive -LiteralPath "$DriverPath\Brother-MFC-L3770CDW-series.zip" -DestinationPath "$DriverPath\Brother-MFC-L3770CDW-series"

# Install the printer driver using the specified .INF file (this file defines the driver installation details)
PnPUtil /Add-Driver "$DriverPath\Brother-MFC-L3770CDW-series\BRPRC17A.INF" /Install

# Add a new printer port with a static IP address (this is where the printer is located on the network)
Add-PrinterPort -Name "10.0.1.20_IP" -PrinterHostAddress "10.0.1.20"

# Search for the installed driver (using the .INF file) and save the driver file path to the variable $InfPath
Get-WindowsDriver -All -Online | Where-Object {$_.OriginalFileName -like '*BRPRC17A.INF'} | Select-Object -ExpandProperty OriginalFileName -OutVariable InfPath

# Display the contents of the .INF file (this file contains the driver installation details)
Get-Content -Path $InfPath

# Add the printer driver to Windows using the specified .INF file path
Add-PrinterDriver -Name "Brother MFC-L3770CDW series" -InfPath $InfPath

# List all installed printer drivers (to confirm the printer driver was successfully added)
Get-PrinterDriver

# Add the printer to the system, specifying the driver, printer name, and port
Add-Printer -DriverName "Brother MFC-L3770CDW series" -Name "(Tech Floor) Brother MFC-L3770CDW" -PortName "10.0.1.20_IP"

# Clean up by deleting the downloaded ZIP file (no longer needed)
Remove-Item -Path "$DriverPath\Brother-MFC-L3770CDW-series.zip" -Force

# Remove the extracted driver folder (no longer needed)
Remove-Item -Path "$DriverPath\Brother-MFC-L3770CDW-series" -Recurse -Force

For Datto RMM, it will pull down the driver package you attach in the script to the script directory which is a unique identifier generated on run, and you can reference it in your file paths with the following below.

PowerShell
$ExecutingScriptDirectory = Split-Path -Path $MyInvocation.MyCommand.Definition -Parent

Conclusion

Well, that’s about it. Remember, once installed all user accounts will be able to see the printer since it’s installed with SYSTEM permissions. I have used this method to deploy various models and brands of printers. When a user calls-in asking for a printer I just deploy the job with RMM and it’s done in minutes. I don’t even need to remote on and bother the user.

/0 Comments/by
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *