We recently went to upgrade our W2K workstations to
Windows XP to "reduce adminstration" and "save money."
Unfortunately, we found that Xp SP1 has this point and
print restriction set whereas a non-administrative or
Power User cannot download a print driver from the server
if the server is not in the list of approved domains.
Unfortunately, this is a GPO setting, and not everyone
has yet completed the conversion to AD. Has anyone else
run into this and how can we overcome this in a non-AD
domain?

If you deploy with XP RTM with all security updates you will not hit this
issue

With NT4 domains, the problem will be fixed once XP SP2 is released.

Give the Power Users Load Driver Privilege in order to allow them to add the
connection

more info from previous posts.
-------
This policy is in affect on XP SP1 clients (and Server 2003 ). . The
policy
impacts installing a printer driver.

If you have an NT4 based domain, this policy will not work properly until
clients are XP with SP2.

If the driver is preinstalled on the client, then the user can connect. If
the driver exists in the client's driver.cab then the spooler will install
this driver rather than copy the driver from the server.

You can add the users to the Power Users group, and add the Load and unload
driver privilege to this group rather than give the users admin rights.
----------
There is a policy on XP SP1 that prevents true connections to "untrusted"
(not in the same domain forest) servers. Since the HP driver is in
the driver.cab file on the client, the driver is added from the local
client rather than copying the driver from the server.

http://support.microsoft.com/default.aspx?scid=kb;en-us;319939
Description of the Point and Print Restrictions Policy Setting in Windows
Server 2003 and Windows XP


a.. By default, this policy setting is not configured. If you do not
configure this policy setting, users cannot download Point and Print drivers
from computers that are not in their Active Directory forest. The result of
not configuring the setting is the same as enabling the policy and setting
it to Users can only Point and Print to machines in their Forest.


The issue you are experiencing is fixed on XP SP2

The issue is that LookupAccountName does not work for machine accounts on
NT4 hosted Domains









--
Alan Morris
Windows Printing Team
Search the Microsoft Knowledge Base here:
http://support.microsoft.com/default.aspx?scid=fh;[ln];kbhowto

This posting is provided "AS IS" with no warranties, and confers no rights.

"JohnM" > wrote in message
...
> We recently went to upgrade our W2K workstations to
> Windows XP to "reduce adminstration" and "save money."
> Unfortunately, we found that Xp SP1 has this point and
> print restriction set whereas a non-administrative or
> Power User cannot download a print driver from the server
> if the server is not in the list of approved domains.
> Unfortunately, this is a GPO setting, and not everyone
> has yet completed the conversion to AD. Has anyone else
> run into this and how can we overcome this in a non-AD
> domain?