🖨️ Deploying Printer Drivers to Intune-Managed Devices: A Complete Guide
Managing printers in a modern, cloud-first environment can be challenging — especially when dealing with devices that no longer rely on traditional on-premises Group Policy or print servers. Many administrators are now turning to Microsoft Intune to deploy both printer drivers and printer mappings using Win32 app packages and PowerShell scripts.
A Reddit thread on this topic provided valuable insights from experienced Intune administrators who’ve successfully tackled this problem. Here’s a full breakdown of the approaches, tools, and lessons learned.
💡 The Problem
The original poster was struggling to deploy printer drivers to Intune-managed Windows devices. Their organization still had a traditional on-prem print server, but Intune-managed devices weren’t able to automatically pull drivers when connecting to shared printers.
They attempted to package the printer driver as a Win32 app in Intune but weren’t sure if it was a supported or reliable method.
This sparked a discussion among IT professionals who shared real-world solutions for deploying and managing printers in hybrid and cloud-only environments.
🧩 Key Community Insights and Solutions
1. Use PowerShell with Win32 Apps for Direct Printer Deployment
Several users confirmed that the most reliable modern approach is to bypass the print server and deploy printers directly to the devices using PowerShell scripts packaged as Win32 apps.
This method works by:
- Installing the printer driver locally on the device.
- Creating a TCP/IP port or connecting to a network-shared printer.
- Adding the printer using either WMI, PrintManagement, or legacy
prnmngr.vbscommands.
Example Workflow:
- Package the printer driver INF files and PowerShell script together using IntuneWinAppUtil.exe.
- Deploy the package as a Win32 app in Intune.
- The PowerShell script installs the driver and adds the printer silently.
Example Script Snippet:
$DriverName = "HP Universal Printing PCL 6"
$PortName = "IP_10.0.0.55"
$PrinterIP = "10.0.0.55"
$PrinterName = "Office_Printer"
# Add printer port if not present
if (-not (Get-PrinterPort -Name $PortName -ErrorAction SilentlyContinue)) {
Add-PrinterPort -Name $PortName -PrinterHostAddress $PrinterIP
}
# Add driver
Add-PrinterDriver -Name $DriverName
# Add printer
if (-not (Get-Printer -Name $PrinterName -ErrorAction SilentlyContinue)) {
Add-Printer -Name $PrinterName -DriverName $DriverName -PortName $PortName
}
# Set as default printer
Set-Printer -Name $PrinterName -IsDefault $true
This method works consistently on cloud-managed or hybrid-joined devices, giving admins full control over printer deployment.
2. Deploy Drivers and Printers Separately for Reliability
For simpler setups (e.g., a single printer per site), users recommend separating driver and printer deployment into two Win32 apps:
- App 1: Installs the printer driver using PowerShell.
- App 2: Maps the printer to users or devices using another script.
You can configure dependencies in Intune so that the printer mapping script only runs after the driver installation completes. This prevents errors where the system tries to add a printer before the required driver is available.
✅ Benefit: Simplifies troubleshooting — if the driver fails, you can fix or redeploy it independently from the printer mapping.
3. Automate Removal of Old Printers
Another helpful suggestion was to include logic in your PowerShell script to remove outdated or duplicate printers before adding new ones.
This avoids clutter from previous configurations and ensures users always get the correct printer.
Example Script Add-on:
$OldPrinters = @("OldPrinter1", "OldPrinter2")
foreach ($p in $OldPrinters) {
if (Get-Printer -Name $p -ErrorAction SilentlyContinue) {
Remove-Printer -Name $p
}
}
Including cleanup steps in your deployment scripts can prevent user confusion and reduce helpdesk calls related to wrong default printers or offline queues.
4. Use On-Prem Print Server Only if Necessary
Some admins cautioned that using a print server for Intune-managed devices adds complexity, especially if devices aren’t domain-joined.
If your organization still relies on a print server, you’ll need to handle authentication and driver distribution differently.
One user suggested checking PaperCut’s Intune deployment documentation, which includes scripts and MSI installers that automate connecting users to managed print queues in hybrid scenarios.
However, most commenters agreed:
“If you can avoid the print server — do it. Direct network printing through Intune and PowerShell is cleaner, faster, and more predictable.”
5. Handle “Sysnative” and “PrintNightmare” Issues
When packaging printer drivers, one recurring technical problem mentioned was file path mismatches and UAC elevation issues.
- The
sysnativefolder is a redirection path used by 32-bit scripts running on 64-bit Windows systems.
When referencing system scripts likeprnmngr.vbsorprndrvr.vbs, always use:C:\Windows\SysNative\Printing_Admin_Scripts\en-US\instead ofSystem32, to avoid “file not found” errors when Intune runs scripts in 32-bit mode. - PrintNightmare security updates (CVE-2021-34527) introduced restrictions requiring admin privileges to install or update printer drivers.
Make sure your PowerShell script runs in System context (using Intune’s Win32 app install behavior = System) or uses Endpoint Privilege Management (EPM) if deployed in a user context.
6. Reference Trusted Community Guides
The thread also linked two high-quality resources that walk through end-to-end printer deployments with Intune:
- MSEndpointMgr: Install Network Printers with Intune Win32 Apps & PowerShell
- Call4Cloud: Guides on advanced printer driver packaging, troubleshooting “access denied” issues, and handling silent installations after PrintNightmare updates.
Both sources include example scripts, detection rules, and driver packaging tips — ideal for building your own reusable deployment system.
⚙️ Best Practices for Intune Printer Deployment
- Test scripts locally before converting to
.intunewin. - Use relative paths and
$PSScriptRootin PowerShell scripts for portability. - Always run scripts as SYSTEM to ensure driver install privileges.
- Create proper detection rules in Intune (e.g., verify existence of printer name or driver INF).
- Monitor deployment logs using:
C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\IntuneManagementExtension.log - Implement rollback logic for error handling or partial installs.
🧩 Summary Table
| Approach | Method | Recommended For | Notes |
|---|---|---|---|
| PowerShell + Win32 app | Direct printer deployment | Cloud-only or hybrid devices | Most flexible; supports TCP/IP and driver installs |
| Two-step deployment | Driver + Printer separately | Multi-printer environments | Use dependencies in Intune |
| Print server + script | Traditional printing model | Legacy setups | Requires hybrid configuration |
| PaperCut or RMM tools | Automated client deployment | MSPs and managed tenants | Simplifies monitoring |
| Graph API monitoring | Status verification | Advanced reporting | Optional enhancement |
