Last Updated on March 20, 2023 by rudyooms

After reading a question on the Technet community about how to deploy printers with a printer driver to Azure Ad joined devices, I realized I only created a blog about the wonderful Microsoft Universal Cloud Print solution but none to install Printers and their drivers without using Printix or Microsoft its solution

I will divide this blog into multiple Parts/options to deploy your printers.

1. Introduction
2. Installing Printers and Drivers with the PnPutil
3. Installing All Printers and Drivers with Printbrm.exe
4. Install HP Printers with the Universal Printer Driver.
5. Install Printer Drivers with PrnDrvr.vbs
6. PowerShell Execution Policy
7. But What About the Printer Configurations?

1. Introduction

Of course, transforming to a modern workplace will also mean you need to do something with your existing Print solution. One of the best solutions would probably be to start using the Microsoft Universal Print solution. In one of my first blogs, I was telling you how you could configure this and what my wishes were for this fantastic product:

But what, if you don’t have the possibility to migrate your printers to this solution right away? I know how it works! A customer calls and he/she suddenly wants to deploy a new printer to all of their devices and they don’t want to hear they need to move their printers to cloud-based solutions first. So what can you do? Telling the customer: No No?

The best option would be to install the printer first and arrange a meeting with the customer to urge them to move their printers to a cloud-based solution.

So, for now, the printer has to be installed. Are we letting the customer do this manually as I showed you in this blog? P.S I am also showing you how to solve the Printer Nightmare issue in this blog

Or will we make sure the Printer and drivers are installed without any user interaction?

2. Installing Printers and Drivers with PnpUtil

In this option, we are going to use the PnPutil tool to “Stage” the Printer Driver to the Windows Driver Store. The driver needs to be “staged” (Copied to the Driver Store AKA /Add-driver) before we can make use of it to install the printer driver (Add-PrinterDriver). After we have staged and installed the required drivers, we can install the printer itself!

Let’s start with downloading the driver first, so we can begin!

Step 1: Download the driver

In this example, I want to deploy a Toshiba printer, so I downloaded the Universal printer drivers from Toshiba first and placed them inside the folder c:\intune\toshiba

After the zip file finished downloading, I extracted the whole zip file to start searching for the inf file (installation file) After I found the correct folder with the inf file in it, I copied it to the whole folder to c:\intune\toshiba\

To be 100% sure I had all the files needed, I moved this whole folder inc all the content to the c:\intune\toshiba root folder. When you don’t want to copy all of the content, you could check out the inf file and search for: “SourceDisksNames“

As shown above, it will tell you which additional files you need.

Please note, that you always need to have the *.Inf file (installation file with driver information) and the *.cat file (security catalog to determine if it’s a valid signed driver). So next to the inf and cat file you will need that *.cab file

I renamed the folder that I copied earlier, to one with some fewer characters. I decided to just rename the folder to drivers. I guess that name says it all and it’s way shorter..

Step 2: Creating the Install script

Before we can create the installation script we need to have some additional information. So again, open the *.inf file in the folder you extracted earlier.

We need to have the exact Printer Driver’s Name. As shown above, it was an easy find! So let’s build the install.ps1 PowerShell script. Before I continue I need to add an additional Note:

Please Note: do not change the Sysnative folder to System32! I am explaining that part below the script

Install.ps1

###############################
#TOSHIBA Universal Printer 2  #
################################
$PSScriptRoot = Split-Path -Parent -Path $MyInvocation.MyCommand.Definition
$drivername = "TOSHIBA Universal Printer 2"
$portName = "IP_192.168.40.251"
$PortAddress = "192.168.40.251"

###################
#Staging Drivers   #
###################
C:\Windows\SysNative\pnputil.exe /add-driver "$psscriptroot\Drivers\eSf6u.inf" /install

#######################
#Installing Drivers   #
#######################

Add-PrinterDriver -Name $drivername

##########################################################
#Install Printerport | check if the port already exist   #
##########################################################
$checkPortExists = Get-Printerport -Name $portname -ErrorAction SilentlyContinue
if (-not $checkPortExists) 
{
Add-PrinterPort -name $portName -PrinterHostAddress $PortAddress
}

####################################
#Check if PrinterDriver Exists     #
####################################
$printDriverExists = Get-PrinterDriver -name $DriverName -ErrorAction SilentlyContinue


##################
#Install Printer #
##################
if ($printDriverExists)
{
Add-Printer -Name "Toshiba HoofdKantoor" -PortName $portName -DriverName $DriverName
}
else
{
Write-Warning "Printer Driver not installed"
}

SLEEP 360

Did you notice the part where I am mentioning Sysnative instead of System32? If you want to read all about this, please read this blog:

And of course, we need to specify a nice uninstall.ps1, that’s going to be a lot easier!

Uninstall.ps1

remove-printer "Toshiba Hoofdkantoor"
SLEEP 360
remove-printerPort -Name "192.168.40.251" 

Step 3. Creating the Intunewinapp

Now we have everything we need, we need to create the intunewinapp, so download the tool and zip it as shown below:

When we have created the intunewinapp we still need to publish it. To do so, open Intune and start creating a new Win32 app with the settings I show below

Please make sure you add the “-Executionpolicy Bypass” switch. I will tell you more about the execution policy in part 6!

Detection Rules

Of course, we need to specify detection rules. We need to make sure when the printer is not installed it will be installed. The best method would be to choose a registry detection rule. But how do we know what key we must use? That’s easy… just open the registry and browse to this registry key to find your printer:

“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\“

You will notice all printers are listed here. We can use the same value as we configured in the install.ps1 as the printer name. In this example, I am using: Toshiba Hoofdkantoor

As shown above, I am making use of the “detection method“: String Comparision to find the Registry Value: “Name” and detect if it is the same as “Toshiba Hoofdkantoor”. You can check out the registry value “Name” in the registry key I mentioned above to be 100% you get it right.

Assign the win32app to the correct users/groups/devices as required (or available if you want the let the end-user install the printer themselves when they really need it )

Results:

After the Win32 App finished installing, we notice a new printer has been installed. Let’s check it out!

Looking at the printer port, it has the proper TCP/IP port attached to it

And of course, it has exactly the same printer driver which we specified to be installed!

Step 4. Finetuning

Of course, we don’t want every page to be printed in color, so change the color setting to $false to make sure you will save some money.

I will also disable the duplex option and specify the paper size in this example. You can add this part to the end of the install.ps1 script to make sure the printer settings are changed when the printer is installed.

Set-PrintConfiguration -PrinterName “Toshiba hoofdkantoor” -PaperSize A4 -color $false -duplexingmode onesided

3. Installing Printers and Drivers with Printbrm.exe

Just like PnPutil, it’s a nice built-in utility… so why not use it? A big difference with the PnPutil.exe is that with this nice tool, you can export ALL Printers and their corresponding drivers to one big Printerexport file.

printbrm.exe -B -F c:\test.printerexport

Please beware: PrintBRM is not included in the Windows PATH but will be found at c:\windows\System32\spool\tools\printbrm.exe

So when creating your PowerShell script and converting to an Intunewin App with the Printerexport, please define the full path to the PrintBRM tool! But!!!! just like we noticed with the pnputil, we need to define the Sysnative folder

c:\windows\Sysnative\spool\tools\printbrm.exe -R -F SB.printerexport

Now the only thing left for you to do is to create the IntuneWinApp and upload it to Intune! When using a Win32App we also need to make sure we define some detection rules. This time we are going to use a file detection rule and define the driver folder inside the Printer Spooler Folder on the device!

4. Install Hp Printers with the Universal Printer Driver

Someone mentioned in the comments that it’s also possible to use the HP universal printer driver (install.exe) to make sure the Printer and drivers are installed correctly.

First, you will need to download the Universal Printer Driver from the Hp website or this link.

Make sure you extract the files to a folder named HP. Now create a PowerShell script and name that one install.ps1

$PortName = "PortName"
$PortAddress = "xxx.xxx.xxx.xxx"
$NewPrinter = "PrinterName"
$checkPortExists = Get-Printerport -Name $portname -ErrorAction SilentlyContinue
if (-not $checkPortExists) {Add-PrinterPort -name $portName -PrinterHostAddress $PortAddress}

.\hp\install.exe /n "$NewPrinter" /sm "$PortName" /h /q /nd /u

Sleep -Seconds 30

The install switches are: /h = hide installer /q = Quiet no user interaction /nd = Not default /u = Don’t install driver if already present.

Convert that whole folder to an Intunewinfile (the .\hp\ folder is also included). Upload this file to Intune and make sure you configure the install command like this:

powershell.exe -executionpolicy Bypass -file .\install.ps1

Of course, with every Win32App you will need to have a detection rule…. You could set up one by using the registry to detect if the printer already exists by specifying this key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\PrinterName (change the printer name to match the one from the script)

5. Install Printer Drivers with PrnDrvr.vbs

Another cool possibility is to just use the old PrnDrvr.vbs file and combine it with Cscript. This Prndrvr.vbs can be used to install or delete a driver. This file can be found in your Printing_Admin_Scripts folder as shown below

Of course, like always before we can add the Driver, we need to add the Printer Port first, just like we did with the HP universal driver.

$PortName = "PortName"
$PortAddress = "xxx.xxx.xxx.xxx"
$NewPrinter = "PrinterName"
$checkPortExists = Get-Printerport -Name $portname -ErrorAction SilentlyContinue
if (-not $checkPortExists) {Add-PrinterPort -name $portName -PrinterHostAddress $PortAddress}

And now we can use Cscript to call upon the visual basic script file to install the driver.

cscript "C:\Windows\System32\Printing_Admin_Scripts\en-US\prndrvr.vbs" -a -m "Canon Generic Plus PCL6" -i ".\GPlus_PCL6_Driver_V250_32_64_00\x64\Driver\CNP60MA64.INF" -h ".\GPlus_PCL6_Driver_V250_32_64_00\x64\Driver" -v 3

Add-Printer -Name $newprinters -PortName $portname  -DriverName "Canon Generic Plus PCL6"

When you combine both of these scripts to one PowerShell script and add the Driver to the folder you can convert it to a nice Win32app and deploy it with Intune to your devices

6. PowerShell Execution Policy

Because I have been getting some questions about the PowerShell Execution Policy, I will try to get some stuff clarified in the PowerShell Execution policy

6.1. IntuneWinapp/Win32 App

When you have configured a new Intunewinapp/Win32App, and you want to make sure your PowerShell script is going to be executed successfully. You need to make sure this PowerShell Script is executed with the proper policy to bypass the execution policy. You can so by simply execute Powershell.exe -ExecutionPolicy ByPass -File “.\full-script-path\script.ps1”

When using this option Microsoft tells us this: “Nothing is blocked and there will be no warnings or prompts”

6.2. PowerShell Scripts

When you have deployed a new PowerShell Script to Intune the Intune Management Extension (IME) will make sure this PowerShell script is executed on the device.

The IME doesn’t require any change whatsoever to the PowerShell Execution policy on the device. The IME will take care of the correct execution of your PowerShell scripts.

6.3. Set-ExecutionPolicy at the Top!

When you have the bright idea to push a PowerShell script with a set-executionpolicy at the top of it to change the execution policy, that isn’t going to work! Because the PowerShell execution policy is checked before the script is run so changing it within the script has no value or meaning. It really sounds like the chicken and egg situation.

6.4. Changing the MachinePolicy

Also changing the execution MachinePolicy on devices with the use of a PowerShell script deployed by the IME and using Set-ExecutionPolicy is not going to work

As shown above, the PowerShell command is not able to modify the MachinePolicy. Changing the MachinePolicy for Execution Policy is only allowed with the use of a Group Policy only. (by default)

Why I am mentioning the by default? As you “could” change it with the use of Regedit as the Group Policy just equals some registry values

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell

6.5. Beware of Applocker

Also, I need to point out, that when running a PowerShell script in the user context, please beware of the fact when you have configured Applocker, all of your PowerShell scripts will be run in. Constrained Language mode.

When trying to execute a script you will get a nice error “Cannot invoke method. Method invocation is supported only on core types in this language mode.”

7. What About the Printer Configs?

That’s indeed a very good question! Until now I only showed you how you could solve the missing Drivers but now we still need to take a look at how we could export and import the Printer Configurations.

To do so we need to use Printui.exe. You can find this wonderful tool and its corresponding Dll inside the system32 folder.

To get a good understanding of all the options we have let’s open it

As shown above, this tool could easily Store And Restore its Printer settings. Now let’s try it out. In this example, I exported my Lexmark Printer Configuration with the command Printui.exe /Ss /n “Lexmark XC4140 CVB” /a “c:\temp\config.dat”

Now we have the DAT file, we could add this file to the same folder we used while Installing Printers and Drivers with PnpUtil.

With the config file in place, we could add a Driver Configuration Restore command to the PowerShell script we created to install those drivers. To restore drivers we only need to change 1 letter!

Printui.exe /Sr /n “Printer Name” /a “.\config.dat”

If you don’t want to use the Printui.exe you could also just use the corresponding Printui.DLL as shown below

rundll32 printui.dll,PrintUIEntry /Sr /n $PrinterName /a “.\config.dat” d g r

Conclusion

When migrating to a full-based cloud solution you will need to migrate your printer solutions also. Microsoft Universal Print should be your end goal but in the meantime, you could take a few baby steps and make sure some printers are still installed when necessary.